pax_global_header00006660000000000000000000000064146400476170014523gustar00rootroot0000000000000052 comment=76ee550c9d3b9f0e559f044e18136b74c167fef2 osslsigncode-2.9/000077500000000000000000000000001464004761700140715ustar00rootroot00000000000000osslsigncode-2.9/.github/000077500000000000000000000000001464004761700154315ustar00rootroot00000000000000osslsigncode-2.9/.github/workflows/000077500000000000000000000000001464004761700174665ustar00rootroot00000000000000osslsigncode-2.9/.github/workflows/ci.yml000066400000000000000000000137701464004761700206140ustar00rootroot00000000000000name: CI on: push: pull_request: env: # Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.) BUILD_TYPE: Release version: osslsigncode-2.9 jobs: build: strategy: fail-fast: false matrix: include: - id: ubuntu-24.04 triplet: x64-linux compiler: gcc os: ubuntu-24.04 generator: Unix Makefiles vcpkg_root: - id: ubuntu-22.04 triplet: x64-linux compiler: gcc os: ubuntu-22.04 generator: Unix Makefiles vcpkg_root: - id: ubuntu-20.04 triplet: x64-linux compiler: gcc os: ubuntu-20.04 generator: Unix Makefiles vcpkg_root: - id: macOS triplet: x64-osx compiler: clang os: macOS-latest generator: Unix Makefiles vcpkg_root: /usr/local/share/vcpkg cache: /Users/runner/.cache/vcpkg/archives - id: windows-x64-vs triplet: x64-windows compiler: vs arch: x64 os: windows-latest generator: Ninja vcpkg_root: C:/vcpkg cache: C:/Users/runneradmin/AppData/Local/vcpkg/archives - id: windows-x86-vs triplet: x86-windows compiler: vs arch: x86 os: windows-latest generator: Ninja vcpkg_root: C:/vcpkg cache: C:/Users/runneradmin/AppData/Local/vcpkg/archives - id: windows-x64-static-vs triplet: x64-windows-static compiler: vs arch: x64 os: windows-latest generator: Ninja vcpkg_root: C:/vcpkg cache: C:/Users/runneradmin/AppData/Local/vcpkg/archives - id: windows-x64-mingw triplet: x64-windows compiler: mingw os: windows-latest generator: Ninja vcpkg_root: C:/vcpkg cache: C:/Users/runneradmin/AppData/Local/vcpkg/archives runs-on: ${{matrix.os}} env: VCPKG_ROOT: ${{matrix.vcpkg_root}} steps: - uses: actions/checkout@v4 - name: Cache the vcpkg archives if: matrix.cache != '' uses: actions/cache@v4 with: path: ${{matrix.cache}} key: ${{matrix.id}}-${{hashFiles('vcpkg.json')}} restore-keys: | ${{matrix.id}}-${{hashFiles('vcpkg.json')}} ${{matrix.id}}- - name: Configure Visual Studio if: matrix.compiler == 'vs' uses: ilammy/msvc-dev-cmd@v1 with: arch: ${{matrix.arch}} - name: Install MSYS2 if: matrix.compiler == 'mingw' uses: msys2/setup-msys2@v2 with: update: true install: mingw-w64-x86_64-ninja - name: Put MSYS2_MinGW64 on PATH if: matrix.compiler == 'mingw' run: echo "D:/a/_temp/msys64/mingw64/bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append - name: Install apt dependencies (Linux) if: runner.os == 'Linux' run: | sudo apt-get update sudo apt-get remove needrestart || echo Ignored sudo apt-get install -y libssl-dev zlib1g-dev python3-cryptography - name: Install brew dependencies (macOS) if: runner.os == 'macOS' run: | brew install python@3.8 - name: Install Xcode (macOS) if: runner.os == 'macOS' uses: maxim-lobanov/setup-xcode@v1 with: xcode-version: latest-stable - name: Setup the oldest supported version of cmake (macOS) if: runner.os == 'macOS' uses: jwlawson/actions-setup-cmake@v2.0 with: cmake-version: '3.17.0' - name: Install python3 cryptography module (macOS) if: runner.os == 'macOS' run: | python3.8 -m ensurepip python3.8 -m pip install --upgrade pip python3.8 -m pip install cryptography - name: Install python3 cryptography module (Windows) if: runner.os == 'Windows' run: | C:/hostedtoolcache/windows/Python/3.12.3/x64/python3.exe -m ensurepip C:/hostedtoolcache/windows/Python/3.12.3/x64/python.exe -m pip install --upgrade pip C:/hostedtoolcache/windows/Python/3.12.3/x64/python.exe -m pip install cryptography - name: Configure CMake run: cmake -G "${{matrix.generator}}" -S ${{github.workspace}} -B ${{github.workspace}}/build -DCMAKE_OSX_ARCHITECTURES=arm64 -DCMAKE_BUILD_TYPE=${{env.BUILD_TYPE}} -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/dist -DVCPKG_TARGET_TRIPLET=${{matrix.triplet}} - name: Build run: cmake --build ${{github.workspace}}/build --config ${{env.BUILD_TYPE}} - name: Show python version (macOS) working-directory: ${{github.workspace}}/build if: runner.os == 'macOS' run: | python3.8 --version python3.8 -c "import sys; print(sys.executable)" python3.8 -c "import cryptography; print(f'Python3 cryptography version {cryptography.__version__}')" - name: List files (Linux/macOS) if: runner.os != 'Windows' run: find .. -ls - name: List files (Windows) if: runner.os == 'Windows' run: Get-ChildItem -Recurse -Name .. - name: Test working-directory: ${{github.workspace}}/build run: ctest -C ${{env.BUILD_TYPE}} - name: Upload the errors uses: actions/upload-artifact@v4 if: failure() with: name: errors-${{matrix.id}} path: | ${{github.workspace}}/build/Testing/Temporary/LastTest.log ${{github.workspace}}/build/Testing/conf/makecerts.log ${{github.workspace}}/build/Testing/logs/server.log ${{github.workspace}}/build/Testing/logs/port.log - name: Install run: cmake --install ${{github.workspace}}/build - name: Upload the executables uses: actions/upload-artifact@v4 with: name: ${{env.version}}-${{matrix.id}} path: ${{github.workspace}}/dist osslsigncode-2.9/.github/workflows/codeql-analysis.yml000066400000000000000000000040341464004761700233020ustar00rootroot00000000000000name: "CodeQL" on: push: branches: [ "master" ] pull_request: # The branches below must be a subset of the branches above branches: [ "master" ] schedule: - cron: '45 1 * * 2' jobs: analyze: name: Analyze runs-on: ubuntu-latest permissions: actions: read contents: read security-events: write strategy: fail-fast: false matrix: language: [ 'cpp' ] steps: - name: Checkout repository uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild uses: github/codeql-action/autobuild@v3 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun # If the Autobuild fails above, remove it and uncomment the following three lines. # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. # - run: | # echo "Run, Build Application using script" # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 osslsigncode-2.9/.github/workflows/coverity.yml000066400000000000000000000012401464004761700220520ustar00rootroot00000000000000name: Coverity Scan on: push: workflow_dispatch: jobs: coverity: runs-on: ubuntu-latest env: token: ${{secrets.COVERITY_SCAN_TOKEN}} steps: - uses: actions/checkout@v4 if: env.token - name: Get ready for scanning if: env.token run: | sudo apt-get update sudo apt-get install -y libssl-dev libcurl4-openssl-dev cmake -S ${{github.workspace}} -B ${{github.workspace}}/build - uses: vapier/coverity-scan-action@v1 if: env.token with: email: ${{secrets.COVERITY_SCAN_EMAIL}} token: ${{secrets.COVERITY_SCAN_TOKEN}} command: make -C ${{github.workspace}}/build osslsigncode-2.9/.gitignore000066400000000000000000000005411464004761700160610ustar00rootroot00000000000000build/ CMakeFiles/ _CPack_Packages/ Testing/ .vs/ CMakeCache.txt cmake_install.cmake config.h CPackConfig.cmake CPackSourceConfig.cmake CTestTestfile.cmake install_manifest.txt Makefile osslsigncode osslsigncode.exe stamp-h1 .#*# .*.bak .*.orig .*.rej .*~ #*# *.asc *.bak *.bz2 *.d *.def *.dll *.gz *.la *.lib *.lo *.orig *.pc *.pdb *.rej *.u *.rc *~ osslsigncode-2.9/CMakeLists.txt000066400000000000000000000076261464004761700166440ustar00rootroot00000000000000# required cmake version cmake_minimum_required(VERSION 3.17) # autodetect vcpkg CMAKE_TOOLCHAIN_FILE if VCPKG_ROOT is defined # this needs to be configured before the project() directive if((CMAKE_GENERATOR MATCHES "Ninja") AND DEFINED ENV{VCPKG_ROOT} AND NOT $ENV{VCPKG_ROOT} STREQUAL "" AND NOT DEFINED CMAKE_TOOLCHAIN_FILE) set(CMAKE_TOOLCHAIN_FILE "$ENV{VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake" CACHE STRING "") endif((CMAKE_GENERATOR MATCHES "Ninja") AND DEFINED ENV{VCPKG_ROOT} AND NOT $ENV{VCPKG_ROOT} STREQUAL "" AND NOT DEFINED CMAKE_TOOLCHAIN_FILE) set(BUILTIN_SOCKET ON CACHE BOOL "") # for static Python # configure basic project information project(osslsigncode VERSION 2.9 DESCRIPTION "OpenSSL based Authenticode signing for PE, CAB, CAT and MSI files" HOMEPAGE_URL "https://github.com/mtrojnar/osslsigncode" LANGUAGES C) # force nonstandard version format for development packages set(DEV "") set(PROJECT_VERSION "${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}${DEV}") # version and contact information set(PACKAGE_STRING "${PROJECT_NAME} ${PROJECT_VERSION}") set(PACKAGE_BUGREPORT "Michal.Trojnara@stunnel.org") # specify the C standard set(CMAKE_C_STANDARD 11) set(CMAKE_C_STANDARD_REQUIRED ON) # load CMake library modules include(FindOpenSSL) if(OPENSSL_VERSION VERSION_LESS "3.0.0") include(FindCURL) endif(OPENSSL_VERSION VERSION_LESS "3.0.0") include(FindZLIB) # load CMake project modules set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${PROJECT_SOURCE_DIR}/cmake") include(SetBashCompletion) include(FindHeaders) # define the target add_executable(osslsigncode) # add compiler/linker flags include(SetCompilerFlags) # create and use config.h configure_file(Config.h.in config.h) target_compile_definitions(osslsigncode PRIVATE HAVE_CONFIG_H=1) # set sources target_sources(osslsigncode PRIVATE osslsigncode.c helpers.c utf.c msi.c pe.c cab.c cat.c appx.c script.c) if(NOT UNIX) target_sources(osslsigncode PRIVATE applink.c) endif(NOT UNIX) # set include directories target_include_directories(osslsigncode PRIVATE "${PROJECT_BINARY_DIR}") # set OpenSSL includes/libraries if(NOT OPENSSL_FOUND) message(FATAL_ERROR "OpenSSL library not found") endif(NOT OPENSSL_FOUND) target_include_directories(osslsigncode PRIVATE ${OPENSSL_INCLUDE_DIR}) target_link_libraries(osslsigncode PRIVATE ${OPENSSL_LIBRARIES}) # set cURL includes/libraries if(OPENSSL_VERSION VERSION_LESS "3.0.0") if(CURL_FOUND) target_compile_definitions(osslsigncode PRIVATE ENABLE_CURL=1) target_include_directories(osslsigncode PRIVATE ${CURL_INCLUDE_DIRS}) target_link_libraries(osslsigncode PRIVATE ${CURL_LIBRARIES}) message(STATUS "cURL support enabled") else(CURL_FOUND) message(STATUS "cURL support disabled (library not found)") endif(CURL_FOUND) endif(OPENSSL_VERSION VERSION_LESS "3.0.0") if(NOT ZLIB_FOUND) message(FATAL_ERROR "Zlib library not found") endif(NOT ZLIB_FOUND) target_include_directories(osslsigncode PRIVATE ${ZLIB_INCLUDE_DIR}) target_link_libraries(osslsigncode PRIVATE ${ZLIB_LIBRARIES}) if(NOT UNIX) # https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-shutdown target_link_libraries(osslsigncode PRIVATE Ws2_32.lib crypt32.lib) endif(NOT UNIX) # add paths to linker search and installed rpath set_target_properties(osslsigncode PROPERTIES INSTALL_RPATH_USE_LINK_PATH TRUE) # testing with CTest include(CMakeTest) # installation rules for a project set(BINDIR "${CMAKE_INSTALL_PREFIX}/bin") install(TARGETS osslsigncode RUNTIME DESTINATION ${BINDIR}) if(UNIX) include(CMakeDist) else(UNIX) install( DIRECTORY ${PROJECT_BINARY_DIR}/ DESTINATION ${BINDIR} FILES_MATCHING PATTERN "*.dll" PATTERN "vcpkg_installed" EXCLUDE PATTERN "CMakeFiles" EXCLUDE PATTERN "Testing" EXCLUDE) endif(UNIX) #[[ Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: ]] osslsigncode-2.9/CMakeSettings.json000066400000000000000000000027731464004761700174760ustar00rootroot00000000000000{ "configurations": [ { "name": "x86-Debug", "generator": "Ninja", "configurationType": "Debug", "buildRoot": "${projectDir}\\out\\build\\${name}", "installRoot": "${projectDir}\\out\\install\\${name}", "cmakeCommandArgs": "", "buildCommandArgs": "", "ctestCommandArgs": "", "inheritEnvironments": [ "msvc_x86" ] }, { "name": "x86-Release", "generator": "Ninja", "configurationType": "RelWithDebInfo", "buildRoot": "${projectDir}\\out\\build\\${name}", "installRoot": "${projectDir}\\out\\install\\${name}", "cmakeCommandArgs": "", "buildCommandArgs": "", "ctestCommandArgs": "", "inheritEnvironments": [ "msvc_x86" ] }, { "name": "x64-Debug", "generator": "Ninja", "configurationType": "Debug", "buildRoot": "${projectDir}\\out\\build\\${name}", "installRoot": "${projectDir}\\out\\install\\${name}", "cmakeCommandArgs": "", "buildCommandArgs": "", "ctestCommandArgs": "", "inheritEnvironments": [ "msvc_x64_x64" ], "variables": [] }, { "name": "x64-Release", "generator": "Ninja", "configurationType": "RelWithDebInfo", "buildRoot": "${projectDir}\\out\\build\\${name}", "installRoot": "${projectDir}\\out\\install\\${name}", "cmakeCommandArgs": "", "buildCommandArgs": "", "ctestCommandArgs": "", "inheritEnvironments": [ "msvc_x64_x64" ], "variables": [] } ] }osslsigncode-2.9/COPYING.txt000066400000000000000000001045131464004761700157460ustar00rootroot00000000000000 GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The GNU General Public License is a free, copyleft license for software and other kinds of works. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS 0. Definitions. "This License" refers to version 3 of the GNU General Public License. "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. "The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. A "covered work" means either the unmodified Program or a work based on the Program. To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. 1. Source Code. The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. The Corresponding Source for a work in source code form is that same work. 2. Basic Permissions. All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. 3. Protecting Users' Legal Rights From Anti-Circumvention Law. No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. 4. Conveying Verbatim Copies. You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. 5. Conveying Modified Source Versions. You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: a) The work must carry prominent notices stating that you modified it, and giving a relevant date. b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. 6. Conveying Non-Source Forms. You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. 7. Additional Terms. "Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or d) Limiting the use for publicity purposes of names of licensors or authors of the material; or e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. 8. Termination. You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. 9. Acceptance Not Required for Having Copies. You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. 10. Automatic Licensing of Downstream Recipients. Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. 11. Patents. A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. 12. No Surrender of Others' Freedom. If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. 13. Use with the GNU Affero General Public License. Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. 14. Revised Versions of this License. The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. 15. Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 17. Interpretation of Sections 15 and 16. If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: Copyright (C) This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see . The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read . osslsigncode-2.9/Config.h.in000066400000000000000000000006231464004761700160550ustar00rootroot00000000000000/* the configured options and settings for osslsigncode */ #define VERSION_MAJOR "@osslsigncode_VERSION_MAJOR@" #define VERSION_MINOR "@osslsigncode_VERSION_MINOR@" #cmakedefine PACKAGE_STRING "@PACKAGE_STRING@" #cmakedefine PACKAGE_BUGREPORT "@PACKAGE_BUGREPORT@" #cmakedefine HAVE_TERMIOS_H #cmakedefine HAVE_GETPASS #cmakedefine HAVE_SYS_MMAN_H #cmakedefine HAVE_MMAP #cmakedefine HAVE_MAPVIEWOFFILE osslsigncode-2.9/Dockerfile000066400000000000000000000014241464004761700160640ustar00rootroot00000000000000# Stage 1: Build osslsigncode on Alpine FROM alpine:latest AS builder # Install build dependencies RUN apk add --no-cache build-base cmake openssl-dev zlib-dev # Copy osslsigncode source code into the image COPY . /source # Build osslsigncode RUN cd /source && \ mkdir -p build && \ cd build && \ rm -f CMakeCache.txt && \ cmake -S .. && \ cmake --build . && \ cmake --install . # Stage 2: Create final image without build environment FROM alpine:latest # Copy compiled binary from builder stage COPY --from=builder /usr/local/bin/osslsigncode /usr/local/bin/osslsigncode # Install necessary runtime libraries (latest version) RUN apk add --no-cache libcrypto3 # Set working directory WORKDIR /workdir # Declare volume to mount files VOLUME [ "/workdir" ] osslsigncode-2.9/INSTALL.W32.md000066400000000000000000000053511464004761700160770ustar00rootroot00000000000000# osslsigncode Windows install notes ### Building osslsigncode source with MSYS2 MinGW 64-bit and MSYS2 packages: 1) Download and install MSYS2 from https://msys2.github.io/ and follow installation instructions. Once up and running install the following packages: ``` pacman -S make mingw-w64-x86_64-gcc mingw-w64-x86_64-cmake mingw-w64-x86_64-openssl mingw-w64-x86_64-python-cryptography ``` mingw-w64-x86_64-zlib package is installed with dependencies. 2) Run "MSYS2 MinGW 64-bit" and build 64-bit Windows executables. ``` cd osslsigncode-folder mkdir build && cd build && cmake -S .. -DCMAKE_BUILD_TYPE=Release -G "MSYS Makefiles" cmake --build . --verbose ``` 3) Make tests. ``` ctest ``` 4) Run "Command prompt" and include "c:\msys64\mingw64\bin" folder as part of the path. ``` path=%path%;c:\msys64\mingw64\bin osslsigncode.exe -v osslsigncode 2.8, using: OpenSSL 3.2.0 23 Nov 2023 (Library: OpenSSL 3.2.0 23 Nov 2023) No default -CAfile location detected ``` ### Building OpenSSL and osslsigncode sources with MSYS2 MinGW 64-bit: 1) Download and install MSYS2 from https://msys2.github.io/ and follow installation instructions. Once up and running install even: perl make autoconf automake libtool pkg-config. ``` pacman -S perl make autoconf automake libtool pkg-config ``` Run "MSYS2 MinGW 64-bit" in the administrator mode. 2) Build and install OpenSSL. ``` cd openssl-(version) ./config --prefix='C:/OpenSSL' --openssldir='C:/OpenSSL' make && make install ``` 3) Configure a CMake project. ``` mkdir build && cd build && cmake -S .. -DCMAKE_BUILD_TYPE=Release -G "MSYS Makefiles" -DCMAKE_PREFIX_PATH="C:\OpenSSL" ``` 4) Run "Command prompt" and copy required libraries. ``` cd osslsigncode-folder copy C:\OpenSSL\bin\libssl-3-x64.dll copy C:\OpenSSL\bin\libcrypto-3-x64.dll ``` 5) Build 64-bit Windows executables. ``` cmake --build . --verbose ``` 6) Make tests. ``` ctest ``` ### Building OpenSSL and osslsigncode sources with Microsoft Visual Studio: 1) Install and integrate vcpkg: https://vcpkg.io/en/getting-started.html 2) Git clone osslsigncode: https://github.com/mtrojnar/osslsigncode/ 3) Build osslsigncode with GUI or cmake. Navigate to the build directory and run CMake to configure the osslsigncode project and generate a native build system: ``` mkdir build && cd build && cmake -S .. -G Ninja -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=[installation directory] -DCMAKE_TOOLCHAIN_FILE=[path to vcpkg]/scripts/buildsystems/vcpkg.cmake ``` Then call that build system to actually compile/link the osslsigncode project: ``` cmake --build . ``` 4) Make tests. ``` ctest -C Release ``` 5) Make install (with administrative privileges if necessary). ``` cmake --install . ``` osslsigncode-2.9/LICENSE.txt000066400000000000000000000027471464004761700157260ustar00rootroot00000000000000OpenSSL based Authenticode signing for PE/MSI/Java CAB files. Copyright (C) 2005-2014 Per Allansson Copyright (C) 2018-2022 Michał Trojnara This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . In addition, as a special exception, the copyright holders give permission to link the code of portions of this program with the OpenSSL library under certain conditions as described in each individual source file, and distribute linked combinations including the two. You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify file(s) with this exception, you may extend this exception to your version of the file(s), but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. If you delete this exception statement from all source files in the program, then also delete it here. osslsigncode-2.9/NEWS.md000066400000000000000000000170631464004761700151760ustar00rootroot00000000000000# osslsigncode change log ### 2.9 (2024.06.29) - added a 64 bit long pseudo-random NONCE in the TSA request - missing NID_pkcs9_signingTime is no longer an error - added support for PEM-encoded CRLs - fixed the APPX central directory sorting order - added a special "-" file name to read the passphrase from stdin (by Steve McIntyre) - used native HTTP client with OpenSSL 3.x, removing libcurl dependency - added '-login' option to force a login to PKCS11 engines (by Brad Hughes) - added the "-ignore-crl" option to disable fetching and verifying CRL Distribution Points - changed error output to stderr instead of stdout - various testing framework improvements - various memory corruption fixes ### 2.8 (2024.03.03) - Microsoft PowerShell signing sponsored by Cisco Systems, Inc. - fixed setting unauthenticated attributes (Countersignature, Unauthenticated Data Blob) in a nested signature - added the "-index" option to verify a specific signature or modify its unauthenticated attributes - added CAT file verification - added listing the contents of a CAT file with the "-verbose" option - added the new "extract-data" command to extract a PKCS#7 data content to be signed with "sign" and attached with "attach-signature" - added PKCS9_SEQUENCE_NUMBER authenticated attribute support - added the "-ignore-cdp" option to disable CRL Distribution Points (CDP) online verification - unsuccessful CRL retrieval and verification changed into a critical error - the "-p" option modified to also use to configured proxy to connect CRL Distribution Points - added implicit allowlisting of the Microsoft Root Authority serial number 00C1008B3C3C8811D13EF663ECDF40 - added listing of certificate chain retrieved from the signature in case of verification failure ### 2.7 (2023.09.19) - fixed signing CAB files (by Michael Brown) - fixed handling of unsupported commands (by Maxim Bagryantsev) - fixed writing DIFAT sectors - added APPX support (by Maciej Panek and Małgorzata Olszówka) - added a built-in TSA response generation (-TSA-certs, -TSA-key and -TSA-time options) ### 2.6 (2023.05.29) - modular architecture implemented to simplify adding file formats - added verification of CRLs specified in the signing certificate - added MSI DIFAT sectors support (by Max Bagryantsev) - added legacy provider support for OpenSSL 3.0.0 and later - fixed numerous bugs ### 2.5 (2022.08.12) - fixed the Unix executable install path - fixed the hardcoded "pkcs11" engine id - fixed building with MinGW - fixed testing with the python3 distributed with Ubuntu 18.04 ### 2.4 (2022.08.02) - migrated the build system from GNU Autoconf to CMake - added the "-h" option to set the cryptographic hash function for the "attach -signature" and "add" commands - set the default hash function to "sha256" - added the "attach-signature" option to compute and compare the leaf certificate hash for the "add" command - renamed the "-st" option "-time" (the old name is accepted for compatibility) - updated the "-time" option to also set explicit verification time - added the "-ignore-timestamp" option to disable timestamp server signature verification - removed the "-timestamp-expiration" option - fixed several bugs - updated the included documentation - enabled additional compiler/linker hardening options - added CI based on GitHub Actions ### 2.3 (2022.03.06) **CRITICAL SECURITY VULNERABILITIES** This release fixes several critical memory corruption vulnerabilities. A malicious attacker could create a file, which, when processed with osslsigncode, triggers arbitrary code execution. Any previous version of osslsigncode should be immediately upgraded if the tool is used for processing of untrusted files. - fixed several memory safety issues - fixed non-interactive PVK (MSBLOB) key decryption - added a bash completion script - added CA bundle path auto-detection ### 2.2 (2021.08.15) - CAT files support (thanks to James McKenzie) - MSI support rewritten without libgsf dependency, which allows for handling of all the needed MSI metadata, such as dates - "-untrusted" option renamed to "-TSA-CAfile" - "-CRLuntrusted" option renamed to "-TSA-CRLfile" - numerous bug fixes and improvements ### 2.1 (2020-10-11) - certificate chain verification support - timestamp verification support - CRL verification support ("-CRLfile" option) - improved CAB signature support - nested signatures support - user-specified signing time ("-st" option) by vszakats - added more tests - fixed numerous bugs - dropped OpenSSL 1.1.0 support ### 2.0 (2018-12-04) - orphaned project adopted by Michał Trojnara - ported to OpenSSL 1.1.x - ported to SoftHSM2 - add support for pkcs11-based hardware tokens (Patch from Leif Johansson) - improved error reporting of timestamping errors (Patch from Carlo Teubner) ### 1.7.1 (2014-07-11) - MSI: added -add-msi-dse option (Patch from Mikkel Krautz) - MSI: fix build when GSF_CAN_READ_MSI_METADATA defined (Patch from Mikkel Krautz) ### 1.7 (2014-07-10) - add support for nested signatures (Patch from Mikkel Krautz) - fix compilation problem with OpenSSL < 1.0.0 - added OpenSSL linkage exception to license ### 1.6 (2014-01-21) - add support for reading password from file - add support for asking for password (on systems that provide support for it) - add support for compiling and running on Windows (Patch from Heiko Hund) - fix compilation without curl (Fix from Heiko Hund) - added support for giving multiple timestamp servers as arguments (first one that succeeds will be used) - signatures on hierarchical MSI files were broken (Fix from Mikkel Krautz) - MSI: Add support for MsiDigitalSignatureEx signature (Patch from Mikkel Krautz) - add support for adding additional/cross certificates through -ac option (Thanks to Lars Munch for idea + testing) - MSI: Add support for signature extract/remove/verify (Patches from Mikkel Krautz) - PE/MSI: Implement -require-leaf-hash for verify. (Patch from Mikkel Krautz) ### 1.5.2 (2013-03-13) - added support for signing with SHA-384 and SHA-512 - added support for page hashing (-ph option) ### 1.5.1 (2013-03-12) - forgot to bump version number... ### 1.5 (2013-03-12) - added support for signing MSI files (patch from Marc-André Lureau) - calculate correct PE checksum instead of setting it to 0 (patch from Roland Schwingel) - added support for RFC3161 timestamping (-ts option) - added support for extracting/removing/verifying signature on PE files - fixed problem with not being able to decode timestamps with no newlines - added stricter checks for PE file validity - added support for reading keys from PVK files (requires OpenSSL 1.0.0 or later) - added support for reading certificates from PEM files - renamed program option: -spc to -certs (old option name still valid) ### 1.4 (2011-08-12) - improved build system (patch from Alon Bar-Lev) - support reading cert+key from PKCS12 file (patch from Alon Bar-Lev) - support reading key from PEM file - added support for sha1/sha256 - default hash is now sha1 - added flag for commercial signing (default is individual) ### 1.3.1 (2009-08-07) - support signing of 64-bit executables (fix from Paul Kendall) ### 1.3 (2008-01-31) - fixed padding problem (fix from Ryan Rubley) - allow signing of already signed files (fix from Ryan Rubley) - added Ryan Rubley's PVK-to-DER guide into the README ### 1.2 (2005-01-21) - autoconf:ed (Thanks to Roy Keene) - added documentation - don't override PKCS7_get_signed_attribute, it wasn't actually needed, it was me being confused. - compiles without curl, which means no timestamping - version number output ### 1.1 (2005-01-19) - Initial release osslsigncode-2.9/README.md000066400000000000000000000161751464004761700153620ustar00rootroot00000000000000osslsigncode ============ ## BUILD STATUS [![CI](https://github.com/mtrojnar/osslsigncode/actions/workflows/ci.yml/badge.svg)](https://github.com/mtrojnar/osslsigncode/actions/workflows/ci.yml) ## WHAT IS IT? osslsigncode is a small tool that implements part of the functionality of the Microsoft tool signtool.exe - more exactly the Authenticode signing and timestamping. But osslsigncode is based on OpenSSL and cURL, and thus should be able to compile on most platforms where these exist. ## WHY? Why not use signtool.exe? Because I don't want to go to a Windows machine every time I need to sign a binary - I can compile and build the binaries using Wine on my Linux machine, but I can't sign them since the signtool.exe makes good use of the CryptoAPI in Windows, and these APIs aren't (yet?) fully implemented in Wine, so the signtool.exe tool would fail. And, so, osslsigncode was born. ## WHAT CAN IT DO? It can sign and timestamp PE (EXE/SYS/DLL/etc), CAB, CAT and MSI files. It supports the equivalent of signtool.exe's "-j javasign.dll -jp low", i.e. add a valid signature for a CAB file containing Java files. It supports getting the timestamp through a proxy as well. It also supports signature verification, removal and extraction. ## BUILDING This section covers building osslsigncode for [Unix-like](https://en.wikipedia.org/wiki/Unix-like) operating systems. See [INSTALL.W32.md](https://github.com/mtrojnar/osslsigncode/blob/master/INSTALL.W32.md) for Windows notes. We highly recommend downloading a [release tarball](https://github.com/mtrojnar/osslsigncode/releases) instead of cloning from a git repository. ### Configure, build, make tests and install osslsigncode * Install prerequisites on a Debian-based distributions, such as Ubuntu: ``` sudo apt update && sudo apt install cmake libssl-dev libcurl4-openssl-dev zlib1g-dev python3 ``` * Install prerequisites on macOS with Homebrew: ``` brew install cmake pkg-config openssl@1.1 export PKG_CONFIG_PATH="/usr/local/opt/openssl@1.1/lib/pkgconfig" ``` **NOTE:** osslsigncode requires CMake 3.17 or newer. You may need to use `cmake3` instead of `cmake` to complete the following steps on your system. * Navigate to the build directory and run CMake to configure the osslsigncode project and generate a native build system: ``` mkdir build && cd build && cmake -S .. ``` optional CMake parameters: ``` -DCMAKE_BUILD_TYPE=Debug -DCMAKE_C_COMPILER=clang -DCMAKE_PREFIX_PATH=[openssl directory];[curl directory] -DCMAKE_INSTALL_PREFIX=[installation directory] -DBASH_COMPLETION_USER_DIR=[bash completion installation directory] ``` * Then call that build system to actually compile/link the osslsigncode project (alias `make`): ``` cmake --build . ``` * Make test: ``` ctest -C Release ``` * Make install: ``` sudo cmake --install . ``` * Make tarball (simulate autotools' `make dist`): ``` cmake --build . --target package_source ``` ## USAGE Before you can sign a file you need a Software Publishing Certificate (spc) and a corresponding private key. This article provides a good starting point as to how to do the signing with the Microsoft signtool.exe: http://www.matthew-jones.com/articles/codesigning.html To sign with osslsigncode you need the certificate file mentioned in the article above, in SPC or PEM format, and you will also need the private key which must be a key file in DER or PEM format, or if osslsigncode was compiled against OpenSSL 1.0.0 or later, in PVK format. To sign a PE or MSI file you can now do: ``` osslsigncode sign -certs -key \ -n "Your Application" -i http://www.yourwebsite.com/ \ -in yourapp.exe -out yourapp-signed.exe ``` or if you are using a PEM or PVK key file with a password together with a PEM certificate: ``` osslsigncode sign -certs \ -key -pass \ -n "Your Application" -i http://www.yourwebsite.com/ \ -in yourapp.exe -out yourapp-signed.exe ``` or if you want to add a timestamp as well: ``` osslsigncode sign -certs -key \ -n "Your Application" -i http://www.yourwebsite.com/ \ -t http://timestamp.digicert.com \ -in yourapp.exe -out yourapp-signed.exe ``` You can use a certificate and key stored in a PKCS#12 container: ``` osslsigncode sign -pkcs12 -pass \ -n "Your Application" -i http://www.yourwebsite.com/ \ -in yourapp.exe -out yourapp-signed.exe ``` To sign a CAB file containing java class files: ``` osslsigncode sign -certs -key \ -n "Your Application" -i http://www.yourwebsite.com/ \ -jp low \ -in yourapp.cab -out yourapp-signed.cab ``` Only the 'low' parameter is currently supported. If you want to use PKCS11 token, you should indicate PKCS11 engine and module. An example of using osslsigncode with SoftHSM: ``` osslsigncode sign \ -pkcs11engine /usr/lib64/engines-1.1/pkcs11.so \ -pkcs11module /usr/lib64/pkcs11/libsofthsm2.so \ -pkcs11cert 'pkcs11:token=softhsm-token;object=cert' \ -key 'pkcs11:token=softhsm-token;object=key' \ -in yourapp.exe -out yourapp-signed.exe ``` You can check that the signed file is correct by right-clicking on it in Windows and choose Properties --> Digital Signatures, and then choose the signature from the list, and click on Details. You should then be presented with a dialog that says amongst other things that "This digital signature is OK". ## UNAUTHENTICATED BLOBS The "-addUnauthenticatedBlob" parameter adds a 1024-byte unauthenticated blob of data to the signature in the same area as the timestamp. This can be used while signing, while timestamping, after a file has been code signed, or by itself. This technique (but not this project) is used by Dropbox, GoToMeeting, and Summit Route. ### Example 1. Sign and add blob to unsigned file ```shell osslsigncode sign -addUnauthenticatedBlob -pkcs12 yourcert.pfx -pass your_password -n "Your Company" -i https://YourSite.com/ -in srepp.msi -out srepp_added.msi ``` ### Example 2. Timestamp and add blob to signed file ```shell osslsigncode.exe add -addUnauthenticatedBlob -t http://timestamp.digicert.com -in your_signed_file.exe -out out.exe ``` ### Example 3. Add blob to signed and time-stamped file ```shell osslsigncode.exe add -addUnauthenticatedBlob -in your_signed_file.exe -out out.exe ``` ### WARNING This feature allows for doing dumb things. Be very careful with what you put in the unauthenticated blob, as an attacker could modify this. Do NOT, under any circumstances, put a URL here that you will use to download an additional file. If you do do that, you would need to check the newly downloaded file is code signed AND that it has been signed with your cert AND that it is the version you expect. ## BUGS, QUESTIONS etc. Check whether your your question or suspected bug was already discussed on https://github.com/mtrojnar/osslsigncode/issues. Otherwise, open a new issue. BUT, if you have questions related to generating spc files, converting between different formats and so on, *please* spend a few minutes searching on google for your particular problem since many people probably already have had your problem and solved it as well. osslsigncode-2.9/TODO.md000066400000000000000000000002721464004761700151610ustar00rootroot00000000000000- signature extraction/removal/verificaton on MSI/CAB files - clean up / untangle code - separate timestamping - remove mmap usage to increase portability - fix other stuff marked 'XXX' osslsigncode-2.9/applink.c000066400000000000000000000071711464004761700157010ustar00rootroot00000000000000/* * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ #define APPLINK_STDIN 1 #define APPLINK_STDOUT 2 #define APPLINK_STDERR 3 #define APPLINK_FPRINTF 4 #define APPLINK_FGETS 5 #define APPLINK_FREAD 6 #define APPLINK_FWRITE 7 #define APPLINK_FSETMOD 8 #define APPLINK_FEOF 9 #define APPLINK_FCLOSE 10 /* should not be used */ #define APPLINK_FOPEN 11 /* solely for completeness */ #define APPLINK_FSEEK 12 #define APPLINK_FTELL 13 #define APPLINK_FFLUSH 14 #define APPLINK_FERROR 15 #define APPLINK_CLEARERR 16 #define APPLINK_FILENO 17 /* to be used with below */ #define APPLINK_OPEN 18 /* formally can't be used, as flags can vary */ #define APPLINK_READ 19 #define APPLINK_WRITE 20 #define APPLINK_LSEEK 21 #define APPLINK_CLOSE 22 #define APPLINK_MAX 22 /* always same as last macro */ #ifndef APPMACROS_ONLY # include # include # include # ifdef __BORLANDC__ /* _lseek in is a function-like macro so we can't take its address */ # undef _lseek # define _lseek lseek # endif static void *app_stdin(void) { return stdin; } static void *app_stdout(void) { return stdout; } static void *app_stderr(void) { return stderr; } static int app_feof(FILE *fp) { return feof(fp); } static int app_ferror(FILE *fp) { return ferror(fp); } static void app_clearerr(FILE *fp) { clearerr(fp); } static int app_fileno(FILE *fp) { return _fileno(fp); } static int app_fsetmod(FILE *fp, char mod) { return _setmode(_fileno(fp), mod == 'b' ? _O_BINARY : _O_TEXT); } #ifdef __cplusplus extern "C" { #endif __declspec(dllexport) void ** # if defined(__BORLANDC__) /* * __stdcall appears to be the only way to get the name * decoration right with Borland C. Otherwise it works * purely incidentally, as we pass no parameters. */ __stdcall # else __cdecl # endif #pragma warning(push, 2) OPENSSL_Applink(void) { static int once = 1; static void *OPENSSL_ApplinkTable[APPLINK_MAX + 1] = { (void *)APPLINK_MAX }; if (once) { OPENSSL_ApplinkTable[APPLINK_STDIN] = app_stdin; OPENSSL_ApplinkTable[APPLINK_STDOUT] = app_stdout; OPENSSL_ApplinkTable[APPLINK_STDERR] = app_stderr; OPENSSL_ApplinkTable[APPLINK_FPRINTF] = fprintf; OPENSSL_ApplinkTable[APPLINK_FGETS] = fgets; OPENSSL_ApplinkTable[APPLINK_FREAD] = fread; OPENSSL_ApplinkTable[APPLINK_FWRITE] = fwrite; OPENSSL_ApplinkTable[APPLINK_FSETMOD] = app_fsetmod; OPENSSL_ApplinkTable[APPLINK_FEOF] = app_feof; OPENSSL_ApplinkTable[APPLINK_FCLOSE] = fclose; OPENSSL_ApplinkTable[APPLINK_FOPEN] = fopen; OPENSSL_ApplinkTable[APPLINK_FSEEK] = fseek; OPENSSL_ApplinkTable[APPLINK_FTELL] = ftell; OPENSSL_ApplinkTable[APPLINK_FFLUSH] = fflush; OPENSSL_ApplinkTable[APPLINK_FERROR] = app_ferror; OPENSSL_ApplinkTable[APPLINK_CLEARERR] = app_clearerr; OPENSSL_ApplinkTable[APPLINK_FILENO] = app_fileno; OPENSSL_ApplinkTable[APPLINK_OPEN] = _open; OPENSSL_ApplinkTable[APPLINK_READ] = _read; OPENSSL_ApplinkTable[APPLINK_WRITE] = _write; OPENSSL_ApplinkTable[APPLINK_LSEEK] = _lseek; OPENSSL_ApplinkTable[APPLINK_CLOSE] = _close; once = 0; } return OPENSSL_ApplinkTable; } #pragma warning(pop) #ifdef __cplusplus } #endif #endif osslsigncode-2.9/appx.c000066400000000000000000003035021464004761700152100ustar00rootroot00000000000000/* * APPX file support library * https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT * * Copyright (C) Maciej Panek * Copyright (C) 2023 Michał Trojnara * Author: Małgorzata Olszówka * * APPX files do not support nesting (multiple signature) */ #define _FILE_OFFSET_BITS 64 #include "osslsigncode.h" #include "helpers.h" #include #include #ifndef PRIX64 #if defined(_MSC_VER) #define PRIX64 "I64X" #else /* _MSC_VER */ #if ULONG_MAX == 0xFFFFFFFFFFFFFFFF #define PRIX64 "lX" #else /* ULONG_MAX == 0xFFFFFFFFFFFFFFFF */ #define PRIX64 "llX" #endif /* ULONG_MAX == 0xFFFFFFFFFFFFFFFF */ #endif /* _MSC_VER */ #endif /* PRIX64 */ #if defined(_MSC_VER) #define fseeko _fseeki64 #define ftello _ftelli64 #endif /* _MSC_VER */ #define EOCDR_SIZE 22 #define ZIP64_EOCD_LOCATOR_SIZE 20 #define ZIP64_HEADER 0x01 #define COMPRESSION_NONE 0 #define COMPRESSION_DEFLATE 8 #define DATA_DESCRIPTOR_BIT (1 << 3) static const char PKZIP_LH_SIGNATURE[4] = { 'P', 'K', 3, 4 }; static const char PKZIP_CD_SIGNATURE[4] = { 'P', 'K', 1, 2 }; static const char PKZIP_EOCDR_SIGNATURE[4] = { 'P', 'K', 5, 6 }; static const char PKZIP_DATA_DESCRIPTOR_SIGNATURE[4] = { 'P', 'K', 7, 8 }; static const char PKZIP64_EOCD_LOCATOR_SIGNATURE[4] = { 'P', 'K', 6, 7 }; static const char PKZIP64_EOCDR_SIGNATURE[4] = { 'P', 'K', 6, 6 }; static const char *APP_SIGNATURE_FILENAME = "AppxSignature.p7x"; static const char *CONTENT_TYPES_FILENAME = "[Content_Types].xml"; static const char *BLOCK_MAP_FILENAME = "AppxBlockMap.xml"; static const char *APPXBUNDLE_MANIFEST_FILENAME = "AppxMetadata/AppxBundleManifest.xml"; static const char *CODE_INTEGRITY_FILENAME = "AppxMetadata/CodeIntegrity.cat"; static const char *SIGNATURE_CONTENT_TYPES_ENTRY = ""; static const char *SIGNATURE_CONTENT_TYPES_CLOSING_TAG = ""; static const u_char APPX_UUID[] = { 0x4B, 0xDF, 0xC5, 0x0A, 0x07, 0xCE, 0xE2, 0x4D, 0xB7, 0x6E, 0x23, 0xC8, 0x39, 0xA0, 0x9F, 0xD1 }; static const u_char APPXBUNDLE_UUID[] = { 0xB3, 0x58, 0x5F, 0x0F, 0xDE, 0xAA, 0x9A, 0x4B, 0xA4, 0x34, 0x95, 0x74, 0x2D, 0x92, 0xEC, 0xEB }; static const char PKCX_SIGNATURE[4] = { 'P', 'K', 'C', 'X' }; /* P7X format header */ static const char APPX_SIGNATURE[4] = { 'A', 'P', 'P', 'X' }; /* APPX header */ static const char AXPC_SIGNATURE[4] = { 'A', 'X', 'P', 'C' }; /* digest of zip file records */ static const char AXCD_SIGNATURE[4] = { 'A', 'X', 'C', 'D' }; /* digest zip file central directory */ static const char AXCT_SIGNATURE[4] = { 'A', 'X', 'C', 'T' }; /* digest of uncompressed [ContentTypes].xml */ static const char AXBM_SIGNATURE[4] = { 'A', 'X', 'B', 'M' }; /* digest of uncompressed AppxBlockMap.xml */ static const char AXCI_SIGNATURE[4] = { 'A', 'X', 'C', 'I' }; /* digest of uncompressed AppxMetadata/CodeIntegrity.cat (optional) */ static const char *HASH_METHOD_TAG = "HashMethod"; static const char *HASH_METHOD_SHA256 = "http://www.w3.org/2001/04/xmlenc#sha256"; static const char *HASH_METHOD_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#sha384"; static const char *HASH_METHOD_SHA512 = "http://www.w3.org/2001/04/xmlenc#sha512"; /* * Overall .ZIP file format: * * [local file header 1] * [encryption header 1] * [file data 1] * [data descriptor 1] * . * . * . * [local file header n] * [encryption header n] * [file data n] * [data descriptor n] * [archive decryption header] * [archive extra data record] * [central directory header 1] * . * . * . * [central directory header n] * [zip64 end of central directory record] * [zip64 end of central directory locator] * [end of central directory record] */ /* Local file header */ typedef struct { uint16_t version; uint16_t flags; uint16_t compression; uint16_t modTime; uint16_t modDate; uint32_t crc32; uint64_t compressedSize; uint64_t uncompressedSize; uint16_t fileNameLen; uint16_t extraFieldLen; char *fileName; uint8_t *extraField; int compressedSizeInZip64; int uncompressedSizeInZip64; } ZIP_LOCAL_HEADER; /* Data descriptor */ typedef struct { uint32_t crc32; uint64_t compressedSize; uint64_t uncompressedSize; uint8_t *data; } ZIP_OVERRIDE_DATA; /* Central directory structure */ typedef struct zipCentralDirectoryEntry_struct { uint16_t creatorVersion; uint16_t viewerVersion; uint16_t flags; uint16_t compression; uint16_t modTime; uint16_t modDate; uint32_t crc32; uint64_t compressedSize; uint64_t uncompressedSize; uint16_t fileNameLen; uint16_t extraFieldLen; uint16_t fileCommentLen; uint32_t diskNoStart; uint16_t internalAttr; uint32_t externalAttr; uint64_t offsetOfLocalHeader; char *fileName; uint8_t *extraField; char *fileComment; int64_t fileOffset; int64_t entryLen; int compressedSizeInZip64; int uncompressedSizeInZip64; int offsetInZip64; int diskNoInZip64; ZIP_OVERRIDE_DATA *overrideData; struct zipCentralDirectoryEntry_struct *next; } ZIP_CENTRAL_DIRECTORY_ENTRY; DEFINE_STACK_OF(ZIP_CENTRAL_DIRECTORY_ENTRY) /* Zip64 end of central directory record */ typedef struct { uint64_t eocdrSize; uint16_t creatorVersion; uint16_t viewerVersion; uint32_t diskNumber; uint32_t diskWithCentralDirectory; uint64_t diskEntries; uint64_t totalEntries; uint64_t centralDirectorySize; uint64_t centralDirectoryOffset; uint64_t commentLen; char *comment; } ZIP64_EOCDR; /* Zip64 end of central directory locator */ typedef struct { uint32_t diskWithEOCD; uint64_t eocdOffset; uint32_t totalNumberOfDisks; } ZIP64_EOCD_LOCATOR; /* End of central directory record */ typedef struct { uint16_t diskNumber; uint16_t centralDirectoryDiskNumber; uint16_t diskEntries; uint16_t totalEntries; uint32_t centralDirectorySize; uint32_t centralDirectoryOffset; uint16_t commentLen; char *comment; } ZIP_EOCDR; typedef struct { FILE *file; ZIP_CENTRAL_DIRECTORY_ENTRY *centralDirectoryHead; uint64_t centralDirectorySize; uint64_t centralDirectoryOffset; uint64_t centralDirectoryRecordCount; uint64_t eocdrOffset; int64_t eocdrLen; int64_t fileSize; int isZip64; /* this will come handy to rewrite the eocdr */ ZIP_EOCDR eocdr; ZIP64_EOCD_LOCATOR locator; ZIP64_EOCDR eocdr64; } ZIP_FILE; typedef struct { ASN1_INTEGER *a; ASN1_OCTET_STRING *string; ASN1_INTEGER *b; ASN1_INTEGER *c; ASN1_INTEGER *d; ASN1_INTEGER *e; ASN1_INTEGER *f; } AppxSpcSipInfo; DECLARE_ASN1_FUNCTIONS(AppxSpcSipInfo) ASN1_SEQUENCE(AppxSpcSipInfo) = { ASN1_SIMPLE(AppxSpcSipInfo, a, ASN1_INTEGER), ASN1_SIMPLE(AppxSpcSipInfo, string, ASN1_OCTET_STRING), ASN1_SIMPLE(AppxSpcSipInfo, b, ASN1_INTEGER), ASN1_SIMPLE(AppxSpcSipInfo, c, ASN1_INTEGER), ASN1_SIMPLE(AppxSpcSipInfo, d, ASN1_INTEGER), ASN1_SIMPLE(AppxSpcSipInfo, e, ASN1_INTEGER), ASN1_SIMPLE(AppxSpcSipInfo, f, ASN1_INTEGER), } ASN1_SEQUENCE_END(AppxSpcSipInfo) IMPLEMENT_ASN1_FUNCTIONS(AppxSpcSipInfo) struct appx_ctx_st { ZIP_FILE *zip; u_char *calculatedBMHash; u_char *calculatedCTHash; u_char *calculatedCDHash; u_char *calculatedDataHash; u_char *calculatedCIHash; u_char *existingBMHash; u_char *existingCTHash; u_char *existingCDHash; u_char *existingDataHash; u_char *existingCIHash; int isBundle; const EVP_MD *md; int hashlen; } appx_ctx_t; /* FILE_FORMAT method prototypes */ static FILE_FORMAT_CTX *appx_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata); static const EVP_MD *appx_md_get(FILE_FORMAT_CTX *ctx); static ASN1_OBJECT *appx_spc_sip_info_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx); static PKCS7 *appx_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md); static int appx_hash_length_get(FILE_FORMAT_CTX *ctx); static int appx_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7); static PKCS7 *appx_pkcs7_extract(FILE_FORMAT_CTX *ctx); static int appx_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static int appx_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static PKCS7 *appx_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash); static int appx_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); static void appx_bio_free(BIO *hash, BIO *outdata); static void appx_ctx_cleanup(FILE_FORMAT_CTX *ctx); FILE_FORMAT file_format_appx = { .ctx_new = appx_ctx_new, .md_get = appx_md_get, .data_blob_get = appx_spc_sip_info_get, .pkcs7_contents_get = appx_pkcs7_contents_get, .hash_length_get = appx_hash_length_get, .verify_digests = appx_verify_digests, .pkcs7_extract = appx_pkcs7_extract, .remove_pkcs7 = appx_remove_pkcs7, .process_data = appx_process_data, .pkcs7_signature_new = appx_pkcs7_signature_new, .append_pkcs7 = appx_append_pkcs7, .bio_free = appx_bio_free, .ctx_cleanup = appx_ctx_cleanup, }; /* Prototypes */ static BIO *appx_calculate_hashes(FILE_FORMAT_CTX *ctx); static BIO *appx_hash_blob_get(FILE_FORMAT_CTX *ctx); static uint8_t *appx_calc_zip_central_directory_hash(ZIP_FILE *zip, const EVP_MD *md, uint64_t cdOffset); static int appx_write_central_directory(BIO *bio, ZIP_FILE *zip, int removeSignature, uint64_t cdOffset); static uint8_t *appx_calc_zip_data_hash(uint64_t *cdOffset, ZIP_FILE *zip, const EVP_MD *md); static int appx_extract_hashes(FILE_FORMAT_CTX *ctx, SpcIndirectDataContent *content); static int appx_compare_hashes(FILE_FORMAT_CTX *ctx); static int appx_remove_ct_signature_entry(ZIP_FILE *zip, ZIP_CENTRAL_DIRECTORY_ENTRY *entry); static int appx_append_ct_signature_entry(ZIP_FILE *zip, ZIP_CENTRAL_DIRECTORY_ENTRY *entry); static const EVP_MD *appx_get_md(ZIP_FILE *zip); static ZIP_CENTRAL_DIRECTORY_ENTRY *zipGetCDEntryByName(ZIP_FILE *zip, const char *name); static void zipWriteCentralDirectoryEntry(BIO *bio, uint64_t *sizeOnDisk, ZIP_CENTRAL_DIRECTORY_ENTRY *entry, uint64_t offsetDiff); static int zipAppendSignatureFile(BIO *bio, ZIP_FILE *zip, uint8_t *data, uint64_t dataSize); static int zipOverrideFileData(ZIP_CENTRAL_DIRECTORY_ENTRY *entry, uint8_t *data, uint64_t dataSize); static int zipRewriteData(ZIP_FILE *zip, ZIP_CENTRAL_DIRECTORY_ENTRY *entry, BIO *bio, uint64_t *sizeOnDisk); static void zipWriteLocalHeader(BIO *bio, uint64_t *sizeonDisk, ZIP_LOCAL_HEADER *heade); static int zipEntryExist(ZIP_FILE *zip, const char *name); static u_char *zipCalcDigest(ZIP_FILE *zip, const char *fileName, const EVP_MD *md); static size_t zipReadFileDataByName(uint8_t **pData, ZIP_FILE *zip, const char *name); static size_t zipReadFileData(ZIP_FILE *zip, uint8_t **pData, ZIP_CENTRAL_DIRECTORY_ENTRY *entry); static int zipReadLocalHeader(ZIP_LOCAL_HEADER *header, ZIP_FILE *zip, uint64_t compressedSize); static int zipInflate(uint8_t *dest, uint64_t *destLen, uint8_t *source, uLong *sourceLen); static int zipDeflate(uint8_t *dest, uint64_t *destLen, uint8_t *source, uLong sourceLen); static ZIP_FILE *openZip(const char *filename); static void freeZip(ZIP_FILE *zip); static ZIP_FILE *zipSortCentralDirectory(ZIP_FILE *zip); static void zipPrintCentralDirectory(ZIP_FILE *zip); static int zipReadCentralDirectory(ZIP_FILE *zip, FILE *file); static ZIP_CENTRAL_DIRECTORY_ENTRY *zipReadNextCentralDirectoryEntry(FILE *file); static void freeZipCentralDirectoryEntry(ZIP_CENTRAL_DIRECTORY_ENTRY *entry); static int readZipEOCDR(ZIP_EOCDR *eocdr, FILE *file); static int readZip64EOCDLocator(ZIP64_EOCD_LOCATOR *locator, FILE *file); static int readZip64EOCDR(ZIP64_EOCDR *eocdr, FILE *file, uint64_t offset); static int get_current_position(BIO *bio, uint64_t *offset); static uint64_t fileGetU64(FILE *file); static uint32_t fileGetU32(FILE *file); static uint16_t fileGetU16(FILE *file); static uint64_t bufferGetU64(uint8_t *buffer, uint64_t *pos); static uint32_t bufferGetU32(uint8_t *buffer, uint64_t *pos); static uint16_t bufferGetU16(uint8_t *buffer, uint64_t *pos); static void bioAddU64(BIO *bio, uint64_t v); static void bioAddU32(BIO *bio, uint32_t v); static void bioAddU16(BIO *bio, uint16_t v); /* * FILE_FORMAT method definitions */ /* * Allocate and return a PE file format context. * [in, out] options: structure holds the input data * [out] hash: message digest BIO * [in] outdata: outdata file BIO * [returns] pointer to PE file format context */ static FILE_FORMAT_CTX *appx_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata) { FILE_FORMAT_CTX *ctx; const EVP_MD *md; ZIP_FILE *zip = openZip(options->infile); /* squash unused parameter warnings */ (void)hash; (void)outdata; if (!zip) { return NULL; /* FAILED */ } if (options->verbose) { zipPrintCentralDirectory(zip); } md = appx_get_md(zip); if (!md) { freeZip(zip); return NULL; /* FAILED */ } ctx = OPENSSL_malloc(sizeof(FILE_FORMAT_CTX)); ctx->appx_ctx = OPENSSL_zalloc(sizeof(appx_ctx_t)); ctx->appx_ctx->zip = zip; ctx->format = &file_format_appx; ctx->options = options; ctx->appx_ctx->md = md; if (zipGetCDEntryByName(zip, APPXBUNDLE_MANIFEST_FILENAME)) { ctx->appx_ctx->isBundle = 1; } if (options->cmd == CMD_SIGN || options->cmd==CMD_ATTACH || options->cmd==CMD_ADD || options->cmd == CMD_EXTRACT_DATA) { printf("Warning: Ignore -h option, use the hash algorithm specified in AppxBlockMap.xml\n"); } if (options->pagehash == 1) printf("Warning: -ph option is only valid for PE files\n"); if (options->jp >= 0) printf("Warning: -jp option is only valid for CAB files\n"); if (options->add_msi_dse == 1) printf("Warning: -add-msi-dse option is only valid for MSI files\n"); return ctx; } /* * Return a hash algorithm specified in the AppxBlockMap.xml file. * [in] ctx: structure holds input and output data * [returns] hash algorithm */ static const EVP_MD *appx_md_get(FILE_FORMAT_CTX *ctx) { return ctx->appx_ctx->md; } /* * Allocate and return SpcSipInfo object. * [out] p: SpcSipInfo data * [out] plen: SpcSipInfo data length * [in] ctx: structure holds input and output data * [returns] pointer to ASN1_OBJECT structure corresponding to SPC_SIPINFO_OBJID */ static ASN1_OBJECT *appx_spc_sip_info_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx) { ASN1_OBJECT *dtype; AppxSpcSipInfo *si = AppxSpcSipInfo_new(); ASN1_INTEGER_set(si->a, 0x01010000); ASN1_INTEGER_set(si->b, 0); ASN1_INTEGER_set(si->c, 0); ASN1_INTEGER_set(si->d, 0); ASN1_INTEGER_set(si->e, 0); ASN1_INTEGER_set(si->f, 0); if (ctx->appx_ctx->isBundle) { printf("Signing as a bundle\n"); ASN1_OCTET_STRING_set(si->string, APPXBUNDLE_UUID, sizeof(APPXBUNDLE_UUID)); } else { printf("Signing as a package\n"); ASN1_OCTET_STRING_set(si->string, APPX_UUID, sizeof(APPX_UUID)); } *plen = i2d_AppxSpcSipInfo(si, NULL); *p = OPENSSL_malloc((size_t)*plen); i2d_AppxSpcSipInfo(si, p); *p -= *plen; dtype = OBJ_txt2obj(SPC_SIPINFO_OBJID, 1); AppxSpcSipInfo_free(si); return dtype; /* OK */ } /* * Allocate and return a data content to be signed. * [in] ctx: structure holds input and output data * [in] hash: message digest BIO * [in] md: message digest algorithm * [returns] data content */ static PKCS7 *appx_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md) { ASN1_OCTET_STRING *content; ZIP_CENTRAL_DIRECTORY_ENTRY *entry; BIO *bhash; /* squash unused parameter warnings */ (void)md; (void)hash; /* Create and append a new signature content types entry */ entry = zipGetCDEntryByName(ctx->appx_ctx->zip, CONTENT_TYPES_FILENAME); if (!entry) { fprintf(stderr, "Not a valid .appx file: content types file missing\n"); return NULL; /* FAILED */ } if (!appx_append_ct_signature_entry(ctx->appx_ctx->zip, entry)) { return NULL; /* FAILED */ } bhash = appx_calculate_hashes(ctx); if (!bhash) { return NULL; /* FAILED */ } content = spc_indirect_data_content_get(bhash, ctx); BIO_free_all(bhash); return pkcs7_set_content(content); } /* * Get concatenated hashes length. * [in] ctx: structure holds input and output data * [returns] the length of concatenated hashes */ static int appx_hash_length_get(FILE_FORMAT_CTX *ctx) { return ctx->appx_ctx->hashlen; } /* * Calculate message digest and compare to value retrieved from PKCS#7 signedData. * [in] ctx: structure holds input and output data * [in] p7: PKCS#7 signature * [returns] 0 on error or 1 on success */ static int appx_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) { if (is_content_type(p7, SPC_INDIRECT_DATA_OBJID)) { ASN1_STRING *content_val = p7->d.sign->contents->d.other->value.sequence; const u_char *p = content_val->data; SpcIndirectDataContent *idc = d2i_SpcIndirectDataContent(NULL, &p, content_val->length); if (idc) { BIO *hashes; if (!appx_extract_hashes(ctx, idc)) { fprintf(stderr, "Failed to extract hashes from the signature\n"); SpcIndirectDataContent_free(idc); return 0; /* FAILED */ } hashes = appx_calculate_hashes(ctx); if (!hashes) { SpcIndirectDataContent_free(idc); return 0; /* FAILED */ } BIO_free_all(hashes); if (!appx_compare_hashes(ctx)) { fprintf(stderr, "Signature hash verification failed\n"); SpcIndirectDataContent_free(idc); return 0; /* FAILED */ } SpcIndirectDataContent_free(idc); } } return 1; /* OK */ } /* * Extract existing signature in DER format. * [in] ctx: structure holds input and output data * [returns] pointer to PKCS#7 structure */ static PKCS7 *appx_pkcs7_extract(FILE_FORMAT_CTX *ctx) { PKCS7 *p7; uint8_t *data = NULL; const u_char *blob; size_t dataSize; /* Check if the signature exists */ if (!zipEntryExist(ctx->appx_ctx->zip, APP_SIGNATURE_FILENAME)) { fprintf(stderr, "%s does not exist\n", APP_SIGNATURE_FILENAME); return NULL; /* FAILED */ } dataSize = zipReadFileDataByName(&data, ctx->appx_ctx->zip, APP_SIGNATURE_FILENAME); if (dataSize <= 0) { return NULL; /* FAILED */ } /* P7X format is just 0x504B4358 (PKCX) followed by PKCS#7 data in the DER format */ if (memcmp(data, PKCX_SIGNATURE, 4)) { fprintf(stderr, "Invalid PKCX header\n"); OPENSSL_free(data); return NULL; /* FAILED */ } blob = (u_char *)data + 4; p7 = d2i_PKCS7(NULL, &blob, (int)dataSize - 4); OPENSSL_free(data); return p7; } /* * Remove existing signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] 1 on error or 0 on success */ static int appx_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { uint8_t *data = NULL; size_t dataSize; uint64_t cdOffset, noEntries = 0; ZIP_FILE *zip = ctx->appx_ctx->zip; ZIP_CENTRAL_DIRECTORY_ENTRY *entry = zipGetCDEntryByName(zip, CONTENT_TYPES_FILENAME); /* squash the unused parameter warning */ (void)hash; if (!entry) { fprintf(stderr, "Not a valid .appx file: content types file missing\n"); return 1; /* FAILED */ } /* read signature data */ dataSize = zipReadFileDataByName(&data, ctx->appx_ctx->zip, APP_SIGNATURE_FILENAME); if (dataSize <= 0) { return 1; /* FAILED, no signature */ } OPENSSL_free(data); if (!appx_remove_ct_signature_entry(zip, entry)) { fprintf(stderr, "Failed to remove signature entry\n"); return 1; /* FAILED */ } for (entry = zip->centralDirectoryHead; entry != NULL; entry = entry->next) { if (noEntries == zip->centralDirectoryRecordCount) { fprintf(stderr, "Corrupted central directory structure\n"); return 1; /* FAILED */ } noEntries++; if (!entry->fileName || (entry->fileNameLen == 0)) { fprintf(stderr, "Corrupted file name\n"); return 1; /* FAILED */ } if (strcmp(entry->fileName, APP_SIGNATURE_FILENAME)) { uint64_t dummy; if (!zipRewriteData(zip, entry, outdata, &dummy)) { return 1; /* FAILED */ } } } if (!get_current_position(outdata, &cdOffset)) { fprintf(stderr, "Unable to get offset\n"); return 1; /* FAILED */ } if (!appx_write_central_directory(outdata, zip, 1, cdOffset)) { fprintf(stderr, "Unable to write central directory\n"); return 1; /* FAILED */ } return 0; /* OK */ } /* * Modify specific type data. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO (unused) * [out] outdata: outdata file BIO (unused) * [returns] 1 on error or 0 on success */ static int appx_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry; /* squash unused parameter warnings */ (void)outdata; (void)hash; /* Create and append a new signature content types entry */ entry = zipGetCDEntryByName(ctx->appx_ctx->zip, CONTENT_TYPES_FILENAME); if (!entry) { fprintf(stderr, "Not a valid .appx file: content types file missing\n"); return 0; /* FAILED */ } if (!appx_append_ct_signature_entry(ctx->appx_ctx->zip, entry)) { return 0; /* FAILED */ } return 1; /* OK */ } /* * Create a new PKCS#7 signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO (unused) * [returns] pointer to PKCS#7 structure */ static PKCS7 *appx_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash) { ASN1_OCTET_STRING *content; PKCS7 *p7 = NULL; BIO *hashes; /* squash unused parameter warnings */ (void)hash; /* Create hash blob from concatenated APPX hashes */ hashes = appx_calculate_hashes(ctx); if (!hashes) { return NULL; /* FAILED */ } p7 = pkcs7_create(ctx); if (!p7) { fprintf(stderr, "Creating a new signature failed\n"); BIO_free_all(hashes); return NULL; /* FAILED */ } if (!add_indirect_data_object(p7)) { fprintf(stderr, "Adding SPC_INDIRECT_DATA_OBJID failed\n"); PKCS7_free(p7); BIO_free_all(hashes); return NULL; /* FAILED */ } content = spc_indirect_data_content_get(hashes, ctx); BIO_free_all(hashes); if (!content) { fprintf(stderr, "Failed to get spcIndirectDataContent\n"); PKCS7_free(p7); return NULL; /* FAILED */ } if (!sign_spc_indirect_data_content(p7, content)) { fprintf(stderr, "Failed to set signed content\n"); PKCS7_free(p7); ASN1_OCTET_STRING_free(content); return NULL; /* FAILED */ } ASN1_OCTET_STRING_free(content); return p7; /* OK */ } /* * Append signature to the outfile. * [in, out] ctx: structure holds input and output data * [out] outdata: outdata file BIO * [in] p7: PKCS#7 signature * [returns] 1 on error or 0 on success */ static int appx_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) { ZIP_FILE *zip = ctx->appx_ctx->zip; ZIP_CENTRAL_DIRECTORY_ENTRY *prev = NULL; ZIP_CENTRAL_DIRECTORY_ENTRY *last = NULL; ZIP_CENTRAL_DIRECTORY_ENTRY *entry; u_char *blob, *der = NULL; int len; uint64_t cdOffset, noEntries = 0; for (entry = zip->centralDirectoryHead; entry != NULL;) { if (noEntries >= zip->centralDirectoryRecordCount) { fprintf(stderr, "Corrupted central directory structure\n"); return 1; /* FAILED */ } noEntries++; last = entry; if (!entry->fileName || (entry->fileNameLen == 0)) { fprintf(stderr, "Corrupted file name\n"); return 1; /* FAILED */ } if (strcmp(entry->fileName, APP_SIGNATURE_FILENAME)) { uint64_t dummy = 0; if (!zipRewriteData(zip, entry, outdata, &dummy)) { return 1; /* FAILED */ } prev = entry; entry = entry->next; } else { /* remove the entry * actually this code is pretty naive - if you remove the entry that was not at the end * everything will go south - the offsets in the CD will not match the local header offsets. * that can be fixed here or left as is - signtool and this tool always appends the signature file at the end. * Might be a problem when someone decides to unpack & repack the .appx zip file */ ZIP_CENTRAL_DIRECTORY_ENTRY *current = entry; entry = entry->next; if (prev) { prev->next = entry; } freeZipCentralDirectoryEntry(current); } } if (!last) { /* not really possible unless an empty zip file, but who knows */ return 1; /* FAILED */ } /* create the signature entry */ if (((len = i2d_PKCS7(p7, NULL)) <= 0) || (der = OPENSSL_malloc((size_t)len)) == NULL) return 1; /* FAILED */ i2d_PKCS7(p7, &der); der -= len; blob = OPENSSL_malloc((size_t)(len + 4)); memcpy(blob, PKCX_SIGNATURE, 4); memcpy(blob + 4, der, (size_t)len); len += 4; if (!zipAppendSignatureFile(outdata, zip, blob, (uint64_t)len)) { OPENSSL_free(blob); fprintf(stderr, "Failed to append zip file\n"); return 1; /* FAILED */ } OPENSSL_free(der); OPENSSL_free(blob); if (!get_current_position(outdata, &cdOffset)) { fprintf(stderr, "Unable to get offset\n"); return 1; /* FAILED */ } if (!appx_write_central_directory(outdata, zip, 0, cdOffset)) { fprintf(stderr, "Unable to write central directory\n"); return 1; /* FAILED */ } return 0; /* OK */ } /* * Free up an entire message digest BIO chain. * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] none */ static void appx_bio_free(BIO *hash, BIO *outdata) { BIO_free_all(outdata); BIO_free_all(hash); } /* * Deallocate a FILE_FORMAT_CTX structure and PE format specific structure. * [out] ctx: structure holds input and output data * [out] hash: message digest BIO * [in] outdata: outdata file BIO * [returns] none */ static void appx_ctx_cleanup(FILE_FORMAT_CTX *ctx) { freeZip(ctx->appx_ctx->zip); OPENSSL_free(ctx->appx_ctx->calculatedBMHash); OPENSSL_free(ctx->appx_ctx->calculatedCTHash); OPENSSL_free(ctx->appx_ctx->calculatedCDHash); OPENSSL_free(ctx->appx_ctx->calculatedDataHash); OPENSSL_free(ctx->appx_ctx->calculatedCIHash); OPENSSL_free(ctx->appx_ctx->existingBMHash); OPENSSL_free(ctx->appx_ctx->existingCTHash); OPENSSL_free(ctx->appx_ctx->existingCDHash); OPENSSL_free(ctx->appx_ctx->existingDataHash); OPENSSL_free(ctx->appx_ctx->existingCIHash); OPENSSL_free(ctx->appx_ctx); OPENSSL_free(ctx); } /* * APPX helper functions */ /* * Calculate ZIP hashes. * [in, out] ctx: structure holds input and output data * [returns] pointer to BIO with calculated APPX hashes */ static BIO *appx_calculate_hashes(FILE_FORMAT_CTX *ctx) { uint64_t cdOffset = 0; ctx->appx_ctx->calculatedBMHash = zipCalcDigest(ctx->appx_ctx->zip, BLOCK_MAP_FILENAME, ctx->appx_ctx->md); ctx->appx_ctx->calculatedCTHash = zipCalcDigest(ctx->appx_ctx->zip, CONTENT_TYPES_FILENAME, ctx->appx_ctx->md); ctx->appx_ctx->calculatedDataHash = appx_calc_zip_data_hash(&cdOffset, ctx->appx_ctx->zip, ctx->appx_ctx->md); ctx->appx_ctx->calculatedCDHash = appx_calc_zip_central_directory_hash(ctx->appx_ctx->zip, ctx->appx_ctx->md, cdOffset); ctx->appx_ctx->calculatedCIHash = zipCalcDigest(ctx->appx_ctx->zip, CODE_INTEGRITY_FILENAME, ctx->appx_ctx->md); if (!ctx->appx_ctx->calculatedBMHash || !ctx->appx_ctx->calculatedCTHash || !ctx->appx_ctx->calculatedCDHash || !ctx->appx_ctx->calculatedDataHash) { fprintf(stderr, "One or more hashes calculation failed\n"); return NULL; /* FAILED */ } if (zipEntryExist(ctx->appx_ctx->zip, CODE_INTEGRITY_FILENAME) && !ctx->appx_ctx->calculatedCIHash) { fprintf(stderr, "Code integrity file exists, but CI hash calculation failed\n"); return NULL; /* FAILED */ } return appx_hash_blob_get(ctx); } /* * Create hash blob from concatenated APPX hashes. * [in] ctx: structure holds input and output data * [returns] pointer to BIO with calculated APPX hashes */ static BIO *appx_hash_blob_get(FILE_FORMAT_CTX *ctx) { int mdlen = EVP_MD_size(ctx->appx_ctx->md); int dataSize = ctx->appx_ctx->calculatedCIHash ? 4 + 5 * (mdlen + 4) : 4 + 4 * (mdlen + 4); u_char *data = OPENSSL_malloc((size_t)dataSize); int pos = 0; BIO *hashes = BIO_new(BIO_s_mem()); memcpy(data + pos, APPX_SIGNATURE, 4); pos += 4; memcpy(data + pos, AXPC_SIGNATURE, 4); pos += 4; memcpy(data + pos, ctx->appx_ctx->calculatedDataHash, (size_t)mdlen); pos += mdlen; memcpy(data + pos, AXCD_SIGNATURE, 4); pos += 4; memcpy(data + pos, ctx->appx_ctx->calculatedCDHash, (size_t)mdlen); pos += mdlen; memcpy(data + pos, AXCT_SIGNATURE, 4); pos += 4; memcpy(data + pos, ctx->appx_ctx->calculatedCTHash, (size_t)mdlen); pos += mdlen; memcpy(data + pos, AXBM_SIGNATURE, 4); pos += 4; memcpy(data + pos, ctx->appx_ctx->calculatedBMHash, (size_t)mdlen); pos += mdlen; if (ctx->appx_ctx->calculatedCIHash) { memcpy(data + pos, AXCI_SIGNATURE, 4); pos += 4; memcpy(data + pos, ctx->appx_ctx->calculatedCIHash, (size_t)mdlen); pos += mdlen; } if (ctx->options->verbose) { print_hash("Hash of file: ", "\n", data, pos); } ctx->appx_ctx->hashlen = BIO_write(hashes, data, pos); OPENSSL_free(data); return hashes; } /* * Calculate ZIP central directory hash. * [in] zip: structure holds specific ZIP data * [in] md: message digest algorithm type * [in] cdOffset: central directory offset * [returns] hash */ static uint8_t *appx_calc_zip_central_directory_hash(ZIP_FILE *zip, const EVP_MD *md, uint64_t cdOffset) { u_char *mdbuf = NULL; BIO *bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } BIO_push(bhash, BIO_new(BIO_s_null())); if (!appx_write_central_directory(bhash, zip, 1, cdOffset)) { fprintf(stderr, "Unable to write central directory\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } mdbuf = OPENSSL_malloc((size_t)EVP_MD_size(md)); BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md)); BIO_free_all(bhash); return mdbuf; } /* * Write central directory structure. * [out] bio: outdata file BIO * [in] zip: structure holds specific ZIP data * [in] removeSignature: remove signature switch * [in] cdOffset: central directory offset * [returns] 0 on error or 1 on success */ static int appx_write_central_directory(BIO *bio, ZIP_FILE *zip, int removeSignature, uint64_t cdOffset) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry; uint64_t offsetDiff = 0, cdSize = 0; uint16_t noEntries = 0; for (entry = zip->centralDirectoryHead; entry != NULL; entry = entry->next) { /* the signature file is considered non existent for hashing purposes */ uint64_t sizeOnDisk = 0; if (noEntries > zip->centralDirectoryRecordCount) { fprintf(stderr, "Corrupted central directory structure\n"); return 0; /* FAILED */ } if (!entry->fileName || (entry->fileNameLen == 0)) { fprintf(stderr, "Corrupted file name\n"); return 0; /* FAILED */ } if (removeSignature && !strcmp(entry->fileName, APP_SIGNATURE_FILENAME)) { continue; } /* APP_SIGNATURE is nt 'tainted' by offset shift after replacing the contents of [content_types] */ zipWriteCentralDirectoryEntry(bio, &sizeOnDisk, entry, strcmp(entry->fileName, APP_SIGNATURE_FILENAME) ? offsetDiff : 0); cdSize += sizeOnDisk; if (entry->overrideData) { offsetDiff += entry->overrideData->compressedSize - entry->compressedSize; } noEntries++; } if (zip->isZip64) { /* eocdr */ BIO_write(bio, PKZIP64_EOCDR_SIGNATURE, 4); bioAddU64(bio, zip->eocdr64.eocdrSize); bioAddU16(bio, zip->eocdr64.creatorVersion); bioAddU16(bio, zip->eocdr64.viewerVersion); bioAddU32(bio, zip->eocdr64.diskNumber); bioAddU32(bio, zip->eocdr64.diskWithCentralDirectory); bioAddU64(bio, (uint64_t)noEntries); bioAddU64(bio, (uint64_t)noEntries); bioAddU64(bio, cdSize); bioAddU64(bio, cdOffset); if (zip->eocdr64.commentLen > 0) { size_t check; if (!BIO_write_ex(bio, zip->eocdr64.comment, zip->eocdr64.commentLen, &check) || check != zip->eocdr64.commentLen) { return 0; /* FAILED */ } } /* eocdr locator */ BIO_write(bio, PKZIP64_EOCD_LOCATOR_SIGNATURE, 4); bioAddU32(bio, zip->locator.diskWithEOCD); bioAddU64(bio, cdOffset + cdSize); bioAddU32(bio, zip->locator.totalNumberOfDisks); } BIO_write(bio, PKZIP_EOCDR_SIGNATURE, 4); /* those need to be 0s even though packaging tool writes FFFFs here * it will fail verification if not zeros */ bioAddU16(bio, 0); bioAddU16(bio, 0); if (zip->eocdr.diskEntries != UINT16_MAX) { bioAddU16(bio, noEntries); } else { bioAddU16(bio, UINT16_MAX); } if (zip->eocdr.totalEntries != UINT16_MAX) { bioAddU16(bio, noEntries); } else { bioAddU16(bio, UINT16_MAX); } if (zip->eocdr.centralDirectorySize != UINT32_MAX) { bioAddU32(bio, (uint32_t)cdSize); } else { bioAddU32(bio, UINT32_MAX); } if (zip->eocdr.centralDirectoryOffset != UINT32_MAX) { bioAddU32(bio, (uint32_t)cdOffset); } else { bioAddU32(bio, UINT32_MAX); } bioAddU16(bio, zip->eocdr.commentLen); if (zip->eocdr.commentLen > 0) { BIO_write(bio, zip->eocdr.comment, zip->eocdr.commentLen); } return 1; /* OK */ } /* * Calculate ZIP data hash. * [out] cdOffset: central directory offset * [in] zip: structure holds specific ZIP data * [in] md: message digest algorithm type * [returns] hash */ static uint8_t *appx_calc_zip_data_hash(uint64_t *cdOffset, ZIP_FILE *zip, const EVP_MD *md) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry; u_char *mdbuf = NULL; BIO *bhash = BIO_new(BIO_f_md()); uint64_t noEntries = 0; if (!BIO_set_md(bhash, md)) { fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } BIO_push(bhash, BIO_new(BIO_s_null())); *cdOffset = 0; for (entry = zip->centralDirectoryHead; entry != NULL; entry = entry->next) { /* the signature file is considered not existent for hashing purposes */ uint64_t sizeOnDisk = 0; if (noEntries >= zip->centralDirectoryRecordCount) { fprintf(stderr, "Corrupted central directory structure\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } noEntries++; if (!entry->fileName || (entry->fileNameLen == 0)) { fprintf(stderr, "Corrupted file name\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } if (!strcmp(entry->fileName, APP_SIGNATURE_FILENAME)) { continue; } if (!zipRewriteData(zip, entry, bhash, &sizeOnDisk)) { fprintf(stderr, "Rewrite data error\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } *cdOffset += sizeOnDisk; } mdbuf = OPENSSL_malloc((size_t)EVP_MD_size(md)); BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md)); BIO_free_all(bhash); return mdbuf; } /* * Extract hashes from SpcIndirectDataContent. * [in, out] ctx: structure holds input and output data * [out] content: SpcIndirectDataContent * [returns] 0 on error or 1 on success */ static int appx_extract_hashes(FILE_FORMAT_CTX *ctx, SpcIndirectDataContent *content) { #if 0 AppxSpcSipInfo *si = NULL; const unsigned char *blob = content->data->value->value.sequence->data; d2i_AppxSpcSipInfo(&si, &blob, content->data->value->value.sequence->length); long a = ASN1_INTEGER_get(si->a); long b = ASN1_INTEGER_get(si->b); long c = ASN1_INTEGER_get(si->c); long d = ASN1_INTEGER_get(si->d); long e = ASN1_INTEGER_get(si->e); long f = ASN1_INTEGER_get(si->f); BIO *stdbio = BIO_new_fp(stderr, BIO_NOCLOSE); printf("a: 0x%lX b: 0x%lX c: 0x%lX d: 0x%lX e: 0x%lX f: 0x%lX\n", a, b, c, d, e, f); printf("string: "); ASN1_STRING_print_ex(stdbio, si->string, ASN1_STRFLGS_RFC2253); printf("\n\n"); AppxSpcSipInfo_free(si); BIO_free_all(stdbio); #endif int length = content->messageDigest->digest->length; uint8_t *data = content->messageDigest->digest->data; int mdlen = EVP_MD_size(ctx->appx_ctx->md); int pos = 4; /* we are expecting at least 4 hashes + 4 byte header */ if (length < 4 * mdlen + 4) { fprintf(stderr, "Hash too short\n"); return 0; /* FAILED */ } if (memcmp(data, APPX_SIGNATURE, 4)) { fprintf(stderr, "Hash signature does not match\n"); return 0; /* FAILED */ } while (pos + mdlen + 4 <= length) { if (!memcmp(data + pos, AXPC_SIGNATURE, 4)) { ctx->appx_ctx->existingDataHash = OPENSSL_malloc((size_t)mdlen); memcpy(ctx->appx_ctx->existingDataHash, data + pos + 4, (size_t)mdlen); } else if (!memcmp(data + pos, AXCD_SIGNATURE, 4)) { ctx->appx_ctx->existingCDHash = OPENSSL_malloc((size_t)mdlen); memcpy(ctx->appx_ctx->existingCDHash, data + pos + 4, (size_t)mdlen); } else if (!memcmp(data + pos, AXCT_SIGNATURE, 4)) { ctx->appx_ctx->existingCTHash = OPENSSL_malloc((size_t)mdlen); memcpy(ctx->appx_ctx->existingCTHash, data + pos + 4, (size_t)mdlen); } else if (!memcmp(data + pos, AXBM_SIGNATURE, 4)) { ctx->appx_ctx->existingBMHash = OPENSSL_malloc((size_t)mdlen); memcpy(ctx->appx_ctx->existingBMHash, data + pos + 4, (size_t)mdlen); } else if (!memcmp(data + pos, AXCI_SIGNATURE, 4)) { ctx->appx_ctx->existingCIHash = OPENSSL_malloc((size_t)mdlen); memcpy(ctx->appx_ctx->existingCIHash, data + pos + 4, (size_t)mdlen); } else { fprintf(stderr, "Invalid hash signature\n"); return 0; /* FAILED */ } pos += mdlen + 4; } if (!ctx->appx_ctx->existingDataHash) { fprintf(stderr, "File hash missing\n"); return 0; /* FAILED */ } if (!ctx->appx_ctx->existingCDHash) { fprintf(stderr, "Central directory hash missing\n"); return 0; /* FAILED */ } if (!ctx->appx_ctx->existingBMHash) { fprintf(stderr, "Block map hash missing\n"); return 0; /* FAILED */ } if (!ctx->appx_ctx->existingCTHash) { fprintf(stderr, "Content types hash missing\n"); return 0; /* FAILED */ } if (zipEntryExist(ctx->appx_ctx->zip, CODE_INTEGRITY_FILENAME) && !ctx->appx_ctx->existingCIHash) { fprintf(stderr, "Code integrity hash missing\n"); return 0; /* FAILED */ } return 1; /* OK */ } /* * Compare extracted and calculated hashes. * [in, out] ctx: structure holds input and output data * [returns] 0 on error or 1 on success */ static int appx_compare_hashes(FILE_FORMAT_CTX *ctx) { int mdtype = EVP_MD_nid(ctx->appx_ctx->md); if (ctx->appx_ctx->calculatedBMHash && ctx->appx_ctx->existingBMHash) { printf("Checking Block Map hashes:\n"); if (!compare_digests(ctx->appx_ctx->existingBMHash, ctx->appx_ctx->calculatedBMHash, mdtype)) { return 0; /* FAILED */ } } else { fprintf(stderr, "Block map hash missing\n"); return 0; /* FAILED */ } if (ctx->appx_ctx->calculatedCTHash && ctx->appx_ctx->existingCTHash) { printf("Checking Content Types hashes:\n"); if (!compare_digests(ctx->appx_ctx->existingCTHash, ctx->appx_ctx->calculatedCTHash, mdtype)) { return 0; /* FAILED */ } } else { fprintf(stderr, "Content Types hash missing\n"); return 0; /* FAILED */ } if (ctx->appx_ctx->calculatedDataHash && ctx->appx_ctx->existingDataHash) { printf("Checking Data hashes:\n"); if (!compare_digests(ctx->appx_ctx->existingDataHash, ctx->appx_ctx->calculatedDataHash, mdtype)) { return 0; /* FAILED */ } } else { fprintf(stderr, "Central Directory hash missing\n"); return 0; /* FAILED */ } if (ctx->appx_ctx->calculatedCDHash && ctx->appx_ctx->existingCDHash) { printf("Checking Central Directory hashes:\n"); if (!compare_digests(ctx->appx_ctx->existingCDHash, ctx->appx_ctx->calculatedCDHash, mdtype)) { return 0; /* FAILED */ } } else { fprintf(stderr, "Central Directory hash missing\n"); return 0; /* FAILED */ } if (ctx->appx_ctx->calculatedCIHash && ctx->appx_ctx->existingCIHash) { printf("Checking Code Integrity hashes:\n"); if (!compare_digests(ctx->appx_ctx->existingCIHash, ctx->appx_ctx->calculatedCIHash, mdtype)) { return 0; /* FAILED */ } } else if (!ctx->appx_ctx->calculatedCIHash && !ctx->appx_ctx->existingCIHash) { /* this is fine, CI file is optional -> if it is missing we expect both hashes to be non existent */ } else { fprintf(stderr, "Code Integrity hash missing\n"); return 0; /* FAILED */ } return 1; /* OK */ } /* * Remove signature content types entry. * [in] zip: structure holds specific ZIP data * [in, out] entry: central directory structure * [returns] 0 on error or 1 on success */ static int appx_remove_ct_signature_entry(ZIP_FILE *zip, ZIP_CENTRAL_DIRECTORY_ENTRY *entry) { uint8_t *data; const char *cpos; size_t dataSize, ipos, len; int ret; dataSize = zipReadFileData(zip, &data, entry); if (dataSize <= 0) { return 0; /* FAILED */ } cpos = strstr((const char *)data, SIGNATURE_CONTENT_TYPES_ENTRY); if (!cpos) { printf("Warning: Did not find existing signature entry in %s\n", entry->fileName); OPENSSL_free(data); return 1; /* do not treat as en error */ } /* *cpos > *data */ ipos = (size_t)(cpos - (char *)data); len = strlen(SIGNATURE_CONTENT_TYPES_ENTRY); memmove(data + ipos, data + ipos + len, dataSize - ipos - len); dataSize -= len; ret = zipOverrideFileData(entry, data, (uint64_t)dataSize); OPENSSL_free(data); return ret; } /* * Append signature content types entry. * [in] zip: structure holds specific ZIP data * [in, out] entry: central directory structure * [returns] 0 on error or 1 on success */ static int appx_append_ct_signature_entry(ZIP_FILE *zip, ZIP_CENTRAL_DIRECTORY_ENTRY *entry) { uint8_t *data, *newData; const char *existingEntry, *cpos; size_t dataSize, newSize, ipos, len; int ret; dataSize = zipReadFileData(zip, &data, entry); if (dataSize <= 0) { return 0; /* FAILED */ } existingEntry = strstr((const char *)data, SIGNATURE_CONTENT_TYPES_ENTRY); if (existingEntry) { OPENSSL_free(data); return 1; /* do not append it twice */ } cpos = strstr((const char *)data, SIGNATURE_CONTENT_TYPES_CLOSING_TAG); if (!cpos) { fprintf(stderr, "%s parsing error\n", entry->fileName); OPENSSL_free(data); return 0; /* FAILED */ } ipos = (size_t)(cpos - (char *)data); len = strlen(SIGNATURE_CONTENT_TYPES_ENTRY); newSize = dataSize + len; newData = OPENSSL_malloc(newSize); memcpy(newData, data, ipos); memcpy(newData + ipos, SIGNATURE_CONTENT_TYPES_ENTRY, len); memcpy(newData + ipos + len, data + ipos, dataSize - ipos); ret = zipOverrideFileData(entry, newData, (uint64_t)newSize); OPENSSL_free(data); OPENSSL_free(newData); return ret; } /* * Get a hash algorithm specified in the AppxBlockMap.xml file. * [in] zip: structure holds specific ZIP data * [returns] one of SHA256/SHA384/SHA512 digest algorithms */ static const EVP_MD *appx_get_md(ZIP_FILE *zip) { uint8_t *data = NULL; char *start, *end, *pos; char *valueStart = NULL, *valueEnd = NULL; const EVP_MD *md = NULL; size_t slen, dataSize; dataSize = zipReadFileDataByName(&data, zip, BLOCK_MAP_FILENAME); if (dataSize <= 0) { fprintf(stderr, "Could not read: %s\n", BLOCK_MAP_FILENAME); return NULL; /* FAILED */ } start = strstr((const char *)data, HASH_METHOD_TAG); if (!start) { fprintf(stderr, "Parse error: tag: %s not found in %s\n", HASH_METHOD_TAG, BLOCK_MAP_FILENAME); OPENSSL_free(data); return NULL; /* FAILED */ } start += strlen(HASH_METHOD_TAG); if ((uint8_t *)start >= data + dataSize) { fprintf(stderr, "Parse error: data too short in %s\n", BLOCK_MAP_FILENAME); OPENSSL_free(data); return NULL; /* FAILED */ } end = strstr((const char *)start, ">"); if (!end) { fprintf(stderr, "Parse error: end of tag not found in %s\n", BLOCK_MAP_FILENAME); OPENSSL_free(data); return NULL; /* FAILED */ } for (pos = start; pos != end; pos++) { if (*pos == '"') { if (!valueStart) { valueStart = pos + 1; } else { valueEnd = pos - 1; } } } if (!valueStart || !valueEnd || valueEnd <= valueStart) { fprintf(stderr, "Parse error: value parse error in %s\n", BLOCK_MAP_FILENAME); OPENSSL_free(data); return NULL; /* FAILED */ } slen = (size_t)(valueEnd - valueStart + 1); if (strlen(HASH_METHOD_SHA256) == slen && !memcmp(valueStart, HASH_METHOD_SHA256, slen)) { printf("Hash method is SHA256\n"); md = EVP_sha256(); } else if (strlen(HASH_METHOD_SHA384) == slen && !memcmp(valueStart, HASH_METHOD_SHA384, slen)) { printf("Hash method is SHA384\n"); md = EVP_sha384(); } else if (strlen(HASH_METHOD_SHA512) == slen && !memcmp(valueStart, HASH_METHOD_SHA512, slen)) { printf("Hash method is SHA512\n"); md = EVP_sha512(); } else { fprintf(stderr, "Unsupported hash method\n"); OPENSSL_free(data); return NULL; /* FAILED */ } OPENSSL_free(data); return md; } /* * Get central directory structure entry. * [in] zip: structure holds specific ZIP data * [in] name: APPXBUNDLE_MANIFEST_FILENAME or CONTENT_TYPES_FILENAME * [returns] pointer to central directory structure */ static ZIP_CENTRAL_DIRECTORY_ENTRY *zipGetCDEntryByName(ZIP_FILE *zip, const char *name) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry; uint64_t noEntries = 0; for (entry = zip->centralDirectoryHead; entry != NULL; entry = entry->next) { if (noEntries >= zip->centralDirectoryRecordCount) { fprintf(stderr, "Corrupted central directory structure\n"); return NULL; /* FAILED */ } noEntries++; if (!entry->fileName || (entry->fileNameLen == 0)) { fprintf(stderr, "Corrupted file name\n"); return NULL; /* FAILED */ } if (!strcmp(entry->fileName, name)) { return entry; } } return NULL; /* FAILED */ } /* * Write central directory entry. * [out] bio: outdata file BIO * [out] sizeOnDisk: size of central directory structure * [in] entry: central directory structure * [in] offsetDiff: central directory offset * [returns] none */ static void zipWriteCentralDirectoryEntry(BIO *bio, uint64_t *sizeOnDisk, ZIP_CENTRAL_DIRECTORY_ENTRY *entry, uint64_t offsetDiff) { uint16_t zip64ChunkSize = 0; BIO_write(bio, PKZIP_CD_SIGNATURE, 4); bioAddU16(bio, entry->creatorVersion); bioAddU16(bio, entry->viewerVersion); bioAddU16(bio, entry->flags); bioAddU16(bio, entry->compression); bioAddU16(bio, entry->modTime); bioAddU16(bio, entry->modDate); bioAddU32(bio, entry->overrideData ? entry->overrideData->crc32 : entry->crc32); bioAddU32(bio, entry->compressedSizeInZip64 ? UINT32_MAX : entry->overrideData ? (uint32_t)entry->overrideData->compressedSize : (uint32_t)entry->compressedSize); bioAddU32(bio, entry->uncompressedSizeInZip64 ? UINT32_MAX : entry->overrideData ? (uint32_t)entry->overrideData->uncompressedSize : (uint32_t)entry->uncompressedSize); bioAddU16(bio, entry->fileNameLen); bioAddU16(bio, entry->extraFieldLen); bioAddU16(bio, entry->fileCommentLen); bioAddU16(bio, entry->diskNoInZip64 ? UINT16_MAX : (uint16_t)entry->diskNoStart); bioAddU16(bio, entry->internalAttr); bioAddU32(bio, entry->externalAttr); bioAddU32(bio, entry->offsetInZip64 ? UINT32_MAX : (uint32_t)(entry->offsetOfLocalHeader + offsetDiff)); if (entry->fileNameLen > 0 && entry->fileName) { BIO_write(bio, entry->fileName, entry->fileNameLen); } if (entry->uncompressedSizeInZip64) { zip64ChunkSize += 8; } if (entry->compressedSizeInZip64) { zip64ChunkSize += 8; } if (entry->offsetInZip64) { zip64ChunkSize += 8; } if (entry->diskNoInZip64) { zip64ChunkSize += 4; } if (zip64ChunkSize > 0) { bioAddU16(bio, ZIP64_HEADER); bioAddU16(bio, zip64ChunkSize); if (entry->uncompressedSizeInZip64) { bioAddU64(bio, entry->overrideData ? entry->overrideData->uncompressedSize : entry->uncompressedSize); } if (entry->compressedSizeInZip64) { bioAddU64(bio, entry->overrideData ? entry->overrideData->compressedSize : entry->compressedSize); } if (entry->offsetInZip64) { bioAddU64(bio, entry->offsetOfLocalHeader + offsetDiff); } if (entry->diskNoInZip64) { bioAddU32(bio, entry->diskNoStart); } } #if 0 if (entry->extraFieldLen > 0 && entry->extraField) { /* TODO, if override daata, need to rewrite the extra field */ BIO_write(bio, entry->extraField, entry->extraFieldLen); } #endif if (entry->fileCommentLen > 0 && entry->fileComment) { BIO_write(bio, entry->fileComment, entry->fileCommentLen); } *sizeOnDisk = (uint64_t)46 + entry->fileNameLen + entry->extraFieldLen + entry->fileCommentLen; } /* * Append signature file blob to outdata bio. * [out] bio: outdata file BIO * [in] zip: structure holds specific ZIP data * [in] data: pointer to signature file blob * [in] dataSize: signature file blob length * [returns] 0 on error or 1 on success */ static int zipAppendSignatureFile(BIO *bio, ZIP_FILE *zip, uint8_t *data, uint64_t dataSize) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry; ZIP_LOCAL_HEADER header; time_t tim; struct tm *timeinfo; uint64_t offset, crc, len, pos = 0, dummy = 0, written = 0; uint64_t size = dataSize, sizeToWrite = dataSize; uint8_t *dataToWrite = data; int ret; memset(&header, 0, sizeof(ZIP_LOCAL_HEADER)); dataToWrite = OPENSSL_malloc(dataSize); ret = zipDeflate(dataToWrite, &size, data, dataSize); if (ret != Z_OK) { fprintf(stderr, "Zip deflate failed: %d\n", ret); OPENSSL_free(dataToWrite); return 0; /* FAILED */ } sizeToWrite = size; time(&tim); timeinfo = localtime(&tim); header.version = 0x14; header.flags = 0; header.compression = COMPRESSION_DEFLATE; header.modTime = (uint16_t)(timeinfo->tm_hour << 11 | \ timeinfo->tm_min << 5 | \ timeinfo->tm_sec >> 1); header.modDate = (uint16_t)((timeinfo->tm_year - 80) << 9 | \ (timeinfo->tm_mon + 1) << 5 | \ timeinfo->tm_mday); size = dataSize; crc = crc32(0L, Z_NULL, 0); while (size > 0) { len = MIN(size, UINT32_MAX); crc = crc32(crc, data + pos, (uint32_t)len); pos += len; size -= len; } header.crc32 = (uint32_t)crc; header.uncompressedSize = dataSize; header.compressedSize = sizeToWrite; header.fileNameLen = (uint16_t)strlen(APP_SIGNATURE_FILENAME); /* this will be reassigned to CD entry and freed there */ header.fileName = OPENSSL_zalloc(header.fileNameLen + 1); memcpy(header.fileName, APP_SIGNATURE_FILENAME, header.fileNameLen); header.extraField = NULL; header.extraFieldLen = 0; if (!get_current_position(bio, &offset)) { fprintf(stderr, "Unable to get offset\n"); OPENSSL_free(dataToWrite); return 0; /* FAILED */ } zipWriteLocalHeader(bio, &dummy, &header); while (sizeToWrite > 0) { uint64_t toWrite = sizeToWrite < SIZE_64K ? sizeToWrite : SIZE_64K; size_t check; if (!BIO_write_ex(bio, dataToWrite + written, toWrite, &check) || check != toWrite) { OPENSSL_free(dataToWrite); return 0; /* FAILED */ } sizeToWrite -= toWrite; written += toWrite; } OPENSSL_free(dataToWrite); entry = OPENSSL_zalloc(sizeof(ZIP_CENTRAL_DIRECTORY_ENTRY)); entry->creatorVersion = 0x2D; entry->viewerVersion = header.version; entry->flags = header.flags; entry->compression = header.compression; entry->modTime = header.modTime; entry->modDate = header.modDate; entry->crc32 = header.crc32; entry->uncompressedSize = header.uncompressedSize; entry->compressedSize = header.compressedSize; /* take ownership of the fileName pointer */ entry->fileName = header.fileName; entry->fileNameLen = header.fileNameLen; entry->extraField = header.extraField; entry->extraFieldLen = header.extraFieldLen; entry->fileCommentLen = 0; entry->fileComment = NULL; entry->diskNoStart = 0; entry->offsetOfLocalHeader = offset; entry->next = NULL; entry->entryLen = entry->fileNameLen + entry->extraFieldLen + entry->fileCommentLen + 46; if (!zip->centralDirectoryHead) { zip->centralDirectoryHead = entry; } else { ZIP_CENTRAL_DIRECTORY_ENTRY *last = zip->centralDirectoryHead; while (last->next) { last = last->next; } last->next = entry; } return 1; /* OK */ } /* * Override file data. * [out] entry: central directory structure * [in] data: pointer to data * [in] dataSize: data size * [returns] 0 on error or 1 on success */ static int zipOverrideFileData(ZIP_CENTRAL_DIRECTORY_ENTRY *entry, uint8_t *data, uint64_t dataSize) { uint64_t crc, len, pos = 0, size = dataSize; int ret; if (entry->overrideData) { OPENSSL_free(entry->overrideData->data); OPENSSL_free(entry->overrideData); entry->overrideData = NULL; } entry->overrideData = OPENSSL_malloc(sizeof(ZIP_OVERRIDE_DATA)); entry->overrideData->data = OPENSSL_malloc(dataSize); crc = crc32(0L, Z_NULL, 0); while (size > 0) { len = MIN(size, UINT32_MAX); crc = crc32(crc, data + pos, (uint32_t)len); pos += len; size -= len; } entry->overrideData->crc32 = (uint32_t)crc; entry->overrideData->uncompressedSize = dataSize; size = dataSize; ret = zipDeflate(entry->overrideData->data, &size, data, dataSize); if (ret != Z_OK) { fprintf(stderr, "Zip deflate failed: %d\n", ret); return 0; /* FAILED */ } entry->overrideData->compressedSize = size; return 1; /* OK */ } /* * Rewrite data to outdata bio. * [in, out] zip: structure holds specific ZIP data * [out] entry: central directory structure * [out] bio: outdata file BIO * [out] sizeOnDisk: outdata size * [returns] 0 on error or 1 on success */ static int zipRewriteData(ZIP_FILE *zip, ZIP_CENTRAL_DIRECTORY_ENTRY *entry, BIO *bio, uint64_t *sizeOnDisk) { size_t check; ZIP_LOCAL_HEADER header; memset(&header, 0, sizeof(header)); if (entry->offsetOfLocalHeader >= (uint64_t)zip->fileSize) { fprintf(stderr, "Corrupted relative offset of local header : 0x%08" PRIX64 "\n", entry->offsetOfLocalHeader); return 0; /* FAILED */ } if (fseeko(zip->file, (int64_t)entry->offsetOfLocalHeader, SEEK_SET) < 0) { return 0; /* FAILED */ } if (!zipReadLocalHeader(&header, zip, entry->compressedSize)) { return 0; /* FAILED */ } if (entry->overrideData) { header.compressedSize = entry->overrideData->compressedSize; header.uncompressedSize = entry->overrideData->uncompressedSize; header.crc32 = entry->overrideData->crc32; } zipWriteLocalHeader(bio, sizeOnDisk, &header); if (entry->overrideData) { if (!BIO_write_ex(bio, entry->overrideData->data, entry->overrideData->compressedSize, &check) || check != entry->overrideData->compressedSize) { return 0; /* FAILED */ } if (entry->compressedSize > (uint64_t)zip->fileSize - entry->offsetOfLocalHeader) { fprintf(stderr, "Corrupted compressedSize : 0x%08" PRIX64 "\n", entry->compressedSize); return 0; /* FAILED */ } if (fseeko(zip->file, (int64_t)entry->compressedSize, SEEK_CUR) < 0) { return 0; /* FAILED */ } *sizeOnDisk += entry->overrideData->compressedSize; } else { uint64_t len = entry->compressedSize; uint8_t *data = OPENSSL_malloc(SIZE_64K); while (len > 0) { uint64_t toWrite = len < SIZE_64K ? len : SIZE_64K; size_t size = fread(data, 1, toWrite, zip->file); if (size != toWrite) { OPENSSL_free(data); return 0; /* FAILED */ } if (!BIO_write_ex(bio, data, toWrite, &check) || check != toWrite) { OPENSSL_free(data); return 0; /* FAILED */ } *sizeOnDisk += toWrite; len -= toWrite; } OPENSSL_free(data); } if (header.flags & DATA_DESCRIPTOR_BIT) { BIO_write(bio, PKZIP_DATA_DESCRIPTOR_SIGNATURE, 4); bioAddU32(bio, header.crc32); if (zip->isZip64) { bioAddU64(bio, header.compressedSize); bioAddU64(bio, header.uncompressedSize); } else { bioAddU32(bio, (uint32_t)header.compressedSize); bioAddU32(bio, (uint32_t)header.uncompressedSize); } if (zip->isZip64) { if (fseeko(zip->file, 24, SEEK_CUR) < 0) { return 0; /* FAILED */ } *sizeOnDisk += 24; } else { if (fseeko(zip->file, 16, SEEK_CUR) < 0) { return 0; /* FAILED */ } *sizeOnDisk += 16; } } OPENSSL_free(header.fileName); OPENSSL_free(header.extraField); return 1; /* OK */ } /* * Write local file header to outdata bio. * [out] bio: outdata file BIO * [out] sizeonDisk: data size * [in] header: local file header structure * [returns] none */ static void zipWriteLocalHeader(BIO *bio, uint64_t *sizeonDisk, ZIP_LOCAL_HEADER *header) { BIO_write(bio, PKZIP_LH_SIGNATURE, 4); bioAddU16(bio, header->version); bioAddU16(bio, header->flags); bioAddU16(bio, header->compression); bioAddU16(bio, header->modTime); bioAddU16(bio, header->modDate); if (header->flags & DATA_DESCRIPTOR_BIT) { bioAddU32(bio, 0); bioAddU32(bio, 0); bioAddU32(bio, 0); } else { bioAddU32(bio, header->crc32); bioAddU32(bio, header->compressedSizeInZip64 ? UINT32_MAX : (uint32_t)header->compressedSize); bioAddU32(bio, header->uncompressedSizeInZip64 ? UINT32_MAX : (uint32_t)header->uncompressedSize); } bioAddU16(bio, header->fileNameLen); bioAddU16(bio, header->extraFieldLen); if (header->fileNameLen > 0) { BIO_write(bio, header->fileName, header->fileNameLen); } if (header->extraFieldLen > 0) { BIO_write(bio, header->extraField, header->extraFieldLen); } *sizeonDisk = (uint64_t)30 + header->fileNameLen + header->extraFieldLen; } /* * Check if a given ZIP file exists. * [in] zip: structure holds specific ZIP data * [in] name: APP_SIGNATURE_FILENAME or CODE_INTEGRITY_FILENAME * [returns] 0 on error or 1 on success */ static int zipEntryExist(ZIP_FILE *zip, const char *name) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry; uint64_t noEntries = 0; for (entry = zip->centralDirectoryHead; entry != NULL; entry = entry->next) { if (noEntries >= zip->centralDirectoryRecordCount) { fprintf(stderr, "Corrupted central directory structure\n"); return 0; /* FAILED */ } noEntries++; if (!entry->fileName || (entry->fileNameLen == 0)) { fprintf(stderr, "Corrupted file name\n"); return 0; /* FAILED */ } if (!strcmp(entry->fileName, name)) { return 1; /* OK */ } } return 0; /* FAILED */ } /* * Calculate ZIP container file hash. * [in] zip: structure holds specific ZIP data * [in] fileName: one of ZIP container file * [in] md: message digest algorithm type * [returns] hash */ static u_char *zipCalcDigest(ZIP_FILE *zip, const char *fileName, const EVP_MD *md) { uint8_t *data = NULL; size_t dataSize; u_char *mdbuf = NULL; BIO *bhash; dataSize = zipReadFileDataByName(&data, zip, fileName); if (dataSize <= 0) { return NULL; /* FAILED */ } bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { fprintf(stderr, "Unable to set the message digest of BIO\n"); OPENSSL_free(data); BIO_free_all(bhash); return NULL; /* FAILED */ } BIO_push(bhash, BIO_new(BIO_s_null())); if (!bio_hash_data(bhash, (char *)data, 0, dataSize)) { OPENSSL_free(data); BIO_free_all(bhash); return NULL; /* FAILED */ } mdbuf = OPENSSL_malloc((size_t)EVP_MD_size(md)); BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md)); OPENSSL_free(data); BIO_free_all(bhash); return mdbuf; } /* * Read file data by name. * [out] pData: pointer to data * [in] zip: structure holds specific ZIP data * [in] name: one of ZIP container file * [returns] 0 on error or data size on success */ static size_t zipReadFileDataByName(uint8_t **pData, ZIP_FILE *zip, const char *name) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry; uint64_t noEntries = 0; for (entry = zip->centralDirectoryHead; entry != NULL; entry = entry->next) { if (noEntries >= zip->centralDirectoryRecordCount) { fprintf(stderr, "Corrupted central directory structure\n"); return 0; /* FAILED */ } noEntries++; if (!entry->fileName || (entry->fileNameLen == 0)) { fprintf(stderr, "Corrupted file name\n"); return 0; /* FAILED */ } if (!strcmp(entry->fileName, name)) { return zipReadFileData(zip, pData, entry); } } return 0; /* FAILED */ } /* * Read file data. * [in, out] zip: structure holds specific ZIP data * [out] pData: pointer to data * [in] entry: central directory structure * [returns] 0 on error or data size on success */ static size_t zipReadFileData(ZIP_FILE *zip, uint8_t **pData, ZIP_CENTRAL_DIRECTORY_ENTRY *entry) { FILE *file = zip->file; uint8_t *compressedData = NULL; uint64_t compressedSize = 0; uint64_t uncompressedSize = 0; size_t size, dataSize = 0; if (entry->offsetOfLocalHeader >= (uint64_t)zip->fileSize) { fprintf(stderr, "Corrupted relative offset of local header : 0x%08" PRIX64 "\n", entry->offsetOfLocalHeader); return 0; /* FAILED */ } if (fseeko(file, (int64_t)entry->offsetOfLocalHeader, SEEK_SET) < 0) { return 0; /* FAILED */ } if (entry->overrideData) { compressedSize = entry->overrideData->compressedSize; uncompressedSize = entry->overrideData->uncompressedSize; compressedData = OPENSSL_zalloc(compressedSize + 1); memcpy(compressedData, entry->overrideData->data, compressedSize); } else { ZIP_LOCAL_HEADER header; compressedSize = entry->compressedSize; uncompressedSize = entry->uncompressedSize; memset(&header, 0, sizeof(header)); if (!zipReadLocalHeader(&header, zip, compressedSize)) { return 0; /* FAILED */ } if (header.fileNameLen != entry->fileNameLen || memcmp(header.fileName, entry->fileName, header.fileNameLen) || header.compressedSize != compressedSize || header.uncompressedSize != uncompressedSize || header.compression != entry->compression) { fprintf(stderr, "Local header does not match central directory entry\n"); return 0; /* FAILED */ } /* we don't really need those */ OPENSSL_free(header.fileName); OPENSSL_free(header.extraField); if (compressedSize > (uint64_t)zip->fileSize - entry->offsetOfLocalHeader) { fprintf(stderr, "Corrupted compressedSize : 0x%08" PRIX64 "\n", entry->compressedSize); return 0; /* FAILED */ } compressedData = OPENSSL_zalloc(compressedSize + 1); size = fread(compressedData, 1, compressedSize, file); if (size != compressedSize) { OPENSSL_free(compressedData); return 0; /* FAILED */ } compressedData[compressedSize] = 0; } if (entry->compression == COMPRESSION_NONE) { if (compressedSize == 0) { OPENSSL_free(compressedData); return 0; /* FAILED */ } *pData = compressedData; dataSize = compressedSize; } else if (entry->compression == COMPRESSION_DEFLATE) { uint8_t *uncompressedData = OPENSSL_zalloc(uncompressedSize + 1); uint64_t destLen = uncompressedSize; uint64_t sourceLen = compressedSize; int ret; ret = zipInflate(uncompressedData, &destLen, compressedData, (uLong *)&sourceLen); OPENSSL_free(compressedData); if (ret != Z_OK) { fprintf(stderr, "Data decompresssion failed, zlib error: %d\n", ret); OPENSSL_free(uncompressedData); return 0; /* FAILED */ } else { if (destLen == 0) { OPENSSL_free(uncompressedData); return 0; /* FAILED */ } *pData = uncompressedData; dataSize = destLen; } } else { fprintf(stderr, "Unsupported compression mode: %d\n", entry->compression); OPENSSL_free(compressedData); return 0; /* FAILED */ } return dataSize; } /* * Read local file header from a ZIP file. * [out] header: local file header * [in, out] zip: structure holds specific ZIP data * [in] compressedSize: compressed size * [returns] 0 on error or 1 on success */ static int zipReadLocalHeader(ZIP_LOCAL_HEADER *header, ZIP_FILE *zip, uint64_t compressedSize) { char signature[4]; size_t size; FILE *file = zip->file; size = fread(signature, 1, 4, file); if (size != 4) { return 0; /* FAILED */ } if (memcmp(signature, PKZIP_LH_SIGNATURE, 4)) { fprintf(stderr, "The input file is not a valid zip file - local header signature does not match\n"); return 0; /* FAILED */ } /* version needed to extract (2 bytes) */ header->version = fileGetU16(file); /* general purpose bit flag (2 bytes) */ header->flags = fileGetU16(file); /* compression method (2 bytes) */ header->compression = fileGetU16(file); /* last mod file time (2 bytes) */ header->modTime = fileGetU16(file); /* last mod file date (2 bytes) */ header->modDate = fileGetU16(file); /* crc-32 (4 bytes) */ header->crc32 = fileGetU32(file); /* compressed size (4 bytes) */ header->compressedSize = fileGetU32(file); /* uncompressed size (4 bytes) */ header->uncompressedSize = fileGetU32(file); /* file name length (2 bytes) */ header->fileNameLen = fileGetU16(file); /* extra file name length (2 bytes) */ header->extraFieldLen = fileGetU16(file); /* file name (variable size) */ if (header->fileNameLen > 0) { header->fileName = OPENSSL_zalloc(header->fileNameLen + 1); size = fread(header->fileName, 1, header->fileNameLen, file); if (size != header->fileNameLen) { return 0; /* FAILED */ } header->fileName[header->fileNameLen] = 0; } else { header->fileName = NULL; } /* extra field (variable size) */ if (header->extraFieldLen > 0) { header->extraField = OPENSSL_zalloc(header->extraFieldLen + 1); size = fread(header->extraField, 1, header->extraFieldLen, file); if (size != header->extraFieldLen) { return 0; /* FAILED */ } header->extraField[header->extraFieldLen] = 0; } else { header->extraField = NULL; } if (header->flags & DATA_DESCRIPTOR_BIT) { /* Read data descriptor */ int64_t offset = ftello(file); if (offset < 0 || offset >= zip->fileSize) { return 0; /* FAILED */ } if (compressedSize > (uint64_t)(zip->fileSize - offset)) { fprintf(stderr, "Corrupted compressedSize : 0x%08" PRIX64 "\n", compressedSize); return 0; /* FAILED */ } if (fseeko(file, (int64_t)compressedSize, SEEK_CUR) < 0) { return 0; /* FAILED */ } size = fread(signature, 1, 4, file); if (size != 4) { return 0; /* FAILED */ } if (memcmp(signature, PKZIP_DATA_DESCRIPTOR_SIGNATURE, 4)) { fprintf(stderr, "The input file is not a valid zip file - flags indicate data descriptor, but data descriptor signature does not match\n"); OPENSSL_free(header->fileName); OPENSSL_free(header->extraField); return 0; /* FAILED */ } header->crc32 = fileGetU32(file); if (zip->isZip64) { header->compressedSize = fileGetU64(file); header->uncompressedSize = fileGetU64(file); } else { header->compressedSize = fileGetU32(file); header->uncompressedSize = fileGetU32(file); } if (fseeko(file, offset, SEEK_SET) < 0) { return 0; /* FAILED */ } } if (header->uncompressedSize == UINT32_MAX || header->compressedSize == UINT32_MAX) { if (header->extraFieldLen > 4) { uint64_t pos = 0; uint16_t len; uint16_t op = bufferGetU16(header->extraField, &pos); if (op != ZIP64_HEADER) { fprintf(stderr, "Expected zip64 header in local header extra field, got : 0x%X\n", op); OPENSSL_free(header->fileName); OPENSSL_free(header->extraField); header->fileName = NULL; header->extraField = NULL; return 0; /* FAILED */ } len = bufferGetU16(header->extraField, &pos); if (header->uncompressedSize == UINT32_MAX) { if (len >= 8) { header->uncompressedSize = bufferGetU64(header->extraField, &pos); header->uncompressedSizeInZip64 = 1; } else { fprintf(stderr, "Invalid zip64 local header entry\n"); OPENSSL_free(header->fileName); OPENSSL_free(header->extraField); header->fileName = NULL; header->extraField = NULL; return 0; /* FAILED */ } } if (header->compressedSize == UINT32_MAX) { if (len >= 16) { header->compressedSize = bufferGetU64(header->extraField, &pos); header->compressedSizeInZip64 = 1; } else { fprintf(stderr, "Invalid zip64 local header entry\n"); OPENSSL_free(header->fileName); OPENSSL_free(header->extraField); header->fileName = NULL; header->extraField = NULL; return 0; /* FAILED */ } } } else { OPENSSL_free(header->fileName); OPENSSL_free(header->extraField); header->fileName = NULL; header->extraField = NULL; return 0; /* FAILED */ } } return 1; /* OK */ } /* * Decompresses the source buffer into the destination buffer. * see: uncompress2(), but windowBits is set to –15 for raw inflate * https://github.com/madler/zlib/blob/09155eaa2f9270dc4ed1fa13e2b4b2613e6e4851/uncompr.c#L27 * [out] dest: destination buffer * [out] destLen: size of the decompressed data * [in] source: source buffer * [in] sourceLen: length of the source buffer * [returns] returns ZIP error or Z_OK if success */ static int zipInflate(uint8_t *dest, uint64_t *destLen, uint8_t *source, uLong *sourceLen) { z_stream stream; int err; const uInt max = (uInt)-1; /* 0xFFFFFFFF */ uLong len, left; /* for detection of incomplete stream when *destLen == 0 */ static u_char buf[] = { 0x00 }; /* reset stream */ memset(&stream, 0, sizeof stream); len = *sourceLen; if (*destLen) { left = *destLen; *destLen = 0; } else { left = 1; dest = buf; } stream.next_in = source; stream.avail_in = 0; stream.zalloc = (alloc_func)0; stream.zfree = (free_func)0; stream.opaque = (voidpf)0; err = inflateInit2(&stream, -MAX_WBITS); if (err != Z_OK) { return err; } stream.next_out = dest; stream.avail_out = 0; do { if (stream.avail_out == 0) { stream.avail_out = left > (uLong)max ? max : (uInt)left; left -= stream.avail_out; } if (stream.avail_in == 0) { stream.avail_in = len > (uLong)max ? max : (uInt)len; len -= stream.avail_in; } /* coverity[overrun-buffer-arg] max value 0xFFFFFFFF is intended */ err = inflate(&stream, Z_NO_FLUSH); } while (err == Z_OK); *sourceLen -= len + stream.avail_in; if (dest != buf) { *destLen = stream.total_out; } else if (stream.total_out && err == Z_BUF_ERROR) { left = 1; } inflateEnd(&stream); return err == Z_STREAM_END ? Z_OK : err == Z_NEED_DICT ? Z_DATA_ERROR : err == Z_BUF_ERROR && left + stream.avail_out ? Z_DATA_ERROR : err; } /* * Compresses the source buffer into the destination buffer. * see: compress2(), but windowBits is set to -15 for raw deflate * https://github.com/madler/zlib/blob/09155eaa2f9270dc4ed1fa13e2b4b2613e6e4851/compress.c#L22 * [out] dest: destination buffer * [out] destLen: actual size of the compressed buffer * [in] source: source buffer * [in] sourceLen: length of the source buffer * [in] level: deflateInit2 parameter (8) * [returns] returns ZIP error or Z_OK if success */ static int zipDeflate(uint8_t *dest, uint64_t *destLen, uint8_t *source, uLong sourceLen) { z_stream stream; int err; const uInt max = (uInt)-1; /* 0xFFFFFFFF */ uLong left; /* reset stream */ memset(&stream, 0, sizeof stream); left = *destLen; *destLen = 0; stream.zalloc = (alloc_func)0; stream.zfree = (free_func)0; stream.opaque = (voidpf)0; err = deflateInit2(&stream, 8, Z_DEFLATED, -MAX_WBITS, 8, Z_DEFAULT_STRATEGY); if (err != Z_OK) { return err; } stream.next_out = dest; stream.avail_out = 0; stream.next_in = source; stream.avail_in = 0; do { if (stream.avail_out == 0) { stream.avail_out = left > (uLong)max ? max : (uInt)left; left -= stream.avail_out; } if (stream.avail_in == 0) { stream.avail_in = sourceLen > (uLong)max ? max : (uInt)sourceLen; sourceLen -= stream.avail_in; } /* coverity[overrun-buffer-arg] max value 0xFFFFFFFF is intended */ err = deflate(&stream, sourceLen ? Z_NO_FLUSH : Z_FINISH); } while (err == Z_OK); #if 0 deflate(&stream, Z_SYNC_FLUSH); #endif *destLen = stream.total_out; deflateEnd(&stream); return err == Z_STREAM_END ? Z_OK : err; } /* * Open input file and create ZIP_FILE structure. * [in] filename: input file * [returns] pointer to ZIP_FILE structure */ static ZIP_FILE *openZip(const char *filename) { ZIP_FILE *zip; FILE *file = fopen(filename, "rb"); if (!file) { return NULL; /* FAILED */ } /* oncde we read eocdr, comment might be allocated and we need to take care of it -> create the ZIP_FILE structure */ zip = OPENSSL_zalloc(sizeof(ZIP_FILE)); zip->file = file; if (!readZipEOCDR(&zip->eocdr, file)) { freeZip(zip); return NULL; /* FAILED */ } if (fseeko(file, 0, SEEK_END) < 0) { freeZip(zip); return NULL; /* FAILED */ } zip->fileSize = ftello(file); if (zip->fileSize < 0) { freeZip(zip); return NULL; /* FAILED */ } if (zip->eocdr.centralDirectoryOffset == UINT32_MAX || zip->eocdr.centralDirectorySize == UINT32_MAX) { /* probably a zip64 file */ if (!readZip64EOCDLocator(&zip->locator, file)) { freeZip(zip); return NULL; /* FAILED */ } if (zip->locator.eocdOffset >= (uint64_t)zip->fileSize) { fprintf(stderr, "Corrupted end of central directory locator offset : 0x%08" PRIX64 "\n", zip->locator.eocdOffset); freeZip(zip); return 0; /* FAILED */ } if (!readZip64EOCDR(&zip->eocdr64, file, zip->locator.eocdOffset)) { freeZip(zip); return NULL; /* FAILED */ } zip->isZip64 = 1; zip->eocdrOffset = zip->locator.eocdOffset; zip->eocdrLen = zip->fileSize - (int64_t)zip->eocdrOffset; if (zip->eocdrLen < 0) { freeZip(zip); return NULL; /* FAILED */ } zip->centralDirectoryOffset = zip->eocdr64.centralDirectoryOffset; zip->centralDirectorySize = zip->eocdr64.centralDirectorySize; zip->centralDirectoryRecordCount = zip->eocdr64.totalEntries; } else { if (zip->fileSize < EOCDR_SIZE) { freeZip(zip); return NULL; /* FAILED */ } zip->eocdrOffset = (uint64_t)zip->fileSize - EOCDR_SIZE; zip->eocdrLen = EOCDR_SIZE; zip->centralDirectoryOffset = zip->eocdr.centralDirectoryOffset; zip->centralDirectorySize = zip->eocdr.centralDirectorySize; zip->centralDirectoryRecordCount = (uint64_t)zip->eocdr.totalEntries; if (zip->centralDirectoryRecordCount > UINT16_MAX) { fprintf(stderr, "Corrupted total number of entries in the central directory : 0x%08" PRIX64 "\n", zip->centralDirectoryRecordCount); freeZip(zip); return NULL; /* FAILED */ } } if (zip->centralDirectoryOffset >= (uint64_t)zip->fileSize) { fprintf(stderr, "Corrupted central directory offset : 0x%08" PRIX64 "\n", zip->centralDirectoryOffset); freeZip(zip); return NULL; /* FAILED */ } if (!zipReadCentralDirectory(zip, file)) { freeZip(zip); return NULL; /* FAILED */ } return zipSortCentralDirectory(zip); } /* * Free up ZIP_FILE structure. * [in] ZIP_FILE structure * [returns] none */ static void freeZip(ZIP_FILE *zip) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry, *next = NULL; uint64_t noEntries = 0; fclose(zip->file); OPENSSL_free(zip->eocdr.comment); OPENSSL_free(zip->eocdr64.comment); for (entry = zip->centralDirectoryHead; entry != NULL; entry = next) { if (noEntries > zip->centralDirectoryRecordCount) { printf("Warning: Corrupted central directory structure\n"); freeZipCentralDirectoryEntry(entry); return; } noEntries++; next = entry->next; freeZipCentralDirectoryEntry(entry); } OPENSSL_free(zip); } /* * Offset comparison function. * [in] a_ptr, b_ptr: pointers to ZIP_CENTRAL_DIRECTORY_ENTRY structure * [returns] entries order */ static int entry_compare(const ZIP_CENTRAL_DIRECTORY_ENTRY *const *a, const ZIP_CENTRAL_DIRECTORY_ENTRY *const *b) { return (*a)->offsetOfLocalHeader < (*b)->offsetOfLocalHeader ? -1 : 1; } /* * Sort central directory entries in ascending order by offset. * [in] zip: ZIP_FILE structure * [returns] pointer to sorted ZIP_FILE structure */ static ZIP_FILE *zipSortCentralDirectory(ZIP_FILE *zip) { uint64_t noEntries = 0; int i; ZIP_CENTRAL_DIRECTORY_ENTRY *entry; STACK_OF(ZIP_CENTRAL_DIRECTORY_ENTRY) *chain = sk_ZIP_CENTRAL_DIRECTORY_ENTRY_new(entry_compare); for (entry = zip->centralDirectoryHead; entry != NULL; entry = entry->next) { if (noEntries >= zip->centralDirectoryRecordCount) { fprintf(stderr, "Corrupted central directory structure\n"); sk_ZIP_CENTRAL_DIRECTORY_ENTRY_free(chain); freeZip(zip); return NULL; /* FAILED */ } noEntries++; if (!sk_ZIP_CENTRAL_DIRECTORY_ENTRY_push(chain, entry)) { fprintf(stderr, "Failed to add central directory entry\n"); sk_ZIP_CENTRAL_DIRECTORY_ENTRY_free(chain); freeZip(zip); return NULL; /* FAILED */ } } sk_ZIP_CENTRAL_DIRECTORY_ENTRY_sort(chain); zip->centralDirectoryHead = entry = sk_ZIP_CENTRAL_DIRECTORY_ENTRY_value(chain, 0); if (!entry) { fprintf(stderr, "Failed to get sorted central directory entry\n"); sk_ZIP_CENTRAL_DIRECTORY_ENTRY_free(chain); freeZip(zip); return NULL; /* FAILED */ } for (i=1; inext = sk_ZIP_CENTRAL_DIRECTORY_ENTRY_value(chain, i); entry = entry->next; } entry->next = NULL; sk_ZIP_CENTRAL_DIRECTORY_ENTRY_free(chain); return zip; } /* * Log additional output. * [in] ZIP_FILE structure * [returns] none */ static void zipPrintCentralDirectory(ZIP_FILE *zip) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry; uint64_t noEntries = 0; printf("Central directory entry count: %" PRIu64"\n", zip->centralDirectoryRecordCount); for (entry = zip->centralDirectoryHead; entry != NULL; entry = entry->next) { if (noEntries >= zip->centralDirectoryRecordCount) { printf("Warning: Corrupted central directory structure\n"); } noEntries++; printf("Name: %s Compressed: %" PRIu64" Uncompressed: %" PRIu64" Offset: %" PRIu64"\n", entry->fileName, entry->compressedSize, entry->uncompressedSize, entry->offsetOfLocalHeader); } } /* * Read central directory. * [in, out] zip: structure holds specific ZIP data * [in, out] file: FILE pointer to the input file * [returns] 0 on error or 1 on success */ static int zipReadCentralDirectory(ZIP_FILE *zip, FILE *file) { ZIP_CENTRAL_DIRECTORY_ENTRY *prev = NULL; uint64_t i; if (fseeko(file, (int64_t)zip->centralDirectoryOffset, SEEK_SET) < 0) { return 0; /* FAILED */ } for (i = 0; i < zip->centralDirectoryRecordCount; i++) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry = zipReadNextCentralDirectoryEntry(file); if (!entry) { return 0; /* FAILED */ } if (prev) { prev->next = entry; } else if (!zip->centralDirectoryHead) { zip->centralDirectoryHead = entry; } else { fprintf(stderr, "Corrupted central directory structure\n"); OPENSSL_free(entry); return 0; /* FAILED */ } prev = entry; } return 1; /* OK */ } /* * Initialize central directory structure. * [in] file: FILE pointer to the input file * [returns] pointer to the central directory structure */ static ZIP_CENTRAL_DIRECTORY_ENTRY *zipReadNextCentralDirectoryEntry(FILE *file) { ZIP_CENTRAL_DIRECTORY_ENTRY *entry; char signature[4]; size_t size = fread(signature, 1, 4, file); if (size != 4) { return NULL; /* FAILED */ } if (memcmp(signature, PKZIP_CD_SIGNATURE, 4)) { fprintf(stderr, "The input file is not a valid zip file - could not find Central Directory record\n"); return NULL; /* FAILED */ } entry = OPENSSL_zalloc(sizeof(ZIP_CENTRAL_DIRECTORY_ENTRY)); entry->fileOffset = ftello(file) - 4; if (entry->fileOffset < 0) { freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } /* version made by (2 bytes) */ entry->creatorVersion = fileGetU16(file); /* version needed to extract (2 bytes) */ entry->viewerVersion = fileGetU16(file); /* general purpose bit flag (2 bytes) */ entry->flags = fileGetU16(file); /* compression method (2 bytes) */ entry->compression = fileGetU16(file); /* last mod file time (2 bytes) */ entry->modTime = fileGetU16(file); /* last mod file date (2 bytes) */ entry->modDate = fileGetU16(file); /* crc-32 (4 bytes) */ entry->crc32 = fileGetU32(file); /* compressed size (4 bytes), 0xFFFFFFFF for ZIP64 format */ entry->compressedSize = fileGetU32(file); /* uncompressed size (4 bytes), 0xFFFFFFFF for ZIP64 format */ entry->uncompressedSize = fileGetU32(file); /* file name length (2 bytes) */ entry->fileNameLen = fileGetU16(file); /* extra field length (2 bytes) */ entry->extraFieldLen = fileGetU16(file); /* file comment length (2 bytes) */ entry->fileCommentLen = fileGetU16(file); /* disk number start (2 bytes), 0xFFFFFFFF for ZIP64 format */ entry->diskNoStart = fileGetU16(file); /* internal file attributes (2 bytes) */ entry->internalAttr = fileGetU16(file); /* external file attributes (4 bytes) */ entry->externalAttr = fileGetU32(file); /* relative offset of local header (4 bytes), 0xFFFFFFFF for ZIP64 format */ entry->offsetOfLocalHeader = fileGetU32(file); /* file name (variable size) */ if (entry->fileNameLen > 0) { entry->fileName = OPENSSL_zalloc(entry->fileNameLen + 1); size = fread(entry->fileName, 1, entry->fileNameLen, file); if (size != entry->fileNameLen) { freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } entry->fileName[entry->fileNameLen] = 0; } /* extra field (variable size) */ if (entry->extraFieldLen > 0) { entry->extraField = OPENSSL_zalloc(entry->extraFieldLen + 1); size = fread(entry->extraField, 1, entry->extraFieldLen, file); if (size != entry->extraFieldLen) { freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } entry->extraField[entry->extraFieldLen] = 0; } /* file comment (variable size) */ if (entry->fileCommentLen > 0) { entry->fileComment = OPENSSL_zalloc(entry->fileCommentLen + 1); size = fread(entry->fileComment, 1, entry->fileCommentLen, file); if (size != entry->fileCommentLen) { freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } entry->fileComment[entry->fileCommentLen] = 0; } if (entry->uncompressedSize == UINT32_MAX || entry->compressedSize == UINT32_MAX || entry->offsetOfLocalHeader == UINT32_MAX || entry->diskNoStart == UINT16_MAX) { if (entry->extraFieldLen > 4) { uint64_t pos = 0; uint64_t len; uint16_t header = bufferGetU16(entry->extraField, &pos); if (header != ZIP64_HEADER) { fprintf(stderr, "Expected zip64 header in central directory extra field, got : 0x%X\n", header); freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } len = bufferGetU16(entry->extraField, &pos); if (entry->uncompressedSize == UINT32_MAX) { if (len >= 8) { entry->uncompressedSize = bufferGetU64(entry->extraField, &pos); entry->uncompressedSizeInZip64 = 1; } else { fprintf(stderr, "Invalid zip64 central directory entry\n"); freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } } if (entry->compressedSize == UINT32_MAX) { if (len >= 16) { entry->compressedSize = bufferGetU64(entry->extraField, &pos); entry->compressedSizeInZip64 = 1; } else { fprintf(stderr, "Invalid zip64 central directory entry\n"); freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } } if (entry->offsetOfLocalHeader == UINT32_MAX) { if (len >= 24) { entry->offsetOfLocalHeader = bufferGetU64(entry->extraField, &pos); entry->offsetInZip64 = 1; } else { fprintf(stderr, "Invalid zip64 central directory entry\n"); freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } } if (entry->diskNoStart == UINT16_MAX) { if (len >= 28) { entry->diskNoStart = bufferGetU32(entry->extraField, &pos); entry->diskNoInZip64 = 1; } else { fprintf(stderr, "Invalid zip64 central directory entry\n"); freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } } } else { freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } } entry->entryLen = ftello(file) - entry->fileOffset; if (entry->entryLen < 0) { freeZipCentralDirectoryEntry(entry); return NULL; /* FAILED */ } return entry; } /* * Free up central directory structure. * [in] central directory structure * [returns] none */ static void freeZipCentralDirectoryEntry(ZIP_CENTRAL_DIRECTORY_ENTRY *entry) { OPENSSL_free(entry->fileName); OPENSSL_free(entry->extraField); OPENSSL_free(entry->fileComment); if (entry->overrideData) { OPENSSL_free(entry->overrideData->data); } OPENSSL_free(entry->overrideData); OPENSSL_free(entry); } /* * Read Zip end of central directory record. * [out] eocdr: end of central directory record * [in, out] file: FILE pointer to the input file * [returns] 0 on error or 1 on success */ static int readZipEOCDR(ZIP_EOCDR *eocdr, FILE *file) { char signature[4]; size_t size; if (fseeko(file, -EOCDR_SIZE, SEEK_END) < 0) { return 0; /* FAILED */ } size = fread(signature, 1, 4, file); if (size != 4) { return 0; /* FAILED */ } if (memcmp(signature, PKZIP_EOCDR_SIGNATURE, 4)) { /* Not a valid ZIP file - could not find End of Central Directory record */ return 0; /* FAILED */ } /* number of this disk (2 bytes) */ eocdr->diskNumber = fileGetU16(file); /* number of the disk with the start of the central directory (2 bytes) */ eocdr->centralDirectoryDiskNumber = fileGetU16(file); /* total number of entries in the central directory on this disk (2 bytes) */ eocdr->diskEntries = fileGetU16(file); /* total number of entries in the central directory (2 bytes) */ eocdr->totalEntries = fileGetU16(file); /* size of the central directory (4 bytes) */ eocdr->centralDirectorySize = fileGetU32(file); /* offset of start of central directory with respect * to the starting disk number (4 bytes) */ eocdr->centralDirectoryOffset = fileGetU32(file); /* .ZIP file comment length (2 bytes) */ eocdr->commentLen = fileGetU16(file); #if 0 if (eocdr->centralDirectoryDiskNumber > 1 || eocdr->diskNumber > 1 || eocdr->centralDirectoryDiskNumber != eocdr->diskNumber || eocdr->diskEntries != eocdr->totalEntries) { fprintf(stderr, "The input file is a multipart archive - not supported\n"); return 0; /* FAILED */ } #endif if (eocdr->commentLen > 0) { eocdr->comment = OPENSSL_zalloc(eocdr->commentLen + 1); size = fread(eocdr->comment, 1, eocdr->commentLen, file); if (size != eocdr->commentLen) { return 0; /* FAILED */ } eocdr->comment[eocdr->commentLen] = 0; } else { eocdr->comment = NULL; } return 1; /* OK */ } /* * Read Zip64 end of central directory locator. * [out] locator: Zip64 end of central directory locator * [in, out] file: FILE pointer to the input file * [returns] 0 on error or 1 on success */ static int readZip64EOCDLocator(ZIP64_EOCD_LOCATOR *locator, FILE *file) { char signature[4]; size_t size; if (fseeko(file, -(EOCDR_SIZE + ZIP64_EOCD_LOCATOR_SIZE), SEEK_END) < 0) { return 0; /* FAILED */ } size = fread(signature, 1, 4, file); if (size != 4) { return 0; /* FAILED */ } if (memcmp(signature, PKZIP64_EOCD_LOCATOR_SIGNATURE, 4)) { fprintf(stderr, "The input file is not a valid zip file - could not find zip64 EOCD locator\n"); return 0; /* FAILED */ } locator->diskWithEOCD = fileGetU32(file); locator->eocdOffset = fileGetU64(file); locator->totalNumberOfDisks = fileGetU32(file); return 1; /* OK */ } /* * Read Zip64 end of central directory record * [out] eocdr: Zip64 end of central directory record * [in, out] file: FILE pointer to the input file * [in] offset: eocdr struct offset in the file * [returns] 0 on error or 1 on success */ static int readZip64EOCDR(ZIP64_EOCDR *eocdr, FILE *file, uint64_t offset) { char signature[4]; size_t size; if (fseeko(file, (int64_t)offset, SEEK_SET) < 0) { return 0; /* FAILED */ } size = fread(signature, 1, 4, file); if (size != 4) { return 0; /* FAILED */ } if (memcmp(signature, PKZIP64_EOCDR_SIGNATURE, 4)) { fprintf(stderr, "The input file is not a valid zip file - could not find zip64 End of Central Directory record\n"); return 0; /* FAILED */ } /* size of zip64 end of central directory record (8 bytes) */ eocdr->eocdrSize = fileGetU64(file); /* version made by (2 bytes) */ eocdr->creatorVersion = fileGetU16(file); /* version needed to extract (2 bytes) */ eocdr->viewerVersion = fileGetU16(file); /* number of this disk (4 bytes) */ eocdr->diskNumber = fileGetU32(file); /* number of the disk with the start of the central directory (4 bytes) */ eocdr->diskWithCentralDirectory = fileGetU32(file); /* total number of entries in the central directory on this disk (8 bytes) */ eocdr->diskEntries = fileGetU64(file); /* total number of entries in the central directory (8 bytes) */ eocdr->totalEntries = fileGetU64(file); /* size of the central directory (8 bytes) */ eocdr->centralDirectorySize = fileGetU64(file); /* offset of start of central directory with respect * to the starting disk number (8 bytes) */ eocdr->centralDirectoryOffset = fileGetU64(file); /* zip64 extensible data sector (comment) */ eocdr->commentLen = eocdr->eocdrSize - 44; if (eocdr->commentLen > UINT16_MAX) { fprintf(stderr, "Corrupted file comment length : 0x%08" PRIX64 "\n", eocdr->commentLen); return 0; /* FAILED */ } if (eocdr->commentLen > 0) { eocdr->comment = OPENSSL_malloc(eocdr->commentLen); size = fread(eocdr->comment, 1, eocdr->commentLen, file); if (size != eocdr->commentLen) { return 0; /* FAILED */ } } if (eocdr->diskWithCentralDirectory > 1 || eocdr->diskNumber > 1 || eocdr->diskWithCentralDirectory != eocdr->diskNumber || eocdr->totalEntries != eocdr->diskEntries) { fprintf(stderr, "The input file is a multipart archive - not supported\n"); return 0; /* FAILED */ } return 1; /* OK */ } static int get_current_position(BIO *bio, uint64_t *offset) { FILE *file = NULL; int64_t pos; BIO_get_fp(bio, &file); pos = ftello(file); if (pos < 0) { return 0; /* FAILED */ } *offset = (uint64_t)pos; return 1; /* OK */ } static uint64_t fileGetU64(FILE *file) { uint64_t l = fileGetU32(file); uint64_t h = fileGetU32(file); /* coverity[byte_swapping] */ return h << 32 | l; } /* coverity[ -tainted_data_return ] */ static uint32_t fileGetU32(FILE *file) { uint8_t b[4]; size_t size = fread(b, 1, 4, file); if (size != 4) { return 0; /* FAILED */ } return (uint32_t)(b[3] << 24 | b[2] << 16 | b[1] << 8 | b[0]); } /* coverity[ -tainted_data_return ] */ static uint16_t fileGetU16(FILE *file) { uint8_t b[2]; size_t size = fread(b, 1, 2, file); if (size != 2) { return 0; /* FAILED */ } return (uint16_t)(b[1] << 8 | b[0]); } static uint64_t bufferGetU64(uint8_t *buffer, uint64_t *pos) { uint64_t l = bufferGetU32(buffer, pos); uint64_t h = bufferGetU32(buffer, pos); return h << 32 | l; } static uint32_t bufferGetU32(uint8_t *buffer, uint64_t *pos) { uint32_t ret = (uint32_t)(buffer[*pos + 3] << 24 | \ buffer[*pos + 2] << 16 | \ buffer[*pos + 1] << 8 | \ buffer[*pos]); *pos += 4; return ret; } static uint16_t bufferGetU16(uint8_t *buffer, uint64_t *pos) { uint16_t ret = (uint16_t)(buffer[*pos + 1] << 8 | buffer[*pos]); *pos += 2; return ret; } void bioAddU64(BIO *bio, uint64_t v) { uint32_t l = v & UINT32_MAX; uint32_t h = (uint32_t)(v >> 32); bioAddU32(bio, l); bioAddU32(bio, h); } static void bioAddU32(BIO *bio, uint32_t v) { uint8_t b[4]; b[0] = (u_char)((v) & UINT8_MAX); b[1] = (u_char)(((v) >> 8) & UINT8_MAX); b[2] = (u_char)(((v) >> 16) & UINT8_MAX); b[3] = (u_char)(((v) >> 24) & UINT8_MAX); BIO_write(bio, b, 4); } static void bioAddU16(BIO *bio, uint16_t v) { uint8_t b[2]; b[0] = (u_char)((v) & UINT8_MAX); b[1] = (u_char)(((v) >> 8) & UINT8_MAX); BIO_write(bio, b, 2); } /* Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: */ osslsigncode-2.9/cab.c000066400000000000000000001016221464004761700147640ustar00rootroot00000000000000/* * CAB file support library * * Copyright (C) 2021-2023 Michał Trojnara * Author: Małgorzata Olszówka * * Reference specifications: * https://www.file-recovery.com/cab-signature-format.htm * https://learn.microsoft.com/en-us/previous-versions/ms974336(v=msdn.10) */ #include "osslsigncode.h" #include "helpers.h" /* * FLAG_PREV_CABINET is set if the cabinet file is not the first in a set * of cabinet files. When this bit is set, the szCabinetPrev and szDiskPrev * fields are present in this CFHEADER. */ #define FLAG_PREV_CABINET 0x0001 /* * FLAG_NEXT_CABINET is set if the cabinet file is not the last in a set of * cabinet files. When this bit is set, the szCabinetNext and szDiskNext * fields are present in this CFHEADER. */ #define FLAG_NEXT_CABINET 0x0002 /* * FLAG_RESERVE_PRESENT is set if the cabinet file contains any reserved * fields. When this bit is set, the cbCFHeader, cbCFFolder, and cbCFData * fields are present in this CFHEADER. */ #define FLAG_RESERVE_PRESENT 0x0004 struct cab_ctx_st { uint32_t header_size; uint32_t sigpos; uint32_t siglen; uint32_t fileend; uint16_t flags; }; /* FILE_FORMAT method prototypes */ static FILE_FORMAT_CTX *cab_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata); static ASN1_OBJECT *cab_obsolete_link_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx); static PKCS7 *cab_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md); static int cab_hash_length_get(FILE_FORMAT_CTX *ctx); static u_char *cab_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md); static int cab_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7); static PKCS7 *cab_pkcs7_extract(FILE_FORMAT_CTX *ctx); static PKCS7 *cab_pkcs7_extract_to_nest(FILE_FORMAT_CTX *ctx); static int cab_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static int cab_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static PKCS7 *cab_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash); static int cab_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); static void cab_update_data_size(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); static void cab_bio_free(BIO *hash, BIO *outdata); static void cab_ctx_cleanup(FILE_FORMAT_CTX *ctx); static int cab_is_detaching_supported(void); FILE_FORMAT file_format_cab = { .ctx_new = cab_ctx_new, .data_blob_get = cab_obsolete_link_get, .pkcs7_contents_get = cab_pkcs7_contents_get, .hash_length_get = cab_hash_length_get, .digest_calc = cab_digest_calc, .verify_digests = cab_verify_digests, .pkcs7_extract = cab_pkcs7_extract, .pkcs7_extract_to_nest = cab_pkcs7_extract_to_nest, .remove_pkcs7 = cab_remove_pkcs7, .process_data = cab_process_data, .pkcs7_signature_new = cab_pkcs7_signature_new, .append_pkcs7 = cab_append_pkcs7, .update_data_size = cab_update_data_size, .bio_free = cab_bio_free, .ctx_cleanup = cab_ctx_cleanup, .is_detaching_supported = cab_is_detaching_supported }; /* Prototypes */ static CAB_CTX *cab_ctx_get(char *indata, uint32_t filesize); static int cab_add_jp_attribute(PKCS7 *p7, int jp); static size_t cab_write_optional_names(BIO *outdata, char *indata, size_t len, uint16_t flags); static int cab_modify_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static int cab_add_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static int cab_check_file(FILE_FORMAT_CTX *ctx); /* * FILE_FORMAT method definitions */ /* * Allocate and return a CAB file format context. * [in, out] options: structure holds the input data * [out] hash: message digest BIO * [in] outdata: outdata file BIO * [returns] pointer to CAB file format context */ static FILE_FORMAT_CTX *cab_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata) { FILE_FORMAT_CTX *ctx; CAB_CTX *cab_ctx; uint32_t filesize; filesize = get_file_size(options->infile); if (filesize == 0) return NULL; /* FAILED */ options->indata = map_file(options->infile, filesize); if (!options->indata) { return NULL; /* FAILED */ } if (memcmp(options->indata, "MSCF", 4)) { unmap_file(options->indata, filesize); return NULL; /* FAILED */ } cab_ctx = cab_ctx_get(options->indata, filesize); if (!cab_ctx) { unmap_file(options->indata, filesize); return NULL; /* FAILED */ } ctx = OPENSSL_malloc(sizeof(FILE_FORMAT_CTX)); ctx->format = &file_format_cab; ctx->options = options; ctx->cab_ctx = cab_ctx; /* Push hash on outdata, if hash is NULL the function does nothing */ BIO_push(hash, outdata); if (options->pagehash == 1) printf("Warning: -ph option is only valid for PE files\n"); if (options->add_msi_dse == 1) printf("Warning: -add-msi-dse option is only valid for MSI files\n"); return ctx; } /* * Allocate and return SpcLink object. * [out] p: SpcLink data * [out] plen: SpcLink data length * [in] ctx: structure holds input and output data (unused) * [returns] pointer to ASN1_OBJECT structure corresponding to SPC_CAB_DATA_OBJID */ static ASN1_OBJECT *cab_obsolete_link_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx) { ASN1_OBJECT *dtype; SpcLink *link = spc_link_obsolete_get(); /* squash the unused parameter warning */ (void)ctx; *plen = i2d_SpcLink(link, NULL); *p = OPENSSL_malloc((size_t)*plen); i2d_SpcLink(link, p); *p -= *plen; dtype = OBJ_txt2obj(SPC_CAB_DATA_OBJID, 1); SpcLink_free(link); return dtype; /* OK */ } /* * Allocate and return a data content to be signed. * [in] ctx: structure holds input and output data * [in] hash: message digest BIO * [in] md: message digest algorithm * [returns] data content */ static PKCS7 *cab_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md) { ASN1_OCTET_STRING *content; /* squash the unused parameter warning, use initialized message digest BIO */ (void)md; /* Strip current signature and modify header */ if (ctx->cab_ctx->header_size == 20) { if (!cab_modify_header(ctx, hash, NULL)) return NULL; /* FAILED */ } else { if (!cab_add_header(ctx, hash, NULL)) return NULL; /* FAILED */ } content = spc_indirect_data_content_get(hash, ctx); return pkcs7_set_content(content); } /* * [in] ctx: structure holds input and output data * [returns] the size of the message digest when passed an EVP_MD structure (the size of the hash) */ static int cab_hash_length_get(FILE_FORMAT_CTX *ctx) { return EVP_MD_size(ctx->options->md); } /* * Compute a message digest value of the signed or unsigned CAB file. * [in] ctx: structure holds input and output data * [in] md: message digest algorithm * [returns] pointer to calculated message digest */ static u_char *cab_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md) { uint32_t idx, fileend, coffFiles; u_char *mdbuf = NULL; BIO *bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(bhash); return 0; /* FAILED */ } BIO_push(bhash, BIO_new(BIO_s_null())); /* u1 signature[4] 4643534D MSCF: 0-3 */ BIO_write(bhash, ctx->options->indata, 4); /* u4 reserved1 00000000: 4-7 skipped */ if (ctx->cab_ctx->sigpos) { uint16_t nfolders, flags; /* * u4 cbCabinet - size of this cabinet file in bytes: 8-11 * u4 reserved2 00000000: 12-15 */ BIO_write(bhash, ctx->options->indata + 8, 8); /* u4 coffFiles - offset of the first CFFILE entry: 16-19 */ coffFiles = GET_UINT32_LE(ctx->options->indata + 16); BIO_write(bhash, ctx->options->indata + 16, 4); /* * u4 reserved3 00000000: 20-23 * u1 versionMinor 03: 24 * u1 versionMajor 01: 25 */ BIO_write(bhash, ctx->options->indata + 20, 6); /* u2 cFolders - number of CFFOLDER entries in this cabinet: 26-27 */ nfolders = GET_UINT16_LE(ctx->options->indata + 26); BIO_write(bhash, ctx->options->indata + 26, 2); /* u2 cFiles - number of CFFILE entries in this cabinet: 28-29 */ BIO_write(bhash, ctx->options->indata + 28, 2); /* u2 flags: 30-31 */ flags = GET_UINT16_LE(ctx->options->indata + 30); BIO_write(bhash, ctx->options->indata + 30, 2); /* u2 setID must be the same for all cabinets in a set: 32-33 */ BIO_write(bhash, ctx->options->indata + 32, 2); /* * u2 iCabinet - number of this cabinet file in a set: 34-35 skipped * u2 cbCFHeader: 36-37 skipped * u1 cbCFFolder: 38 skipped * u1 cbCFData: 39 skipped * u22 abReserve: 40-55 skipped * - Additional data offset: 44-47 skipped * - Additional data size: 48-51 skipped */ /* u22 abReserve: 56-59 */ BIO_write(bhash, ctx->options->indata + 56, 4); idx = 60; fileend = ctx->cab_ctx->sigpos; /* TODO */ if (flags & FLAG_PREV_CABINET) { uint8_t byte; /* szCabinetPrev */ do { byte = GET_UINT8_LE(ctx->options->indata + idx); BIO_write(bhash, ctx->options->indata + idx, 1); idx++; } while (byte && idx < fileend); /* szDiskPrev */ do { byte = GET_UINT8_LE(ctx->options->indata + idx); BIO_write(bhash, ctx->options->indata + idx, 1); idx++; } while (byte && idx < fileend); } if (flags & FLAG_NEXT_CABINET) { uint8_t byte; /* szCabinetNext */ do { byte = GET_UINT8_LE(ctx->options->indata + idx); BIO_write(bhash, ctx->options->indata + idx, 1); idx++; } while (byte && idx < fileend); /* szDiskNext */ do { byte = GET_UINT8_LE(ctx->options->indata + idx); BIO_write(bhash, ctx->options->indata + idx, 1); idx++; } while (byte && idx < fileend); } /* * (u8 * cFolders) CFFOLDER - structure contains information about * one of the folders or partial folders stored in this cabinet file */ while (nfolders && idx < fileend) { BIO_write(bhash, ctx->options->indata + idx, 8); idx += 8; nfolders--; } if (idx != coffFiles) { fprintf(stderr, "Corrupt coffFiles value: 0x%08X\n", coffFiles); BIO_free_all(bhash); return 0; /* FAILED */ } } else { /* read what's left of the unsigned CAB file */ idx = 8; fileend = ctx->cab_ctx->fileend; } /* (variable) ab - the compressed data bytes */ if (!bio_hash_data(bhash, ctx->options->indata, idx, fileend)) { fprintf(stderr, "Unable to calculate digest\n"); BIO_free_all(bhash); return 0; /* FAILED */ } mdbuf = OPENSSL_malloc((size_t)EVP_MD_size(md)); BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md)); BIO_free_all(bhash); return mdbuf; /* OK */ } /* * Calculate message digest and compare to value retrieved from PKCS#7 signedData. * [in] ctx: structure holds input and output data * [in] p7: PKCS#7 signature * [returns] 0 on error or 1 on success */ static int cab_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) { int mdtype = -1; const EVP_MD *md; u_char mdbuf[EVP_MAX_MD_SIZE]; u_char *cmdbuf; if (is_content_type(p7, SPC_INDIRECT_DATA_OBJID)) { ASN1_STRING *content_val = p7->d.sign->contents->d.other->value.sequence; const u_char *p = content_val->data; SpcIndirectDataContent *idc = d2i_SpcIndirectDataContent(NULL, &p, content_val->length); if (idc) { if (idc->messageDigest && idc->messageDigest->digest && idc->messageDigest->digestAlgorithm) { mdtype = OBJ_obj2nid(idc->messageDigest->digestAlgorithm->algorithm); memcpy(mdbuf, idc->messageDigest->digest->data, (size_t)idc->messageDigest->digest->length); } SpcIndirectDataContent_free(idc); } } if (mdtype == -1) { fprintf(stderr, "Failed to extract current message digest\n\n"); return 0; /* FAILED */ } md = EVP_get_digestbynid(mdtype); cmdbuf = cab_digest_calc(ctx, md); if (!cmdbuf) { fprintf(stderr, "Failed to calculate message digest\n\n"); return 0; /* FAILED */ } if (!compare_digests(mdbuf, cmdbuf, mdtype)) { fprintf(stderr, "Signature verification: failed\n\n"); OPENSSL_free(cmdbuf); return 0; /* FAILED */ } OPENSSL_free(cmdbuf); return 1; /* OK */ } /* * Extract existing signature in DER format. * [in] ctx: structure holds input and output data * pointer to PKCS#7 structure */ static PKCS7 *cab_pkcs7_extract(FILE_FORMAT_CTX *ctx) { const u_char *blob; if (!cab_check_file(ctx)) { return NULL; /* FAILED */ } blob = (u_char *)ctx->options->indata + ctx->cab_ctx->sigpos; return d2i_PKCS7(NULL, &blob, ctx->cab_ctx->siglen); } /* * Extract existing signature in DER format. * [in] ctx: structure holds input and output data * pointer to PKCS#7 structure */ static PKCS7 *cab_pkcs7_extract_to_nest(FILE_FORMAT_CTX *ctx) { return cab_pkcs7_extract(ctx); } /* * Remove existing signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO (unused) * [out] outdata: outdata file BIO * [returns] 1 on error or 0 on success */ static int cab_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { size_t idx, written, len; uint32_t tmp; uint16_t nfolders, flags; char *buf; /* squash the unused parameter warning */ (void)hash; if (!cab_check_file(ctx)) { return 1; /* FAILED, no signature */ } buf = OPENSSL_malloc(SIZE_64K); /* * u1 signature[4] 4643534D MSCF: 0-3 * u4 reserved1 00000000: 4-7 */ BIO_write(outdata, ctx->options->indata, 8); /* u4 cbCabinet - size of this cabinet file in bytes: 8-11 */ tmp = GET_UINT32_LE(ctx->options->indata + 8) - 24; PUT_UINT32_LE(tmp, buf); BIO_write(outdata, buf, 4); /* u4 reserved2 00000000: 12-15 */ BIO_write(outdata, ctx->options->indata + 12, 4); /* u4 coffFiles - offset of the first CFFILE entry: 16-19 */ tmp = GET_UINT32_LE(ctx->options->indata + 16) - 24; PUT_UINT32_LE(tmp, buf); BIO_write(outdata, buf, 4); /* * u4 reserved3 00000000: 20-23 * u1 versionMinor 03: 24 * u1 versionMajor 01: 25 * u2 cFolders - number of CFFOLDER entries in this cabinet: 26-27 * u2 cFiles - number of CFFILE entries in this cabinet: 28-29 */ BIO_write(outdata, ctx->options->indata + 20, 10); /* u2 flags: 30-31 */ flags = GET_UINT16_LE(ctx->options->indata + 30); /* coverity[result_independent_of_operands] only least significant byte is affected */ PUT_UINT16_LE(flags & (FLAG_PREV_CABINET | FLAG_NEXT_CABINET), buf); BIO_write(outdata, buf, 2); /* * u2 setID must be the same for all cabinets in a set: 32-33 * u2 iCabinet - number of this cabinet file in a set: 34-35 */ BIO_write(outdata, ctx->options->indata + 32, 4); idx = cab_write_optional_names(outdata, ctx->options->indata, 60, flags); if (idx >= ctx->cab_ctx->fileend) { fprintf(stderr, "Corrupt CAB file - too short\n"); OPENSSL_free(buf); return 0; /* FAILED */ } /* * (u8 * cFolders) CFFOLDER - structure contains information about * one of the folders or partial folders stored in this cabinet file */ nfolders = GET_UINT16_LE(ctx->options->indata + 26); if (nfolders * 8 >= ctx->cab_ctx->fileend - idx) { fprintf(stderr, "Corrupt cFolders value: 0x%08X\n", nfolders); OPENSSL_free(buf); return 0; /* FAILED */ } while (nfolders) { tmp = GET_UINT32_LE(ctx->options->indata + idx); tmp -= 24; PUT_UINT32_LE(tmp, buf); BIO_write(outdata, buf, 4); BIO_write(outdata, ctx->options->indata + idx + 4, 4); idx += 8; nfolders--; } OPENSSL_free(buf); /* Write what's left - the compressed data bytes */ len = ctx->cab_ctx->fileend - ctx->cab_ctx->siglen - idx; while (len > 0) { if (!BIO_write_ex(outdata, ctx->options->indata + idx, len, &written)) return 1; /* FAILED */ len -= written; idx += written; } return 0; /* OK */ } /* * Modify specific type data and calculate a hash (message digest) of data. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] 1 on error or 0 on success */ static int cab_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { /* Strip current signature and modify header */ if (ctx->cab_ctx->header_size == 20) { if (!cab_modify_header(ctx, hash, outdata)) return 0; /* FAILED */ } else { if (!cab_add_header(ctx, hash, outdata)) return 0; /* FAILED */ } return 1; /* OK */ } /* * Create a new PKCS#7 signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [returns] pointer to PKCS#7 structure */ static PKCS7 *cab_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash) { ASN1_OCTET_STRING *content; PKCS7 *p7 = pkcs7_create(ctx); if (!p7) { fprintf(stderr, "Creating a new signature failed\n"); return NULL; /* FAILED */ } if (ctx->options->jp >= 0 && !cab_add_jp_attribute(p7, ctx->options->jp)) { fprintf(stderr, "Adding jp attribute failed\n"); PKCS7_free(p7); return NULL; /* FAILED */ } if (!add_indirect_data_object(p7)) { fprintf(stderr, "Adding SPC_INDIRECT_DATA_OBJID failed\n"); PKCS7_free(p7); return NULL; /* FAILED */ } content = spc_indirect_data_content_get(hash, ctx); if (!content) { fprintf(stderr, "Failed to get spcIndirectDataContent\n"); return NULL; /* FAILED */ } if (!sign_spc_indirect_data_content(p7, content)) { fprintf(stderr, "Failed to set signed content\n"); PKCS7_free(p7); ASN1_OCTET_STRING_free(content); return NULL; /* FAILED */ } ASN1_OCTET_STRING_free(content); return p7; } /* * Append signature to the outfile. * [in, out] ctx: structure holds input and output data (unused) * [out] outdata: outdata file BIO * [in] p7: PKCS#7 signature * [returns] 1 on error or 0 on success */ static int cab_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) { u_char *p = NULL; int len; /* signature length */ int padlen; /* signature padding length */ /* squash the unused parameter warning */ (void)ctx; if (((len = i2d_PKCS7(p7, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { fprintf(stderr, "i2d_PKCS memory allocation failed: %d\n", len); return 1; /* FAILED */ } i2d_PKCS7(p7, &p); p -= len; padlen = len % 8 ? 8 - len % 8 : 0; BIO_write(outdata, p, len); /* pad (with 0's) asn1 blob to 8 byte boundary */ if (padlen > 0) { memset(p, 0, (size_t)padlen); BIO_write(outdata, p, padlen); } OPENSSL_free(p); return 0; /* OK */ } /* * Update additional data size. * Additional data size is located at offset 0x30 (from file beginning) * and consist of 4 bytes (little-endian order). * [in, out] ctx: structure holds input and output data * [out] outdata: outdata file BIO * [in] p7: PKCS#7 signature * [returns] none */ static void cab_update_data_size(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) { int len, padlen; u_char buf[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; /* squash the unused parameter warning */ (void)ctx; if (!p7) { /* CMD_REMOVE * additional header does not exist so additional data size is unused */ return; } (void)BIO_seek(outdata, 0x30); len = i2d_PKCS7(p7, NULL); padlen = len % 8 ? 8 - len % 8 : 0; PUT_UINT32_LE(len + padlen, buf); BIO_write(outdata, buf, 4); } /* * Free up an entire message digest BIO chain. * [out] hash: message digest BIO * [out] outdata: outdata file BIO (unused) * [returns] none */ static void cab_bio_free(BIO *hash, BIO *outdata) { /* squash the unused parameter warning */ (void)outdata; BIO_free_all(hash); } /* * Deallocate a FILE_FORMAT_CTX structure and CAB format specific structure, * unmap indata file. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [in] outdata: outdata file BIO * [returns] none */ static void cab_ctx_cleanup(FILE_FORMAT_CTX *ctx) { unmap_file(ctx->options->indata, ctx->cab_ctx->fileend); OPENSSL_free(ctx->cab_ctx); OPENSSL_free(ctx); } static int cab_is_detaching_supported(void) { return 1; /* OK */ } /* * CAB helper functions */ /* * Verify mapped CAB file and create CAB format specific structure. * [in] indata: mapped CAB file * [in] filesize: size of CAB file * [returns] pointer to CAB format specific structure */ static CAB_CTX *cab_ctx_get(char *indata, uint32_t filesize) { CAB_CTX *cab_ctx; uint32_t reserved, header_size = 0, sigpos = 0, siglen = 0; uint16_t flags; if (filesize < 44) { fprintf(stderr, "CAB file is too short\n"); return NULL; /* FAILED */ } reserved = GET_UINT32_LE(indata + 4); if (reserved) { fprintf(stderr, "Reserved1: 0x%08X\n", reserved); return NULL; /* FAILED */ } /* flags specify bit-mapped values that indicate the presence of optional data */ flags = GET_UINT16_LE(indata + 30); if (flags & FLAG_PREV_CABINET) { /* FLAG_NEXT_CABINET works */ fprintf(stderr, "Multivolume cabinet file is unsupported: flags 0x%04X\n", flags); return NULL; /* FAILED */ } if (flags & FLAG_RESERVE_PRESENT) { /* * Additional headers is located at offset 36 (cbCFHeader, cbCFFolder, cbCFData); * size of header (4 bytes, little-endian order) must be 20 (checkpoint). */ header_size = GET_UINT32_LE(indata + 36); if (header_size != 20) { fprintf(stderr, "Additional header size: 0x%08X\n", header_size); return NULL; /* FAILED */ } reserved = GET_UINT32_LE(indata + 40); if (reserved != 0x00100000) { fprintf(stderr, "abReserved: 0x%08X\n", reserved); return NULL; /* FAILED */ } /* * File size is defined at offset 8, however if additional header exists, this size is not valid. * sigpos - additional data offset is located at offset 44 (from file beginning) * and consist of 4 bytes (little-endian order) * siglen - additional data size is located at offset 48 (from file beginning) * and consist of 4 bytes (little-endian order) * If there are additional headers, size of the CAB archive file is calcualted * as additional data offset plus additional data size. */ sigpos = GET_UINT32_LE(indata + 44); siglen = GET_UINT32_LE(indata + 48); if ((sigpos < filesize && sigpos + siglen != filesize) || (sigpos >= filesize)) { fprintf(stderr, "Additional data offset:\t%u bytes\nAdditional data size:\t%u bytes\n", sigpos, siglen); fprintf(stderr, "File size:\t\t%u bytes\n", filesize); return NULL; /* FAILED */ } if ((sigpos > 0 && siglen == 0) || (sigpos == 0 && siglen > 0)) { fprintf(stderr, "Corrupt signature\n"); return NULL; /* FAILED */ } } cab_ctx = OPENSSL_zalloc(sizeof(CAB_CTX)); cab_ctx->header_size = header_size; cab_ctx->sigpos = sigpos; cab_ctx->siglen = siglen; cab_ctx->fileend = filesize; cab_ctx->flags = flags; return cab_ctx; /* OK */ } /* * Add level of permissions in Microsoft Internet Explorer 4.x for CAB files, * only low level is supported. * [in, out] p7: PKCS#7 signature * [in] jp: low (0) level * [returns] 0 on error or 1 on success */ static int cab_add_jp_attribute(PKCS7 *p7, int jp) { STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_SIGNER_INFO *si; ASN1_STRING *astr; const u_char *attrs = NULL; const u_char java_attrs_low[] = { 0x30, 0x06, 0x03, 0x02, 0x00, 0x01, 0x30, 0x00 }; signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return 0; /* FAILED */ si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return 0; /* FAILED */ switch (jp) { case 0: attrs = java_attrs_low; break; case 1: /* XXX */ case 2: /* XXX */ default: break; } if (attrs) { astr = ASN1_STRING_new(); ASN1_STRING_set(astr, attrs, sizeof java_attrs_low); return PKCS7_add_signed_attribute(si, OBJ_txt2nid(MS_JAVA_SOMETHING), V_ASN1_SEQUENCE, astr); } return 1; /* OK */ } /* * Write name of previous and next cabinet file. * Multivolume cabinet file is unsupported TODO. * [out] outdata: outdata file BIO * [in] indata: mapped CAB file * [in] len: offset * [in] flags: FLAG_PREV_CABINET, FLAG_NEXT_CABINET * [returns] offset */ static size_t cab_write_optional_names(BIO *outdata, char *indata, size_t i, uint16_t flags) { if (flags & FLAG_PREV_CABINET) { /* szCabinetPrev */ while (GET_UINT8_LE(indata + i)) { BIO_write(outdata, indata + i, 1); i++; } BIO_write(outdata, indata + i, 1); i++; /* szDiskPrev */ while (GET_UINT8_LE(indata + i)) { BIO_write(outdata, indata + i, 1); i++; } BIO_write(outdata, indata + i, 1); i++; } if (flags & FLAG_NEXT_CABINET) { /* szCabinetNext */ while (GET_UINT8_LE(indata + i)) { BIO_write(outdata, indata + i, 1); i++; } BIO_write(outdata, indata + i, 1); i++; /* szDiskNext */ while (GET_UINT8_LE(indata + i)) { BIO_write(outdata, indata + i, 1); i++; } BIO_write(outdata, indata + i, 1); i++; } return i; } /* * Modify CAB header. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] 0 on error or 1 on success */ static int cab_modify_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { size_t idx, written, len; uint16_t nfolders, flags; u_char buf[] = {0x00, 0x00}; /* u1 signature[4] 4643534D MSCF: 0-3 */ BIO_write(hash, ctx->options->indata, 4); /* u4 reserved1 00000000: 4-7 */ BIO_write(outdata, ctx->options->indata + 4, 4); /* * u4 cbCabinet - size of this cabinet file in bytes: 8-11 * u4 reserved2 00000000: 12-15 * u4 coffFiles - offset of the first CFFILE entry: 16-19 * u4 reserved3 00000000: 20-23 * u1 versionMinor 03: 24 * u1 versionMajor 01: 25 * u2 cFolders - number of CFFOLDER entries in this cabinet: 26-27 * u2 cFiles - number of CFFILE entries in this cabinet: 28-29 */ BIO_write(hash, ctx->options->indata + 8, 22); /* u2 flags: 30-31 */ flags = GET_UINT16_LE(ctx->options->indata + 30); PUT_UINT16_LE(flags, buf); BIO_write(hash, buf, 2); /* u2 setID must be the same for all cabinets in a set: 32-33 */ BIO_write(hash, ctx->options->indata + 32, 2); /* * u2 iCabinet - number of this cabinet file in a set: 34-35 * u2 cbCFHeader: 36-37 * u1 cbCFFolder: 38 * u1 cbCFData: 39 * u16 abReserve: 40-55 * - Additional data offset: 44-47 * - Additional data size: 48-51 */ BIO_write(outdata, ctx->options->indata + 34, 22); /* u4 abReserve: 56-59 */ BIO_write(hash, ctx->options->indata + 56, 4); idx = cab_write_optional_names(outdata, ctx->options->indata, 60, flags); if (idx >= ctx->cab_ctx->fileend) { fprintf(stderr, "Corrupt CAB file - too short\n"); return 0; /* FAILED */ } /* * (u8 * cFolders) CFFOLDER - structure contains information about * one of the folders or partial folders stored in this cabinet file */ nfolders = GET_UINT16_LE(ctx->options->indata + 26); if (nfolders * 8 >= ctx->cab_ctx->fileend - idx) { fprintf(stderr, "Corrupt cFolders value: 0x%08X\n", nfolders); return 0; /* FAILED */ } while (nfolders) { BIO_write(hash, ctx->options->indata + idx, 8); idx += 8; nfolders--; } /* Write what's left - the compressed data bytes */ len = ctx->cab_ctx->sigpos - idx; while (len > 0) { if (!BIO_write_ex(hash, ctx->options->indata + idx, len, &written)) return 0; /* FAILED */ len -= written; idx += written; } return 1; /* OK */ } /* * Add signed CAB header. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] 0 on error or 1 on success */ static int cab_add_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { size_t idx, written, len; uint32_t tmp; uint16_t nfolders, flags; u_char cabsigned[] = { 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0xde, 0xad, 0xbe, 0xef, /* size of cab file */ 0xde, 0xad, 0xbe, 0xef, /* size of asn1 blob */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; char *buf = OPENSSL_malloc(SIZE_64K); memset(buf, 0, SIZE_64K); /* u1 signature[4] 4643534D MSCF: 0-3 */ BIO_write(hash, ctx->options->indata, 4); /* u4 reserved1 00000000: 4-7 */ BIO_write(outdata, ctx->options->indata + 4, 4); /* u4 cbCabinet - size of this cabinet file in bytes: 8-11 */ tmp = GET_UINT32_LE(ctx->options->indata + 8) + 24; PUT_UINT32_LE(tmp, buf); BIO_write(hash, buf, 4); /* u4 reserved2 00000000: 12-15 */ BIO_write(hash, ctx->options->indata + 12, 4); /* u4 coffFiles - offset of the first CFFILE entry: 16-19 */ tmp = GET_UINT32_LE(ctx->options->indata + 16) + 24; PUT_UINT32_LE(tmp, buf + 4); BIO_write(hash, buf + 4, 4); /* * u4 reserved3 00000000: 20-23 * u1 versionMinor 03: 24 * u1 versionMajor 01: 25 * u2 cFolders - number of CFFOLDER entries in this cabinet: 26-27 * u2 cFiles - number of CFFILE entries in this cabinet: 28-29 */ memcpy(buf + 4, ctx->options->indata + 20, 10); flags = GET_UINT16_LE(ctx->options->indata + 30); buf[4+10] = (char)flags | FLAG_RESERVE_PRESENT; /* u2 setID must be the same for all cabinets in a set: 32-33 */ memcpy(buf + 16, ctx->options->indata + 32, 2); BIO_write(hash, buf + 4, 14); /* u2 iCabinet - number of this cabinet file in a set: 34-35 */ BIO_write(outdata, ctx->options->indata + 34, 2); memcpy(cabsigned + 8, buf, 4); BIO_write(outdata, cabsigned, 20); BIO_write(hash, cabsigned+20, 4); idx = cab_write_optional_names(outdata, ctx->options->indata, 36, flags); if (idx >= ctx->cab_ctx->fileend) { fprintf(stderr, "Corrupt CAB file - too short\n"); OPENSSL_free(buf); return 0; /* FAILED */ } /* * (u8 * cFolders) CFFOLDER - structure contains information about * one of the folders or partial folders stored in this cabinet file */ nfolders = GET_UINT16_LE(ctx->options->indata + 26); if (nfolders * 8 >= ctx->cab_ctx->fileend - idx) { fprintf(stderr, "Corrupt cFolders value: 0x%08X\n", nfolders); OPENSSL_free(buf); return 0; /* FAILED */ } while (nfolders) { tmp = GET_UINT32_LE(ctx->options->indata + idx); tmp += 24; PUT_UINT32_LE(tmp, buf); BIO_write(hash, buf, 4); BIO_write(hash, ctx->options->indata + idx + 4, 4); idx += 8; nfolders--; } OPENSSL_free(buf); /* Write what's left - the compressed data bytes */ len = ctx->cab_ctx->fileend - idx; while (len > 0) { if (!BIO_write_ex(hash, ctx->options->indata + idx, len, &written)) return 0; /* FAILED */ len -= written; idx += written; } return 1; /* OK */ } /* * Check if the signature exists. * [in, out] ctx: structure holds input and output data * [returns] 0 on error or 1 on success */ static int cab_check_file(FILE_FORMAT_CTX *ctx) { if (!ctx) { fprintf(stderr, "Init error\n"); return 0; /* FAILED */ } if (ctx->cab_ctx->header_size != 20) { fprintf(stderr, "No signature found\n"); return 0; /* FAILED */ } if (ctx->cab_ctx->sigpos == 0 || ctx->cab_ctx->siglen == 0 || ctx->cab_ctx->sigpos > ctx->cab_ctx->fileend) { fprintf(stderr, "No signature found\n"); return 0; /* FAILED */ } return 1; /* OK */ } /* Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: */ osslsigncode-2.9/cat.c000066400000000000000000000353621464004761700150150ustar00rootroot00000000000000/* * CAT file support library * * Copyright (C) 2021-2023 Michał Trojnara * Author: Małgorzata Olszówka * * Catalog files are a bit odd, in that they are only a PKCS7 blob. * CAT files do not support nesting (multiple signature) */ #include "osslsigncode.h" #include "helpers.h" typedef struct { ASN1_BMPSTRING *tag; ASN1_INTEGER *flags; ASN1_OCTET_STRING *value; } CatNameValueContent; DECLARE_ASN1_FUNCTIONS(CatNameValueContent) ASN1_SEQUENCE(CatNameValueContent) = { ASN1_SIMPLE(CatNameValueContent, tag, ASN1_BMPSTRING), ASN1_SIMPLE(CatNameValueContent, flags, ASN1_INTEGER), ASN1_SIMPLE(CatNameValueContent, value, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(CatNameValueContent) IMPLEMENT_ASN1_FUNCTIONS(CatNameValueContent) struct cat_ctx_st { uint32_t sigpos; uint32_t siglen; uint32_t fileend; PKCS7 *p7; }; /* FILE_FORMAT method prototypes */ static FILE_FORMAT_CTX *cat_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata); static int cat_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7); static PKCS7 *cat_pkcs7_extract(FILE_FORMAT_CTX *ctx); static PKCS7 *cat_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash); static int cat_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); static void cat_bio_free(BIO *hash, BIO *outdata); static void cat_ctx_cleanup(FILE_FORMAT_CTX *ctx); FILE_FORMAT file_format_cat = { .ctx_new = cat_ctx_new, .verify_digests = cat_verify_digests, .pkcs7_extract = cat_pkcs7_extract, .pkcs7_signature_new = cat_pkcs7_signature_new, .append_pkcs7 = cat_append_pkcs7, .bio_free = cat_bio_free, .ctx_cleanup = cat_ctx_cleanup, }; /* Prototypes */ static CAT_CTX *cat_ctx_get(char *indata, uint32_t filesize); static int cat_add_ms_ctl_object(PKCS7 *p7); static int cat_sign_ms_ctl_content(PKCS7 *p7, PKCS7 *contents); static int cat_list_content(PKCS7 *p7); static int cat_print_content_member_digest(ASN1_TYPE *content); static int cat_print_content_member_name(ASN1_TYPE *content); static void cat_print_base64(ASN1_OCTET_STRING *value); static void cat_print_utf16_as_ascii(ASN1_OCTET_STRING *value); static int cat_check_file(FILE_FORMAT_CTX *ctx); /* * FILE_FORMAT method definitions */ /* * Allocate and return a CAT file format context. * [in, out] options: structure holds the input data * [out] hash: message digest BIO (unused) * [in] outdata: outdata file BIO (unused) * [returns] pointer to CAT file format context */ static FILE_FORMAT_CTX *cat_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata) { FILE_FORMAT_CTX *ctx; CAT_CTX *cat_ctx; uint32_t filesize; if (options->cmd == CMD_REMOVE || options->cmd==CMD_ATTACH || options->cmd == CMD_EXTRACT_DATA) { fprintf(stderr, "Unsupported command\n"); return NULL; /* FAILED */ } filesize = get_file_size(options->infile); if (filesize == 0) return NULL; /* FAILED */ options->indata = map_file(options->infile, filesize); if (!options->indata) { return NULL; /* FAILED */ } cat_ctx = cat_ctx_get(options->indata, filesize); if (!cat_ctx) { unmap_file(options->indata, filesize); return NULL; /* FAILED */ } ctx = OPENSSL_malloc(sizeof(FILE_FORMAT_CTX)); ctx->format = &file_format_cat; ctx->options = options; ctx->cat_ctx = cat_ctx; /* Push hash on outdata, if hash is NULL the function does nothing */ BIO_push(hash, outdata); if (options->cmd == CMD_VERIFY) printf("Warning: Use -catalog option to verify that a file, listed in catalog file, is signed\n"); if (options->jp >= 0) printf("Warning: -jp option is only valid for CAB files\n"); if (options->pagehash == 1) printf("Warning: -ph option is only valid for PE files\n"); if (options->add_msi_dse == 1) printf("Warning: -add-msi-dse option is only valid for MSI files\n"); return ctx; } /* * ContentInfo value is the inner content of pkcs7-signedData. * An extra verification is not necessary when a content type data * is the inner content of the signed-data type. */ static int cat_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) { /* squash unused parameter warnings */ (void)ctx; (void)p7; return 1; /* OK */ } /* * Extract existing signature in DER format. * [in] ctx: structure holds input and output data * [returns] pointer to PKCS#7 structure */ static PKCS7 *cat_pkcs7_extract(FILE_FORMAT_CTX *ctx) { if (!cat_check_file(ctx)) { return NULL; /* FAILED */ } return PKCS7_dup(ctx->cat_ctx->p7); } /* * Create a new PKCS#7 signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO (unused) * [returns] pointer to PKCS#7 structure */ static PKCS7 *cat_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash) { PKCS7 *p7 = NULL; /* squash unused parameter warnings */ (void)hash; p7 = pkcs7_create(ctx); if (!p7) { fprintf(stderr, "Creating a new signature failed\n"); return NULL; /* FAILED */ } if (!cat_add_ms_ctl_object(p7)) { fprintf(stderr, "Adding MS_CTL_OBJID failed\n"); PKCS7_free(p7); return NULL; /* FAILED */ } if (!ctx->cat_ctx->p7 || !ctx->cat_ctx->p7->d.sign || !ctx->cat_ctx->p7->d.sign->contents) { fprintf(stderr, "Failed to get content\n"); PKCS7_free(p7); return NULL; /* FAILED */ } if (!cat_sign_ms_ctl_content(p7, ctx->cat_ctx->p7->d.sign->contents)) { fprintf(stderr, "Failed to set signed content\n"); PKCS7_free(p7); return NULL; /* FAILED */ } return p7; /* OK */ } /* * Append signature to the outfile. * [in, out] ctx: structure holds input and output data * [out] outdata: outdata file BIO * [in] p7: PKCS#7 signature * [returns] 1 on error or 0 on success */ static int cat_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) { return data_write_pkcs7(ctx, outdata, p7); } /* * Free up an entire message digest BIO chain. * [out] hash: message digest BIO * [out] outdata: outdata file BIO (unused) * [returns] none */ static void cat_bio_free(BIO *hash, BIO *outdata) { /* squash the unused parameter warning */ (void)outdata; BIO_free_all(hash); } /* * Deallocate a FILE_FORMAT_CTX structure and CAT format specific structure, * unmap indata file. * [in, out] ctx: structure holds all input and output data * [out] hash: message digest BIO * [in] outdata: outdata file BIO * [returns] none */ static void cat_ctx_cleanup(FILE_FORMAT_CTX *ctx) { unmap_file(ctx->options->indata, ctx->cat_ctx->fileend); PKCS7_free(ctx->cat_ctx->p7); OPENSSL_free(ctx->cat_ctx); OPENSSL_free(ctx); } /* * CAT helper functions */ /* * Verify mapped PKCS#7 (CAT) file and create CAT format specific structure. * [in] indata: mapped file * [in] filesize: size of file * [returns] pointer to CAT format specific structure */ static CAT_CTX *cat_ctx_get(char *indata, uint32_t filesize) { CAT_CTX *cat_ctx; PKCS7 *p7; p7 = pkcs7_read_data(indata, filesize); if (!p7) return NULL; /* FAILED */ if (!PKCS7_type_is_signed(p7)) { PKCS7_free(p7); return NULL; /* FAILED */ } cat_ctx = OPENSSL_zalloc(sizeof(CAT_CTX)); cat_ctx->p7 = p7; cat_ctx->sigpos = 0; cat_ctx->siglen = filesize; cat_ctx->fileend = filesize; return cat_ctx; /* OK */ } /* * Add "1.3.6.1.4.1.311.10.1" MS_CTL_OBJID signed attribute * [in, out] p7: new PKCS#7 signature * [returns] 0 on error or 1 on success */ static int cat_add_ms_ctl_object(PKCS7 *p7) { STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_SIGNER_INFO *si; signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return 0; /* FAILED */ si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return 0; /* FAILED */ if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, OBJ_txt2obj(MS_CTL_OBJID, 1))) return 0; /* FAILED */ return 1; /* OK */ } /* * Sign the MS CTL blob. * Certificate Trust List (CTL) is a list of file names or thumbprints. * All the items in this list are authenticated (approved) by the signing entity. * [in, out] p7: new PKCS#7 signature * [in] contents: Certificate Trust List (CTL) * [returns] 0 on error or 1 on success */ static int cat_sign_ms_ctl_content(PKCS7 *p7, PKCS7 *contents) { u_char *content; int seqhdrlen, content_length; if (!contents->d.other || !contents->d.other->value.sequence || !contents->d.other->value.sequence->data) { fprintf(stderr, "Failed to get content value\n"); return 0; /* FAILED */ } seqhdrlen = asn1_simple_hdr_len(contents->d.other->value.sequence->data, contents->d.other->value.sequence->length); content = contents->d.other->value.sequence->data + seqhdrlen; content_length = contents->d.other->value.sequence->length - seqhdrlen; if (!pkcs7_sign_content(p7, content, content_length)) { fprintf(stderr, "Failed to sign content\n"); return 0; /* FAILED */ } if (!PKCS7_set_content(p7, PKCS7_dup(contents))) { fprintf(stderr, "PKCS7_set_content failed\n"); return 0; /* FAILED */ } return 1; /* OK */ } /* * Print each member of the CAT file by using the "-verbose" option. * [in, out] p7: catalog file to verify * [returns] 1 on error or 0 on success */ static int cat_list_content(PKCS7 *p7) { MsCtlContent *ctlc; int i; ctlc = ms_ctl_content_get(p7); if (!ctlc) { fprintf(stderr, "Failed to extract MS_CTL_OBJID data\n"); return 1; /* FAILED */ } printf("\nCatalog members:\n"); for (i = 0; i < sk_CatalogInfo_num(ctlc->header_attributes); i++) { int j, found = 0; CatalogInfo *header_attr = sk_CatalogInfo_value(ctlc->header_attributes, i); if (header_attr == NULL) continue; for (j = 0; j < sk_CatalogAuthAttr_num(header_attr->attributes); j++) { char object_txt[128]; CatalogAuthAttr *attribute; ASN1_TYPE *content; attribute = sk_CatalogAuthAttr_value(header_attr->attributes, j); if (!attribute) continue; content = catalog_content_get(attribute); if (!content) continue; object_txt[0] = 0x00; OBJ_obj2txt(object_txt, sizeof object_txt, attribute->type, 1); if (!strcmp(object_txt, CAT_NAMEVALUE_OBJID)) { /* CAT_NAMEVALUE_OBJID OID: 1.3.6.1.4.1.311.12.2.1 */ found |= cat_print_content_member_name(content); } else if (!strcmp(object_txt, SPC_INDIRECT_DATA_OBJID)) { /* SPC_INDIRECT_DATA_OBJID OID: 1.3.6.1.4.1.311.2.1.4 */ found |= cat_print_content_member_digest(content); } ASN1_TYPE_free(content); } if (found) printf("\n"); } MsCtlContent_free(ctlc); ERR_print_errors_fp(stderr); return 0; /* OK */ } /* * Print a hash algorithm and a message digest from the SPC_INDIRECT_DATA_OBJID attribute. * [in] content: catalog file content * [returns] 0 on error or 1 on success */ static int cat_print_content_member_digest(ASN1_TYPE *content) { SpcIndirectDataContent *idc; u_char mdbuf[EVP_MAX_MD_SIZE]; const u_char *data ; int mdtype = -1; ASN1_STRING *value; value = content->value.sequence; data = ASN1_STRING_get0_data(value); idc = d2i_SpcIndirectDataContent(NULL, &data, ASN1_STRING_length(value)); if (!idc) return 0; /* FAILED */ if (idc->messageDigest && idc->messageDigest->digest && idc->messageDigest->digestAlgorithm) { /* get a digest algorithm a message digest of the file from the content */ mdtype = OBJ_obj2nid(idc->messageDigest->digestAlgorithm->algorithm); memcpy(mdbuf, idc->messageDigest->digest->data, (size_t)idc->messageDigest->digest->length); } SpcIndirectDataContent_free(idc); if (mdtype == -1) { fprintf(stderr, "Failed to extract current message digest\n\n"); return 0; /* FAILED */ } printf("\tHash algorithm: %s\n", OBJ_nid2sn(mdtype)); print_hash("\tMessage digest", "", mdbuf, EVP_MD_size(EVP_get_digestbynid(mdtype))); return 1; /* OK */ } /* * Print a file name from the CAT_NAMEVALUE_OBJID attribute. * [in] content: catalog file content * [returns] 0 on error or 1 on success */ static int cat_print_content_member_name(ASN1_TYPE *content) { CatNameValueContent *nvc; const u_char *data = NULL; ASN1_STRING *value; value = content->value.sequence; data = ASN1_STRING_get0_data(value); nvc = d2i_CatNameValueContent(NULL, &data, ASN1_STRING_length(value)); if (!nvc) { return 0; /* FAILED */ } printf("\tFile name: "); if (ASN1_INTEGER_get(nvc->flags) & 0x00020000) { cat_print_base64(nvc->value); } else { cat_print_utf16_as_ascii(nvc->value); } printf("\n"); CatNameValueContent_free(nvc); return 1; /* OK */ } /* * Print a CAT_NAMEVALUE_OBJID attribute represented in base-64 encoding. * [in] value: catalog member file name * [returns] none */ static void cat_print_base64(ASN1_OCTET_STRING *value) { BIO *stdbio, *b64; stdbio = BIO_new_fp(stdout, BIO_NOCLOSE); b64 = BIO_new(BIO_f_base64()); BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); stdbio = BIO_push(b64, stdbio); ASN1_STRING_print_ex(stdbio, value, 0); BIO_free_all(stdbio); } /* * Print a CAT_NAMEVALUE_OBJID attribute represented in plaintext. * [in] value: catalog member file name * [returns] none */ static void cat_print_utf16_as_ascii(ASN1_OCTET_STRING *value) { const u_char *data; int len, i; data = ASN1_STRING_get0_data(value); len = ASN1_STRING_length(value); for (i = 0; i < len && (data[i] || data[i+1]); i+=2) putchar(isprint(data[i]) && !data[i+1] ? data[i] : '.'); } /* * Check if the signature exists. * [in, out] ctx: structure holds input and output data * [returns] 0 on error or 1 on success */ static int cat_check_file(FILE_FORMAT_CTX *ctx) { STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_SIGNER_INFO *si; if (!ctx) { fprintf(stderr, "Init error\n"); return 0; /* FAILED */ } signer_info = PKCS7_get_signer_info(ctx->cat_ctx->p7); if (!signer_info) { fprintf(stderr, "Failed catalog file\n"); return 0; /* FAILED */ } si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) { fprintf(stderr, "No signature found\n"); return 0; /* FAILED */ } if (ctx->options->verbose) { (void)cat_list_content(ctx->cat_ctx->p7); } return 1; /* OK */ } /* Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: */ osslsigncode-2.9/cmake/000077500000000000000000000000001464004761700151515ustar00rootroot00000000000000osslsigncode-2.9/cmake/CMakeDist.cmake000066400000000000000000000027351464004761700177660ustar00rootroot00000000000000# make dist # cmake --build . --target package_source set(CPACK_PACKAGE_NAME ${PROJECT_NAME}) set(CPACK_PACKAGE_VERSION ${PROJECT_VERSION}) set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "OpenSSL based Authenticode signing for PE, CAB, CAT and MSI files") set(CPACK_PACKAGE_INSTALL_DIRECTORY ${CPACK_PACKAGE_NAME}) set(CPACK_RESOURCE_FILE_README "${CMAKE_CURRENT_SOURCE_DIR}/README.md") set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_CURRENT_SOURCE_DIR}/COPYING.txt") set(CPACK_SOURCE_PACKAGE_FILE_NAME "${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}") set(CPACK_SOURCE_GENERATOR "TGZ") set(CPACK_SOURCE_IGNORE_FILES "\.git/;\.gitignore") list(APPEND CPACK_SOURCE_IGNORE_FILES "Makefile") list(APPEND CPACK_SOURCE_IGNORE_FILES "CMakeCache.txt") list(APPEND CPACK_SOURCE_IGNORE_FILES "CMakeFiles") list(APPEND CPACK_SOURCE_IGNORE_FILES "CPackConfig.cmake") list(APPEND CPACK_SOURCE_IGNORE_FILES "CPackSourceConfig.cmake") list(APPEND CPACK_SOURCE_IGNORE_FILES "CTestTestfile.cmake") list(APPEND CPACK_SOURCE_IGNORE_FILES "cmake_install.cmake") list(APPEND CPACK_SOURCE_IGNORE_FILES "config.h") list(APPEND CPACK_SOURCE_IGNORE_FILES "/CMakeFiles/") list(APPEND CPACK_SOURCE_IGNORE_FILES "/Testing/") list(APPEND CPACK_SOURCE_IGNORE_FILES "/_CPack_Packages/") list(APPEND CPACK_SOURCE_IGNORE_FILES "/build/") include(CPack) add_custom_target(dist COMMAND ${CMAKE_MAKE_PROGRAM} package_source) #[[ Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: ]] osslsigncode-2.9/cmake/CMakeTest.cmake000066400000000000000000000653731464004761700200110ustar00rootroot00000000000000# make test # ctest -C Release ########## Configure ########## include(FindPython3) if(Python3_FOUND) execute_process( COMMAND ${Python3_EXECUTABLE} "check_cryptography.py" WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/tests" OUTPUT_VARIABLE cryptography_output RESULT_VARIABLE cryptography_error) if(NOT cryptography_error) message(STATUS "Using python3-cryptography version ${cryptography_output}") option(STOP_SERVER "Stop HTTP server after tests" ON) # Remove http proxy configuration that may change behavior unset(ENV{HTTP_PROXY}) unset(ENV{http_proxy}) set(TEST_DIR "${PROJECT_BINARY_DIR}/Testing") if(CMAKE_GENERATOR STREQUAL "Ninja Multi-Config") set(OSSLSIGNCODE "${PROJECT_BINARY_DIR}/${CMAKE_BUILD_TYPE}/osslsigncode") else(CMAKE_GENERATOR STREQUAL "Ninja Multi-Config") set(OSSLSIGNCODE "${PROJECT_BINARY_DIR}/osslsigncode") endif(CMAKE_GENERATOR STREQUAL "Ninja Multi-Config") set(EXEC "${TEST_DIR}/exec.py") set(FILES "${TEST_DIR}/files") set(CERTS "${TEST_DIR}/certs") set(CONF "${TEST_DIR}/conf") set(LOGS "${TEST_DIR}/logs") file(MAKE_DIRECTORY "${LOGS}") file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/tests/certs/ca-bundle.crt" DESTINATION "${CONF}") file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/tests/files" "${CMAKE_CURRENT_SOURCE_DIR}/tests/conf" "${CMAKE_CURRENT_SOURCE_DIR}/tests/client_http.py" "${CMAKE_CURRENT_SOURCE_DIR}/tests/make_certificates.py" "${CMAKE_CURRENT_SOURCE_DIR}/tests/start_server.py" "${CMAKE_CURRENT_SOURCE_DIR}/tests/exec.py" DESTINATION "${TEST_DIR}/") if(UNIX) file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/tests/server_http.py" DESTINATION "${TEST_DIR}/") set(SERVER_HTTP "${TEST_DIR}/server_http.py") set(Python3w_EXECUTABLE ${Python3_EXECUTABLE}) else(UNIX) file(COPY "${CMAKE_CURRENT_SOURCE_DIR}/tests/server_http.pyw" DESTINATION "${TEST_DIR}/") set(SERVER_HTTP "${TEST_DIR}/server_http.pyw") get_filename_component(PYTHON_DIRECTORY ${Python3_EXECUTABLE} DIRECTORY) set(Python3w_EXECUTABLE "${PYTHON_DIRECTORY}/pythonw.exe") endif(UNIX) if(EXISTS "${LOGS}/url.log") # Stop HTTP server if running message(STATUS "Try to kill HTTP server") execute_process( COMMAND ${Python3_EXECUTABLE} "${TEST_DIR}/client_http.py" OUTPUT_VARIABLE client_output RESULT_VARIABLE client_result) if(NOT client_result) # Successfully closed message(STATUS "${client_output}") endif(NOT client_result) endif(EXISTS "${LOGS}/url.log") set(extensions_all "exe" "ex_" "msi" "256appx" "512appx" "cat" "ps1" "psc1" "mof") set(extensions_nocat "exe" "ex_" "msi" "256appx" "512appx" "ps1" "psc1" "mof") set(extensions_nocatappx "exe" "ex_" "msi" "ps1" "psc1" "mof") set(formats "pem" "der") else(NOT cryptography_error) message(STATUS "CTest skips tests: ${cryptography_output}") endif(NOT cryptography_error) else(Python3_FOUND) message(STATUS "CTest skips tests: Python3 not found") endif(Python3_FOUND) ########## Testing ########## enable_testing() ### osslsigncode version ### if(Python3_FOUND AND NOT cryptography_error) ### Start ### add_test(NAME "version" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "--version") add_test(NAME "start_server" COMMAND ${Python3_EXECUTABLE} "${TEST_DIR}/start_server.py" "--exe" ${Python3w_EXECUTABLE} "--script" ${SERVER_HTTP}) set_tests_properties("start_server" PROPERTIES TIMEOUT 60) set(ALL_TESTS "version" "start_server") ### Sign ### # Sign with PKCS#12 container with private key and certificate encryption algorithm # Signing time: May 1 00:00:00 2019 GMT (1556668800) foreach(ext ${extensions_all}) add_test(NAME "signed_${ext}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "sign" "-pkcs12" "${CERTS}/cert.p12" "-readpass" "${CERTS}/password.txt" "-ac" "${CERTS}/CAcross.pem" "-time" "1556668800" "-add-msi-dse" "-comm" "-ph" "-jp" "low" "-h" "sha512" "-i" "https://www.osslsigncode.com/" "-n" "osslsigncode" "-in" "${FILES}/unsigned.${ext}" "-out" "${FILES}/signed.${ext}") set_tests_properties("signed_${ext}" PROPERTIES DEPENDS "start_server") list(APPEND ALL_TESTS "signed_${ext}") endforeach(ext ${extensions_all}) # Sign with revoked certificate foreach(ext ${extensions_all}) add_test(NAME "revoked_${ext}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "sign" "-certs" "${CERTS}/revoked.pem" "-key" "${CERTS}/keyp.pem" "-readpass" "${CERTS}/password.txt" "-ac" "${CERTS}/CAcross.pem" "-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT "-add-msi-dse" "-comm" "-ph" "-jp" "low" "-h" "sha512" "-i" "https://www.osslsigncode.com/" "-n" "osslsigncode" "-in" "${FILES}/unsigned.${ext}" "-out" "${FILES}/revoked.${ext}") set_tests_properties("revoked_${ext}" PROPERTIES DEPENDS "start_server") list(APPEND ALL_TESTS "revoked_${ext}") endforeach(ext ${extensions_all}) # Remove signature # Unsupported command for CAT files foreach(ext ${extensions_nocat}) add_test(NAME "removed_${ext}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "remove-signature" "-in" "${FILES}/signed.${ext}" "-out" "${FILES}/removed.${ext}") set_tests_properties("removed_${ext}" PROPERTIES DEPENDS "signed_${ext}") list(APPEND ALL_TESTS "removed_${ext}") endforeach(ext ${extensions_nocat}) # Extract PKCS#7 signature in PEM format foreach(ext ${extensions_all}) add_test(NAME "extract_pem_${ext}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "extract-signature" "-pem" # PEM format "-in" "${FILES}/signed.${ext}" "-out" "${FILES}/${ext}.pem") set_tests_properties("extract_pem_${ext}" PROPERTIES DEPENDS "signed_${ext}") list(APPEND ALL_TESTS "extract_pem_${ext}") endforeach(ext ${extensions_all}) # Extract PKCS#7 signature in default DER format foreach(ext ${extensions_all}) add_test(NAME "extract_der_${ext}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "extract-signature" "-in" "${FILES}/signed.${ext}" "-out" "${FILES}/${ext}.der") set_tests_properties("extract_der_${ext}" PROPERTIES DEPENDS "signed_${ext}") list(APPEND ALL_TESTS "extract_der_${ext}") endforeach(ext ${extensions_all}) # Attach a nested signature in PEM or DER format # Unsupported command for CAT files foreach(ext ${extensions_nocat}) foreach(format ${formats}) add_test(NAME "attached_${format}_${ext}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "attach-signature" # sign options "-add-msi-dse" "-h" "sha512" "-nest" "-sigin" "${FILES}/${ext}.${format}" "-in" "${FILES}/signed.${ext}" "-out" "${FILES}/attached_${format}.${ext}" # verify options "-require-leaf-hash" "FILE ${CERTS}/leafhash.txt" "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT "-CAfile" "${CERTS}/CACert.pem" "-CRLfile" "${CERTS}/CACertCRL.pem") set_tests_properties("attached_${format}_${ext}" PROPERTIES DEPENDS "signed_${ext};extract_pem_${ext};extract_der_${ext}") list(APPEND ALL_TESTS "attached_${format}_${ext}") endforeach(format ${formats}) endforeach(ext ${extensions_nocat}) # Add an unauthenticated blob to a previously-signed file foreach(ext ${extensions_all}) add_test(NAME "added_${ext}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "add" "-addUnauthenticatedBlob" "-add-msi-dse" "-h" "sha512" "-in" "${FILES}/signed.${ext}" "-out" "${FILES}/added.${ext}") set_tests_properties("added_${ext}" PROPERTIES DEPENDS "signed_${ext}") list(APPEND ALL_TESTS "added_${ext}") endforeach(ext ${extensions_all}) # Add the new nested signature instead of replacing the first one # APPX files do not support nesting (multiple signature) foreach(ext ${extensions_all}) add_test(NAME "nested_${ext}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "sign" "-nest" "-certs" "${CERTS}/cert.pem" "-key" "${CERTS}/key.der" "-pass" "passme" "-ac" "${CERTS}/CAcross.pem" "-time" "1556755200" # Signing time: May 2 00:00:00 2019 GMT "-add-msi-dse" "-comm" "-ph" "-jp" "low" "-h" "sha512" "-i" "https://www.osslsigncode.com/" "-n" "osslsigncode" "-in" "${FILES}/signed.${ext}" "-out" "${FILES}/nested.${ext}") set_tests_properties("nested_${ext}" PROPERTIES DEPENDS "signed_${ext}") list(APPEND ALL_TESTS "nested_${ext}") endforeach(ext ${extensions_all}) ### Verify signature ### # Verify PE/MSI/CAB files signed in the catalog file # CAT and APPX files do not support detached PKCS#7 signature foreach(ext ${extensions_nocatappx}) add_test(NAME "verify_catalog_${ext}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify" "-catalog" "${FILES}/signed.cat" # catalog file "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT "-require-leaf-hash" "FILE ${CERTS}/leafhash.txt" "-CAfile" "${CERTS}/CACert.pem" "-CRLfile" "${CERTS}/CACertCRL.pem" "-in" "${FILES}/unsigned.${ext}") set_tests_properties("verify_catalog_${ext}" PROPERTIES DEPENDS "signed_${ext}") list(APPEND ALL_TESTS "verify_catalog_${ext}") endforeach(ext ${extensions_nocatappx}) # Verify signature set(files "signed" "nested" "added" "revoked") foreach(file ${files}) foreach(ext ${extensions_all}) add_test(NAME "verify_${file}_${ext}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify" "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT "-CAfile" "${CERTS}/CACert.pem" "-CRLfile" "${CERTS}/CACertCRL.pem" "-in" "${FILES}/${file}.${ext}") set_tests_properties("verify_${file}_${ext}" PROPERTIES DEPENDS "${file}_${ext}") list(APPEND ALL_TESTS "verify_${file}_${ext}") endforeach(ext ${extensions_all}) endforeach(file ${files}) # "revoked" tests are expected to fail set(files "revoked") foreach(file ${files}) foreach(ext ${extensions_all}) set_tests_properties("verify_${file}_${ext}" PROPERTIES WILL_FAIL TRUE) endforeach(ext ${extensions_all}) endforeach(file ${files}) # Verify removed signature # "removed" tests are expected to fail # "remove-signature" command is unsupported for CAT files set(files "removed") foreach(file ${files}) foreach(ext ${extensions_nocat}) add_test(NAME "verify_${file}_${ext}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify" "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT "-CAfile" "${CERTS}/CACert.pem" "-CRLfile" "${CERTS}/CACertCRL.pem" "-in" "${FILES}/${file}.${ext}") set_tests_properties("verify_${file}_${ext}" PROPERTIES DEPENDS "${file}_${ext}" WILL_FAIL TRUE) list(APPEND ALL_TESTS "verify_${file}_${ext}") endforeach(ext ${extensions_nocat}) endforeach(file ${files}) # Verify attached signature # "attach-signature" command is unsupported for CAT files set(files "attached_pem" "attached_der") foreach(file ${files}) foreach(ext ${extensions_nocat}) add_test(NAME "verify_${file}_${ext}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify" "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT "-CAfile" "${CERTS}/CACert.pem" "-CRLfile" "${CERTS}/CACertCRL.pem" "-in" "${FILES}/${file}.${ext}") set_tests_properties("verify_${file}_${ext}" PROPERTIES DEPENDS "${file}_${ext}") list(APPEND ALL_TESTS "verify_${file}_${ext}") endforeach(ext ${extensions_nocat}) endforeach(file ${files}) ### Extract a data content to be signed ### # Unsupported command "extract-data" for CAT files foreach(ext ${extensions_nocat}) # Extract PKCS#7 with data content, output in PEM format add_test(NAME "data_${ext}_pem" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "extract-data" "-ph" "-h" "sha384" "-add-msi-dse" "-pem" # PEM format "-in" "${FILES}/unsigned.${ext}" "-out" "${FILES}/data_${ext}.pem") # Extract PKCS#7 with data content, output in default DER format add_test(NAME "data_${ext}_der" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "extract-data" "-ph" "-h" "sha384" "-add-msi-dse" "-in" "${FILES}/unsigned.${ext}" "-out" "${FILES}/data_${ext}.der") foreach(data_format ${formats}) set_tests_properties("data_${ext}_${data_format}" PROPERTIES DEPENDS "start_server") list(APPEND ALL_TESTS "data_${ext}_${data_format}") endforeach(data_format ${formats}) # Sign a data content, output in DER format foreach(data_format ${formats}) add_test(NAME "signed_data_${ext}_${data_format}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "sign" "-pkcs12" "${CERTS}/cert.p12" "-readpass" "${CERTS}/password.txt" "-ac" "${CERTS}/CAcross.pem" "-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT "-add-msi-dse" "-comm" "-ph" "-jp" "low" "-h" "sha384" "-i" "https://www.osslsigncode.com/" "-n" "osslsigncode" "-in" "${FILES}/data_${ext}.${data_format}" "-out" "${FILES}/signed_data_${ext}_${data_format}.der") set_tests_properties("signed_data_${ext}_${data_format}" PROPERTIES DEPENDS "data_${ext}_pem;data_${ext}_der") list(APPEND ALL_TESTS "signed_data_${ext}_${data_format}") endforeach(data_format ${formats}) # Sign a data content, output in PEM format foreach(data_format ${formats}) add_test(NAME "signed_data_pem_${ext}_${data_format}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "sign" "-pkcs12" "${CERTS}/cert.p12" "-readpass" "${CERTS}/password.txt" "-ac" "${CERTS}/CAcross.pem" "-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT "-add-msi-dse" "-comm" "-ph" "-jp" "low" "-h" "sha384" "-i" "https://www.osslsigncode.com/" "-n" "osslsigncode" "-pem" # PEM format "-in" "${FILES}/data_${ext}.${data_format}" "-out" "${FILES}/signed_data_${ext}_${data_format}.pem") set_tests_properties("signed_data_pem_${ext}_${data_format}" PROPERTIES DEPENDS "data_${ext}_${data_format}") list(APPEND ALL_TESTS "signed_data_pem_${ext}_${data_format}") endforeach(data_format ${formats}) # Attach signature in PEM or DER format foreach(data_format ${formats}) foreach(format ${formats}) add_test(NAME "attached_data_${ext}_${data_format}_${format}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "attach-signature" # sign options "-add-msi-dse" "-h" "sha384" "-sigin" "${FILES}/signed_data_${ext}_${data_format}.${format}" "-in" "${FILES}/unsigned.${ext}" "-out" "${FILES}/attached_data_${data_format}_${format}.${ext}" # verify options "-require-leaf-hash" "FILE ${CERTS}/leafhash.txt" "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT "-CAfile" "${CERTS}/CACert.pem" "-CRLfile" "${CERTS}/CACertCRL.pem") set_tests_properties("attached_data_${ext}_${data_format}_${format}" PROPERTIES DEPENDS "signed_data_${ext}_${data_format};signed_data_pem_${ext}_${data_format}") list(APPEND ALL_TESTS "attached_data_${ext}_${data_format}_${format}") endforeach(format ${formats}) endforeach(data_format ${formats}) endforeach(ext ${extensions_nocat}) if(OPENSSL_VERSION VERSION_GREATER_EQUAL "3.0.0" OR CURL_FOUND) ### Sign with Time-Stamp Authority ### # Sign with the RFC3161 Time-Stamp Authority set(pem_certs "cert" "expired" "revoked") foreach(ext ${extensions_all}) foreach(cert ${pem_certs}) add_test(NAME "sign_ts_${cert}_${ext}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "sign" "-certs" "${CERTS}/${cert}.pem" "-key" "${CERTS}/key.pem" "-ac" "${CERTS}/CAcross.pem" "-comm" "-ph" "-jp" "low" "-h" "sha384" "-i" "https://www.osslsigncode.com/" "-n" "osslsigncode" "-time" "1556668800" # Signing time: May 1 00:00:00 2019 GMT "-ts" "FILE ${LOGS}/url.log" "-in" "${FILES}/unsigned.${ext}" "-out" "${FILES}/ts_${cert}.${ext}") set_tests_properties("sign_ts_${cert}_${ext}" PROPERTIES ENVIRONMENT "HTTP_PROXY=;http_proxy=" DEPENDS "start_server") list(APPEND ALL_TESTS "sign_ts_${cert}_${ext}") endforeach(cert ${pem_certs}) endforeach(ext ${extensions_all}) ### Verify Time-Stamp Authority ### # Signature verification time: Sep 1 00:00:00 2019 GMT foreach(ext ${extensions_all}) add_test(NAME "verify_ts_cert_${ext}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify" "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT "-CAfile" "${CERTS}/CACert.pem" "-TSA-CAfile" "${CERTS}/TSACA.pem" "-in" "${FILES}/ts_cert.${ext}") set_tests_properties("verify_ts_cert_${ext}" PROPERTIES ENVIRONMENT "HTTP_PROXY=;http_proxy=;" DEPENDS "sign_ts_cert_${ext}") list(APPEND ALL_TESTS "verify_ts_cert_${ext}") endforeach(ext ${extensions_all}) # Signature verification time: Jan 1 00:00:00 2035 GMT foreach(ext ${extensions_all}) add_test(NAME "verify_ts_future_${ext}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify" "-time" "2051222400" # Signature verification time: Jan 1 00:00:00 2035 GMT "-CAfile" "${CERTS}/CACert.pem" "-TSA-CAfile" "${CERTS}/TSACA.pem" "-in" "${FILES}/ts_cert.${ext}") set_tests_properties("verify_ts_future_${ext}" PROPERTIES ENVIRONMENT "HTTP_PROXY=;http_proxy=;" DEPENDS "sign_ts_cert_${ext}") list(APPEND ALL_TESTS "verify_ts_future_${ext}") endforeach(ext ${extensions_all}) # Verify with ignored timestamp # This tests are expected to fail foreach(ext ${extensions_all}) add_test(NAME "verify_ts_ignore_${ext}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify" "-time" "2051222400" # Signature verification time: Jan 1 00:00:00 2035 GMT "-ignore-timestamp" "-CAfile" "${CERTS}/CACert.pem" "-TSA-CAfile" "${CERTS}/TSACA.pem" "-in" "${FILES}/ts_cert.${ext}") set_tests_properties("verify_ts_ignore_${ext}" PROPERTIES ENVIRONMENT "HTTP_PROXY=;http_proxy=;" DEPENDS "sign_ts_cert_${ext}" WILL_FAIL TRUE) list(APPEND ALL_TESTS "verify_ts_ignore_${ext}") endforeach(ext ${extensions_all}) ### Verify CRL Distribution Points ### # Verify file signed with X509v3 CRL Distribution Points extension # Signature verification time: Sep 1 00:00:00 2019 GMT # Check X509v3 CRL Distribution Points extension, don't use "-CRLfile" and "-TSA-CRLfile" options foreach(ext ${extensions_all}) add_test(NAME "verify_ts_cert_crldp_${ext}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify" "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT "-CAfile" "${CERTS}/CACert.pem" "-TSA-CAfile" "${CERTS}/TSACA.pem" "-in" "${FILES}/ts_cert.${ext}") set_tests_properties("verify_ts_cert_crldp_${ext}" PROPERTIES ENVIRONMENT "HTTP_PROXY=;http_proxy=;" DEPENDS "sign_ts_cert_${ext}") list(APPEND ALL_TESTS "verify_ts_cert_crldp_${ext}") endforeach(ext ${extensions_all}) # Verify with expired or revoked certificate, ignore X509v3 CRL Distribution Points extension # This tests are expected to fail set(failed_certs "expired" "revoked") foreach(ext ${extensions_all}) foreach(cert ${failed_certs}) add_test(NAME "verify_ts_${cert}_${ext}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify" "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT "-CAfile" "${CERTS}/CACert.pem" "-CRLfile" "${CERTS}/CACertCRL.pem" "-ignore-cdp" "-TSA-CAfile" "${CERTS}/TSACA.pem" "-in" "${FILES}/ts_${cert}.${ext}") set_tests_properties("verify_ts_${cert}_${ext}" PROPERTIES ENVIRONMENT "HTTP_PROXY=;http_proxy=;" DEPENDS "sign_ts_${cert}_${ext}" WILL_FAIL TRUE) list(APPEND ALL_TESTS "verify_ts_${cert}_${ext}") endforeach(cert ${failed_certs}) endforeach(ext ${extensions_all}) # Verify with revoked certificate contains X509v3 CRL Distribution Points extension # Check X509v3 CRL Distribution Points extension, don't use "-CRLfile" and "-TSA-CRLfile" options # This test is expected to fail foreach(ext ${extensions_all}) add_test(NAME "verify_ts_revoked_crldp_${ext}" COMMAND ${Python3_EXECUTABLE} ${EXEC} ${OSSLSIGNCODE} "verify" "-time" "1567296000" # Signature verification time: Sep 1 00:00:00 2019 GMT "-CAfile" "${CERTS}/CACert.pem" "-TSA-CAfile" "${CERTS}/TSACA.pem" "-in" "${FILES}/ts_revoked.${ext}") set_tests_properties("verify_ts_revoked_crldp_${ext}" PROPERTIES ENVIRONMENT "HTTP_PROXY=;http_proxy=;" DEPENDS "sign_ts_revoked_${ext}" WILL_FAIL TRUE) list(APPEND ALL_TESTS "verify_ts_revoked_crldp_${ext}") endforeach(ext ${extensions_all}) ### Cleanup ### # Stop HTTP server if(STOP_SERVER) add_test(NAME "stop_server" COMMAND ${Python3_EXECUTABLE} "${TEST_DIR}/client_http.py") set_tests_properties("stop_server" PROPERTIES DEPENDS "${ALL_TESTS}") list(APPEND ALL_TESTS "stop_server") else(STOP_SERVER) message(STATUS "Keep HTTP server after tests") endif(STOP_SERVER) else(OPENSSL_VERSION VERSION_GREATER_EQUAL "3.0.0" OR CURL_FOUND) message(STATUS "CTest skips some tests") endif(OPENSSL_VERSION VERSION_GREATER_EQUAL "3.0.0" OR CURL_FOUND) # Delete test files set(names "signed" "nested" "revoked" "removed" "added") foreach(ext ${extensions_all}) foreach(name ${names}) set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${name}.${ext}") endforeach(name ${names}) foreach(cert ${pem_certs}) set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/ts_${cert}.${ext}") endforeach(cert ${pem_certs}) foreach(format ${formats}) set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}") set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/${ext}.${format}") set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/attached_${format}.${ext}") set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/data_${ext}.${format}") foreach(data_format ${formats}) set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/signed_data_${ext}_${format}.${data_format}") set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/attached_data_${data_format}_${format}.${ext}") endforeach(data_format ${formats}) endforeach(format ${formats}) set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jreq.tsq") set(OUTPUT_FILES ${OUTPUT_FILES} "${FILES}/jresp.tsr") endforeach(ext ${extensions_all}) add_test(NAME "remove_files" COMMAND ${CMAKE_COMMAND} -E rm -f ${OUTPUT_FILES}) set_tests_properties("remove_files" PROPERTIES DEPENDS "${ALL_TESTS}") endif(Python3_FOUND AND NOT cryptography_error) #[[ Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: ]] osslsigncode-2.9/cmake/FindHeaders.cmake000066400000000000000000000012351464004761700203300ustar00rootroot00000000000000include(CheckIncludeFile) include(CheckFunctionExists) if(UNIX) check_function_exists(getpass HAVE_GETPASS) check_include_file(termios.h HAVE_TERMIOS_H) check_include_file(sys/mman.h HAVE_SYS_MMAN_H) if(HAVE_SYS_MMAN_H) check_function_exists(mmap HAVE_MMAP) endif(HAVE_SYS_MMAN_H) else(UNIX) check_include_file(windows.h HAVE_MAPVIEWOFFILE) endif(UNIX) if(NOT (HAVE_MMAP OR HAVE_MAPVIEWOFFILE)) message(FATAL_ERROR "Error: Need file mapping function to build.") endif(NOT (HAVE_MMAP OR HAVE_MAPVIEWOFFILE)) #[[ Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: ]] osslsigncode-2.9/cmake/SetBashCompletion.cmake000066400000000000000000000023571464004761700215450ustar00rootroot00000000000000# This list describes the default variables included in the bash-completion package: # BASH_COMPLETION_VERSION "@VERSION@" # BASH_COMPLETION_PREFIX "@prefix@" # BASH_COMPLETION_COMPATDIR "@sysconfdir@/bash_completion.d" # BASH_COMPLETION_COMPLETIONSDIR "@datadir@/@PACKAGE@/completions" # BASH_COMPLETION_HELPERSDIR "@datadir@/@PACKAGE@/helpers" # BASH_COMPLETION_FOUND "TRUE" # https://github.com/scop/bash-completion/blob/master/bash-completion-config.cmake.in if(NOT MSVC) if(BASH_COMPLETION_USER_DIR) set(BASH_COMPLETION_COMPLETIONSDIR "${BASH_COMPLETION_USER_DIR}/bash-completion/completions") else(BASH_COMPLETION_USER_DIR) find_package(bash-completion QUIET) if(NOT BASH_COMPLETION_FOUND) set(SHAREDIR "${CMAKE_INSTALL_PREFIX}/share") set(BASH_COMPLETION_COMPLETIONSDIR "${SHAREDIR}/bash-completion/completions") endif(NOT BASH_COMPLETION_FOUND) endif(BASH_COMPLETION_USER_DIR) message(STATUS "Using bash completions dir ${BASH_COMPLETION_COMPLETIONSDIR}") install(FILES "osslsigncode.bash" DESTINATION ${BASH_COMPLETION_COMPLETIONSDIR}) endif(NOT MSVC) #[[ Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: ]] osslsigncode-2.9/cmake/SetCompilerFlags.cmake000066400000000000000000000121141464004761700213550ustar00rootroot00000000000000include(CheckCCompilerFlag) set(CMAKE_REQUIRED_QUIET ON) function(add_debug_flag_if_supported flagname targets) check_c_compiler_flag("${flagname}" HAVE_FLAG_${flagname}) if (HAVE_FLAG_${flagname}) foreach(target ${targets}) target_compile_options(${target} PRIVATE $<$:${flagname}>) endforeach(target ${targets}) endif(HAVE_FLAG_${flagname}) endfunction(add_debug_flag_if_supported flagname targets) function(add_compile_flag_to_targets targets) set(CHECKED_DEBUG_FLAGS "-ggdb" "-g" "-O2" "-pedantic" "-Wall" "-Wextra" "-Wno-long-long" "-Wconversion" "-D_FORTIFY_SOURCE=2" "-Wformat=2" "-Wredundant-decls" "-Wcast-qual" "-Wnull-dereference" "-Wno-deprecated-declarations" "-Wmissing-declarations" "-Wmissing-prototypes" "-Wmissing-noreturn" "-Wmissing-braces" "-Wparentheses" "-Wstrict-aliasing=3" "-Wstrict-overflow=2" "-Wlogical-op" "-Wwrite-strings" "-Wcast-align=strict" "-Wdisabled-optimization" "-Wshift-overflow=2" "-Wundef" "-Wshadow" "-Wmisleading-indentation" "-Wabsolute-value" "-Wunused-parameter" "-Wunused-function") foreach(flag ${CHECKED_DEBUG_FLAGS}) add_debug_flag_if_supported(${flag} ${targets}) endforeach(flag ${CHECKED_DEBUG_FLAGS}) endfunction(add_compile_flag_to_targets targets) function(add_compile_flags target) if(MSVC) # Enable parallel builds target_compile_options(${target} PRIVATE /MP) # Use address space layout randomization, generate PIE code for ASLR (default on) target_link_options(${target} PRIVATE /DYNAMICBASE) # Create terminal server aware application (default on) target_link_options(${target} PRIVATE /TSAWARE) # Mark the binary as compatible with Intel Control-flow Enforcement Technology (CET) Shadow Stack target_link_options(${target} PRIVATE /CETCOMPAT) # Enable compiler generation of Control Flow Guard security checks target_compile_options(${target} PRIVATE /guard:cf) target_link_options(${target} PRIVATE /guard:cf) # Buffer Security Check target_compile_options(${target} PRIVATE /GS) # Suppress startup banner target_link_options(${target} PRIVATE /NOLOGO) # Generate debug info target_link_options(${target} PRIVATE /DEBUG) if("${CMAKE_SIZEOF_VOID_P}" STREQUAL "8") # High entropy ASLR for 64 bits targets (default on) target_link_options(${target} PRIVATE /HIGHENTROPYVA) # Enable generation of EH Continuation (EHCONT) metadata by the compiler #target_compile_options(${target} PRIVATE /guard:ehcont) #target_link_options(${target} PRIVATE /guard:ehcont) else("${CMAKE_SIZEOF_VOID_P}" STREQUAL "8") # Can handle addresses larger than 2 gigabytes target_link_options(${target} PRIVATE /LARGEADDRESSAWARE) # Safe structured exception handlers (x86 only) target_link_options(${target} PRIVATE /SAFESEH) endif("${CMAKE_SIZEOF_VOID_P}" STREQUAL "8") target_compile_options(${target} PRIVATE $<$:/D_FORTIFY_SOURCE=2>) # Unrecognized compiler options are errors target_compile_options(${target} PRIVATE $<$:/options:strict>) else(MSVC) check_c_compiler_flag("-fstack-protector-all" HAVE_STACK_PROTECTOR_ALL) if(HAVE_STACK_PROTECTOR_ALL) target_link_options(${target} PRIVATE -fstack-protector-all) else(HAVE_STACK_PROTECTOR_ALL) check_c_compiler_flag("-fstack-protector" HAVE_STACK_PROTECTOR) if(HAVE_STACK_PROTECTOR) target_link_options(${target} PRIVATE -fstack-protector) else(HAVE_STACK_PROTECTOR) message(WARNING "No stack protection supported") endif(HAVE_STACK_PROTECTOR) endif(HAVE_STACK_PROTECTOR_ALL) # Support address space layout randomization (ASLR) if(NOT (MINGW OR CYGWIN OR CMAKE_C_COMPILER_ID STREQUAL "AppleClang" OR ((CMAKE_SYSTEM_NAME MATCHES Darwin) AND (CMAKE_C_COMPILER_ID MATCHES Clang)))) target_compile_options(${target} PRIVATE -fPIE) target_link_options(${target} PRIVATE -fPIE -pie) target_link_options(${target} PRIVATE -Wl,-z,relro) target_link_options(${target} PRIVATE -Wl,-z,now) target_link_options(${target} PRIVATE -Wl,-z,noexecstack) endif(NOT (MINGW OR CYGWIN OR CMAKE_C_COMPILER_ID STREQUAL "AppleClang" OR ((CMAKE_SYSTEM_NAME MATCHES Darwin) AND (CMAKE_C_COMPILER_ID MATCHES Clang)))) target_link_options(${target} PRIVATE -fstack-check) add_compile_flag_to_targets(${target}) endif(MSVC) endfunction(add_compile_flags target) add_compile_flags(osslsigncode) #[[ Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: ]] osslsigncode-2.9/code_signing_ca.pem000066400000000000000000020216021464004761700176720ustar00rootroot00000000000000-----BEGIN CERTIFICATE----- MIIFzDCCA7SgAwIBAgIEU/TqiTANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMC QVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUg aW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEYMBYGA1UECwwPQS1UcnVzdC1S b290LTA3MRgwFgYDVQQDDA9BLVRydXN0LVJvb3QtMDcwHhcNMTgwNTE3MTEyMzIy WhcNMzYxMTE5MTAyMzIyWjCBizELMAkGA1UEBhMCQVQxSDBGBgNVBAoMP0EtVHJ1 c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3RyLiBEYXRlbnZl cmtlaHIgR21iSDEYMBYGA1UECwwPQS1UcnVzdC1Sb290LTA3MRgwFgYDVQQDDA9B LVRydXN0LVJvb3QtMDcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCj B75eAfol2AWPNH+REygfWrnDIkDvLEBKo1BGXWG42Tgou5ZePw3xqZR0pm+NkEpq gP0N2asqAr1wCOhJoeqb9+YTm94fKQDxqLUeGnhOosDXBaa3x2FTtaCFkbVaVD73 z337Uo4ScDjMm0UM34mVp3f45WcDW5HCAdRbCnt/fVgurAvDuXc7EZbum/zpJ3hL 0yvWJL4CfKiJI3XXHiUfX2KSoSL0fskDSQiRxZnNlTLSXn+fKUgoyZFXQnP6esGx 3QLcAqdUAmLzhJMAWMdiV8zaGWj7KFC7BG1nS4SB4zDcfC9/0S56LsVio4gK01qH eOj2p1ErLXKDpA2M5MnmPaV8zsHDM4ZoNVJZUhiT/2LJalNxt7NRfoCpud9q+10d QMZXs1SBukZNgV2811crrJmnkuIqnOZa8nA2M2taIccPt8TyVwA16nQklCufBuvO rePW5el0WVCxie985VyK1VG15GFPbNMkyeTCu4corrnmm+NKaE6jllllRl0AeXBg XWhOo5ydkBmoblMGmKZ5VKcSYnahDj3Wa7dNLqq+352pVh8dR2OsvgCyxExP1l23 suuJiPZyZV7h9PHtDGalKFFnfaykS6paRZxAJ0jG8DkcO4VTu/GwgvAGTwhWTKzx SWIu0RkCmESItpo1M/L3jc684zpXCZ8OffDYIRO1YQIDAQABozYwNDARBgNVHQ4E CgQIRMARrVMnh/QwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJ KoZIhvcNAQELBQADggIBAJ9HSOryu7RWucc9MEDU06OVlhj0Eb+EuGQWggqm+oSV +7yc+6R8OK1NVIEWNGDX71CZ/4jSL8+kEMiHAmAZeR912uCDcXPsyYCSIYxA1enn lgJUCJq6Qm+/pXJk+er/FtaB75bOZPKP3lwVj58YY4ZepcVZp+3GCGBk/JiVegH3 DT2FyjLrbSG1UNyWilpBc9VJbqClOFi1fsgZ9P0Fy/5/yNRKEY0HP0drSA/bBsT/ YyR88Ncke5Ll6JN9nPldMI7rksMwmmBh4B61xJUh9VPW05gd33mja4Btl6cy/cJK aftMnqs/NK12+7CaPYY978Cm7BcmmYSLKLTRwfOiLAGheL4atHfVmM3jcvVkIrpc iVZEjT896yaCdLv6nvEVMhZsE5egnKi9yA91pkMtcG7QbC3D3VdnWWqq/Z/z0gWb Ddqv6ecjMZHmqlm86HHO6DaZ1Nv3naJtmpLwfYZiOUqYN1nETZWv1nt10HePgamr tWwcOrBQDQPTI42GEy6G0YG73HU8x7ROl3Xsp7BEMxUhrrcTnTamTCmmmahepRQc QxIF9tbC1ypP510iF/U+N8+WIgYhMnsFU65ngQ/4TOU/yHbSbzuQx5DomsX4GN5U dtlFW5xfmmm1ngDkm4t7c066WcvkwvNh3U4kOUWG0pxbG4yE6iYiL+IWy/LW12GI -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFZDCCA0ygAwIBAgIEdp251TANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJB VDEVMBMGA1UECgwMQS1UcnVzdCBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVJvb3Qt MDkxGDAWBgNVBAMMD0EtVHJ1c3QtUm9vdC0wOTAeFw0yMzAyMjExNDIyNDhaFw0z NjA3MTQxMjIyNDhaMFgxCzAJBgNVBAYTAkFUMRUwEwYDVQQKDAxBLVRydXN0IEdt YkgxGDAWBgNVBAsMD0EtVHJ1c3QtUm9vdC0wOTEYMBYGA1UEAwwPQS1UcnVzdC1S b290LTA5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvi76A1mvr8GO UveGf6K9ChNo3PRwnHr7tF0RXUgLQMbRggSCxiDhuxBteMIkGB0F2aFwTa3JbjgA kA1RSCum1AhfvHytkoP0TXD5TaqA4b9bhpuShsyKuSjgMRFxr89IHhY4+gn4O4CD +9bGguF3kYXgCkz8Pw1kdekc6PvwGCmfNgq8INOylkaPD+THmnhQDV8mbRlkFCHw 9n6ajuyvPnOmGSUU5dJVzFkOPIcHr08HBSmf0PEqwsCWYuYx3fpTALYiJtC1pbzs 6OCBzGDd/bDGaAPq2xFBLmKBP8nWIQOI1n0FquXMlD2ucilafRJ0H5i6UCN3EsaD Fe96OBFyYst+NDBDEPcMeXRUM6hWxVosvJ4vvON9YIPGZX2uAHu7trd1c6LpqetW vLFE6o19ZImioMblxfH3p0DxGnnphI8uc794kCcKLPw3xVx/LPfyQ/QF478Gd6y1 QQVIbTpEFmdOfDICspQP8NgyifQDrG9jFcwhfs3cRi+Cti0lr5dNnzYf1JH6wmW2 4hv/IKTeIs9eQdG8FNc81XpQE7z6bmdaEwrc9HzzWgB9h8F2NiwIzbtVyILSHdZL kX6/N/NP4qDlsReD71REqqwNHADmFIq2CQMcYsyrLT5v8ewIzf6Om4vGVi+vMsM5 M11S/xwalBfu3PWkIQMLn+aS/GxY+MsCAwEAAaM2MDQwEQYDVR0OBAoECEI7P5QP /5TRMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB CwUAA4ICAQAcN0cmoA5zxp06sfmUN+lF6YipZ2oTkWpUwpz3dNmXZK7mB4kwUQRV w/HPfYylOs8SjVbQf+Gv7j7kcklND4Pdka5ZlqNPgQcDtTPfsEB9y2+3ajsIy83w q1U8nqqLD55Rsk9Iiw2hLfUrSHQvogwCuOKOJxCUSS12QEBJFvCSZtq/cGFnx+3g c56ZsuxVU328Og/9RKOQ/PyNMQ0WV4i/Yi0J1gxFhrjb8ZHrcZj63y8yjaVsGd7V RvuAXHdSqX8hQ+n8Zl2F+bDmQcRvCDb1aG3qo0hZk3Fh8lRCrQFjVddCHduXQ5kW ceFVeflLQvaQg5a56D3rJGU2K+8T7QobzErQ09ghBvyed4FVBtTeqsz8n5KTz2ba yp+TlvTFaszKxeBc+z3nHnz90qCzSxb/yjPljqhsg3JmbQzGQpYXV3SgzipJHZbd clzoVZiPCjgrqh+Q30n3p1syRH9a7pRlwWDbfCWggxcJwWHUPc6nnelykI5QaX+O zVubeDIUw7KfpAWgVK4i6vNtEqBCmj4jhHEc6vn8sNADhFpmOc5xeybqZYcdU8C2 QudTYHvdVpwOU7Z2TRsqqjU3w+bfWRZBP/VNEZEyCfbgTT1wCpSEbCnR1YjoWJst F6Jvx1UoodRMJqtTClRVA9gvR1XVZ9vf6+v6LotYesZ4rUlbemwnrA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq 7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3 0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p 26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi 1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0 eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu tGWaIZDgqtCYvDi1czyL+Nw= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNVBAMTIENoYW1iZXJz IG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEyMjk1MFoXDTM4MDcz MTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBj dXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIw EAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0G CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW9 28sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKAXuFixrYp4YFs8r/lfTJq VKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorjh40G072Q DuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR 5gN/ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfL ZEFHcpOrUMPrCXZkNNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05a Sd+pZgvMPMZ4fKecHePOjlO+Bd5gD2vlGts/4+EhySnB8esHnFIbAURRPHsl18Tl UlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331lubKgdaX8ZSD6e2wsWsSaR6s +12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ0wlf2eOKNcx5 Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAx hduub+84Mxh2EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNV HQ4EFgQU+SSsD7K1+HnA+mCIG8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1 +HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29t L2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVy ZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAt IDIwMDiCCQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRV HSAAMCowKAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20w DQYJKoZIhvcNAQEFBQADggIBAJASryI1wqM58C7e6bXpeHxIvj99RZJe6dqxGfwW PJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH3qLPaYRgM+gQDROpI9CF 5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbURWpGqOt1 glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaH FoI6M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2 pSB7+R5KBWIBpih1YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MD xvbxrN8y8NmBGuScvfaAFPDRLLmF9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QG tjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcKzBIKinmwPQN/aUv0NCB9szTq jktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvGnrDQWzilm1De fhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZ d0jQ -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIG4DCCBMigAwIBAgIINJotoYIGsrMwDQYJKoZIhvcNAQELBQAwggEMMQswCQYD VQQGEwJFUzEPMA0GA1UECAwGTUFEUklEMQ8wDQYDVQQHDAZNQURSSUQxOjA4BgNV BAsMMXNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2Fk ZHJlc3MxKTAnBgNVBAsMIENIQU1CRVJTIE9GIENPTU1FUkNFIFJPT1QgLSAyMDE2 MRIwEAYDVQQFEwlBODI3NDMyODcxGDAWBgNVBGEMD1ZBVEVTLUE4Mjc0MzI4NzEb MBkGA1UECgwSQUMgQ0FNRVJGSVJNQSBTLkEuMSkwJwYDVQQDDCBDSEFNQkVSUyBP RiBDT01NRVJDRSBST09UIC0gMjAxNjAeFw0xNjA0MTQwNzM1NDhaFw00MDA0MDgw NzM1NDhaMIIBDDELMAkGA1UEBhMCRVMxDzANBgNVBAgMBk1BRFJJRDEPMA0GA1UE BwwGTUFEUklEMTowOAYDVQQLDDFzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5j YW1lcmZpcm1hLmNvbS9hZGRyZXNzMSkwJwYDVQQLDCBDSEFNQkVSUyBPRiBDT01N RVJDRSBST09UIC0gMjAxNjESMBAGA1UEBRMJQTgyNzQzMjg3MRgwFgYDVQRhDA9W QVRFUy1BODI3NDMyODcxGzAZBgNVBAoMEkFDIENBTUVSRklSTUEgUy5BLjEpMCcG A1UEAwwgQ0hBTUJFUlMgT0YgQ09NTUVSQ0UgUk9PVCAtIDIwMTYwggIiMA0GCSqG SIb3DQEBAQUAA4ICDwAwggIKAoICAQDqxqSh1K2Zlsmf9bxQAPQsz/J46PIsAifW g4wEq9MOe1cgydSvZfSH3TAI185Bo3YK24pG5Kb97QjOcD/6EGB5TGuBVIBV5Od6 IbZ1mtxe9g6Z/PjC30GOL6vHW20cUFnA7eisgkL+ua8vDEFRnL0AbmRRsjvlNquV kRL7McdzrBzYZXY7zhtMTrAfIAb7ULT7m6F5jhaV45/rGEuEqzmTzTeD0Ol8CyeP 7UII6YZGMqyaJmlwYS0YvT9Q8J72aFBOaZVwwe2TqZdOKaK63cKfbkkIK6P6I/Ep XrB9MVmb7YzNpm74+PfYGOjaVulI8kB0fp7NIK8UJFnudzWFv0qZSql13bMm4wbO fW9LZKN2NBk+FG+FVDjiiy1AtWRmH1czHHDNw7QoWhQjXPy4vbP+OxJf9rmMHciU Clbbcn7vJwcNALS/fZk/TUWzm/cdGdBPBPrHc5SIfYsUKpng6ZmSCcbWAWu38NtD V2Ibx0RS4pdjus/qzmDmCuUYaC0zgHWgMAdo9tX3Eyw6sJ7oWFVujFZETUMXQQLM d9xfRQVZz81g07/S9uL01dyHcTMHGvVvtH89l/tfZPRODgBECenr7D5xGQQXOUhg uEv/XshlmSumMvJbhqid6CN0EHjvyyedMbpgi04GUOJQHQdgwkGMFbRbNxwK5QkZ cgSKPOMB2wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSeLmVP Plf1q32WxovfszVtSuieizAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQAD ggIBAAVpKoWXJlC6QjkckyzST1vRXUQm2m9pK7V7ntD0Si5Ix+x/n8pZerlE9z69 91BrUZ90/5AaQNCTeZIPiiNei6+BC9CLrWbgKtyaKb012GxAFElCPYkvupsrOLwa owu3iNetxhQM7nxJrK7s8j0YT4xtFF0Oqrffd6s7j2JOiwxlxhmOzcAMoXeqtN16 pxMF5jkYx5VkfgO2i5DB5V8AI5jmc9oR0hD/HlMiJ8fTAckvxTsybvDDOMoSZ7y6 Iym7xJVJWgbd1FqQ1BNt59XCfOJYBMDsxL2iPH7GI4F1fKtwXzSElfez1UeWT3HK eDIIILRCpEJr1SWcsifrwQ5HRAnhKw/QIzZuHLm6TqzM8AyUzkEPa90P1cjgF4ve Ol1Svul1JR26BQfaVhk8jdHX8VE22ZLvonhRBVi9UswKXm+v2tDlDNtswSPvOTF3 FwcAjPa6D3D5vL7h5H3hzER6pCHsRz+o1hWl7AGpyHDomGcdvVlUfqFXFTUHxXLJ Prcpho2f2jJ5MtzbqOUJ/+9WKv6TsY4qE+2toitrLwTezS+SktY+YLV4AZUHCKls 4xza++WbI1YgW+nQXMZKJDu847YiFiqEkv+o/pe/o53bYV7uGSos1+sNdlY4dX5J AJNXyfwjWvz08d8qnbCMafQQo1WdcDwi/wfWK7aZwJfQ9Cqg -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9 MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0 Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795 B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/ AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD aGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMxNDBaFw0zODA3MzEx MjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3Vy cmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAG A1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAl BgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZI hvcNAQEBBQADggIPADCCAgoCggIBAMDfVtPkOpt2RbQT2//BthmLN0EYlVJH6xed KYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXfXjaOcNFccUMd2drvXNL7 G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0ZJJ0YPP2 zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4 ddPB/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyG HoiMvvKRhI9lNNgATH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2 Id3UwD2ln58fQ1DJu7xsepeY7s2MH/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3V yJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfeOx2YItaswTXbo6Al/3K1dh3e beksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSFHTynyQbehP9r 6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsog zCtLkykPAgMBAAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQW BBS5CcqcHtvTbDprru1U8VuTBjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDpr ru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJp ZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRk cmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJt YSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiC CQDJzdPp1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCow KAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZI hvcNAQEFBQADggIBAICIf3DekijZBZRG/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZ UohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6ReAJ3spED8IXDneRRXoz X1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/sdZ7LoR/x fxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVz a2Mg9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yyd Yhz2rXzdpjEetrHHfoUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMd SqlapskD7+3056huirRXhOukP9DuqqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9O AP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETrP3iZ8ntxPjzxmKfFGBI/5rso M0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVqc5iJWzouE4ge v8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z 09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIG2DCCBMCgAwIBAgIILdIuUDCmXhMwDQYJKoZIhvcNAQELBQAwggEIMQswCQYD VQQGEwJFUzEPMA0GA1UECAwGTUFEUklEMQ8wDQYDVQQHDAZNQURSSUQxOjA4BgNV BAsMMXNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2Fk ZHJlc3MxJzAlBgNVBAsMHkdMT0JBTCBDSEFNQkVSU0lHTiBST09UIC0gMjAxNjES MBAGA1UEBRMJQTgyNzQzMjg3MRgwFgYDVQRhDA9WQVRFUy1BODI3NDMyODcxGzAZ BgNVBAoMEkFDIENBTUVSRklSTUEgUy5BLjEnMCUGA1UEAwweR0xPQkFMIENIQU1C RVJTSUdOIFJPT1QgLSAyMDE2MB4XDTE2MDQxNDA3NTAwNloXDTQwMDQwODA3NTAw NlowggEIMQswCQYDVQQGEwJFUzEPMA0GA1UECAwGTUFEUklEMQ8wDQYDVQQHDAZN QURSSUQxOjA4BgNVBAsMMXNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVy ZmlybWEuY29tL2FkZHJlc3MxJzAlBgNVBAsMHkdMT0JBTCBDSEFNQkVSU0lHTiBS T09UIC0gMjAxNjESMBAGA1UEBRMJQTgyNzQzMjg3MRgwFgYDVQRhDA9WQVRFUy1B ODI3NDMyODcxGzAZBgNVBAoMEkFDIENBTUVSRklSTUEgUy5BLjEnMCUGA1UEAwwe R0xPQkFMIENIQU1CRVJTSUdOIFJPT1QgLSAyMDE2MIICIjANBgkqhkiG9w0BAQEF AAOCAg8AMIICCgKCAgEA0GvnniIrU3YVVa9MSsBta/v5hEQFoX1gzgXsnphz+luE BzH3/z1rx35WBmKlXJaW0/FeWX7rMRy/d1cwVO8exczEsurb5orQ9CiEyLBILSyW bfsiqDWOvt5wFRD5ZkFGFqBDZD+NSvOAMc+TgH6a26Wvj2ws/Q7vHHncD6JuhFwi iQ5ELkiolHPsOTKRHOIUvX1l5nL+W+dUdS99DuLGymkuXqIO1eiF3j9rf6WCsEZ9 XZ5xuhS06+3HwhRkDFhuT5U2YTZFYDZmGEuVGj5YrIsmHiXm+pUA+60SnvoSYb4a 3qZ86av/15SJckL8u0UR7D9w/BnEmuqXbqzkOAQ74T8BKHGj4q5DZHgWmQJav9fE 77W31cNYgUGG5LKMAKWImJjrCedYMWgx3u3iSTXz0rNX3MRCn/0879D1KzluYa56 4cd6PW0XMGwCrInWWoScKcCeEI64IDYzyoAraH82dWUV+MPa/3Gi/O2bd9wZ+vHI tgX05XCSqcjduLAaVVuR3LjlmrUDwK22rvGZe0u1iQ7eZAtkflTup8OKmBnF/DwT CEU+35/7x32xoII2FD3AYwABZsTk8Jk7HlF4XbkXPFiTFa+o9SUgGY0jPRI8Qusv XUKO8jCoJVrm+vdPbb4mWPWPf/eK+LNuwxvyMYU2cY79O9bmMDXLJY1liVeoM5UC AwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU6JvNfoZim3pNjACX OYXPHHiQcDowDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQB7/SrD yxspAhAJresusytt2Uug2zWY9Y8Cp9NCC0Org7V3R4hGhd3Rth59mBuMcb6qyPDv xmotVphS6JaJ+9XqAN/+5iLKp7k+ZUR1w4q/i3eJw2pX+rzI4RDe8dqFJ/HtB//V wkLUomEv34hx4zTmZ2SbxnoZ6znv8+oEqHRpTIC1/K29DQj0yO8oJ4LK3ejzuldn ouopwZnhdmb59nhdnD7w9s+hGTTT8TwzocyCMrZI44M+D79nlcGimXhCQ/cDTRNX b91x3Rbz+3k4G2KapM1eUN4RIJCKIpir2kZ6TDTRSN3ZZmViVAXZdJlndFexOi4Y sK6snz8u6x+ynM2O+Nt4jtQGz6OTMWt/7VJyt4vPKG/J+VRPAdQ6hugu+uHQJYTj FvyMjSTjZMwqjLJgU59ZkkUJlFuoEIUyy3fyjpWKRHLPbhfeRL0Krv0mtj15Zj1N vH4yQ13b4GW1KGm6fJ4ySo/qerA9Fl39PvobBPgQNXjM7cHZLb9r0u/pn8Bbj+q+ etEx5wY9rYSr7DvxEsd/8fhGLwl4l8AnPbE/cSOLGqdc5hYlDiZNuQ5Wp1KkOAmv SQX+f84/wvzm5EqUJ+VTxIg06wJXvM6OK613U3JAu4UWVRkvg3aVo3Y5qLL0faTb AEJ6oHuOGQbkl81bPTq0XMBpHzJmvwifhJsiZQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC SVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1 ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX 4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9 KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/ gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb rxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ 51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F be8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe KF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F v6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7 jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz ezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL e3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70 jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz WochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V SM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j pwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok fcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R K4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU ZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU LysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFvDCCA6SgAwIBAgIQIWYVBQUnBQW8irAdrwq+xDANBgkqhkiG9w0BAQsFADB4 MQswCQYDVQQGEwJUTjE5MDcGA1UEAxMwVHVuaXNpYW4gUm9vdCBDZXJ0aWZpY2F0 ZSBBdXRob3JpdHkgLSBUdW5Sb290Q0EyMS4wLAYDVQQKEyVOYXRpb25hbCBEaWdp dGFsIENlcnRpZmljYXRpb24gQWdlbmN5MB4XDTE1MDUwNTA4NTcwMVoXDTI3MDUw NTA4NTcwMVoweDELMAkGA1UEBhMCVE4xOTA3BgNVBAMTMFR1bmlzaWFuIFJvb3Qg Q2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gVHVuUm9vdENBMjEuMCwGA1UEChMlTmF0 aW9uYWwgRGlnaXRhbCBDZXJ0aWZpY2F0aW9uIEFnZW5jeTCCAiIwDQYJKoZIhvcN AQEBBQADggIPADCCAgoCggIBALAH52L70A1Vzme3V41uDKknVB7rqSSrZ4+PnGEP 2ygyLzv4LGWSLa66M5LAK57yH15tI12zWB+NocBtdYUKsBNOW1ZGizm9C4K7OkOb CLpG7vkX683I1+N1E96uUUgKziCVRp8C7FWMdKpa/PzqCTM1bqNHBsfdfoRoDscS ypTD7eZsAm3eAok1swTLRfh8R6TTH9/lXCPi8yJ7uUui/Rc1XUjpv/WzJWOL53jr /HUnvYhcpoU/Qd+VfN16Ro/+Htqxq9jTjs0GjMnYUkIRUqKDj1yDe+Qnto8foF49 0nV9eVOTBpfjA8eWLNoBPHnFO1DosNOhpOLTg31E+BDPoBoq8mWAvXfBmGV2rhIh Yso6vr61mcNbxNG/m8AKylgeFabXIV6xTQrlcHiaaOZ0ZjIUKh4Rvoj3BvZVo8Mf bheQVdGKQIlWQ9VP5qLJiGQABVE/V7Q8tr5qkXFA8aJc8dftnLZX9lnUKhHl1OW/ ux7RyNdfRAWbu4k6radDd34VYHyIXZvspVzSRq0Mi1RF1JRRVUVSqlzYEaz4ViJs 2dIU6bdOQoVURvgBxj0mBnfosjUb8J1CyX/+gCcBUMt/xaxU+mttloxBpKHS57WR SG93HIvCK3T+PFzEXZTOq/EglmvBDFpf+eU1uWyjEGfvkapIDu9It3ZYYtm+nkKz pL01AgMBAAGjQjBAMB0GA1UdDgQWBBTMc8Wjaikxl6eNoNhUwQp1tiM/pjAPBgNV HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEA LvKHSO2Znp8BDDzJCnhTfBg13rblbPQAgOGbi9n6+6r7ZbfSyfXXp8t+ybGicVht WTfW4DMQyrXZcttOJTeqpt0dGL31yYqceojuHwLELZJUfVfiXBkYIwJ6XEmVtpjn wmBBZUC77Fq3cZxQ8nN2+18N7zXPtGmNhehMkBcDC8mzLiA3YxFipk/jNOD7eVXn xsKuQv6wNGxJIw5yB3tmBVVI+xIPoMD6TtH7Pcz+/RZLVlDNESynm/exCs+m6+/d jriuQgh8pIyU6obHQ+P3PIrfR9IwQMgtU/VvEUnMIYyWQ08QoEehVo0fHFvYVlvr NHbhNTpx1MwhL541KPJa3p7k7kdqEOg4vUq0fQR/Ba5ICrQDvy6zChufy63dTdCH IbdHdoKDLcdXvpoVoxswGGyjOnFvZEcoktsRYSCad2Ut+axWE2xLo1//m6To7+dY 6HueO39qp745ChOUyUhOZmTYU0zsQWv9/DYu1w7fYQt7tUCs3UJJbZ6Av2CV8OnA P3u7GOk4tVZOp36KYu+YHvh4QKm72OnltLT542ec7FPPuEK0L5OBNaBs9rogimg9 923/f9NM93qUaAN3Qzs1UapTEj5HExQ5rNZlj6hG/zwh9NK/0EikfqdRm5cS9Zk0 FyNWhBNjyzTKH8q6qAcp80MkCkl//Q7UkPCrQyFinI8= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFszCCA5ugAwIBAgIUEwLV4kBMkkaGFmddtLu7sms+/BMwDQYJKoZIhvcNAQEL BQAwYTELMAkGA1UEBhMCVE4xNzA1BgNVBAoMLkFnZW5jZSBOYXRpb25hbGUgZGUg Q2VydGlmaWNhdGlvbiBFbGVjdHJvbmlxdWUxGTAXBgNVBAMMEFR1blRydXN0IFJv b3QgQ0EwHhcNMTkwNDI2MDg1NzU2WhcNNDQwNDI2MDg1NzU2WjBhMQswCQYDVQQG EwJUTjE3MDUGA1UECgwuQWdlbmNlIE5hdGlvbmFsZSBkZSBDZXJ0aWZpY2F0aW9u IEVsZWN0cm9uaXF1ZTEZMBcGA1UEAwwQVHVuVHJ1c3QgUm9vdCBDQTCCAiIwDQYJ KoZIhvcNAQEBBQADggIPADCCAgoCggIBAMPN0/y9BFPdDCA61YguBUtB9YOCfvdZ n56eY+hz2vYGqU8ftPkLHzmMmiDQfgbU7DTZhrx1W4eI8NLZ1KMKsmwb60ksPqxd 2JQDoOw05TDENX37Jk0bbjBU2PWARZw5rZzJJQRNmpA+TkBuimvNKWfGzC3gdOgF VwpIUPp6Q9p+7FuaDmJ2/uqdHYVy7BG7NegfJ7/Boce7SBbdVtfMTqDhuazb1YMZ GoXRlJfXyqNlC/M4+QKu3fZnz8k/9YosRxqZbwUN/dAdgjH8KcwAWJeRTIAAHDOF li/LQcKLEITDCSSJH7UP2dl3RxiSlGBcx5kDPP73lad9UKGAwqmDrViWVSHbhlnU r8a83YFuB9tgYv7sEG7aaAH0gxupPqJbI9dkxt/con3YS7qC0lH4Zr8GRuR5KiY2 eY8fTpkdso8MDhz/yV3A/ZAQprE38806JG60hZC/gLkMjNWb1sjxVj8agIl6qeIb MlEsPvLfe/ZdeikZjuXIvTZxi11Mwh0/rViizz1wTaZQmCXcI/m4WEEIcb9PuISg jwBUFfyRbVinljvrS5YnzWuioYasDXxU5mZMZl+QviGaAkYt5IPCgLnPSz7ofzwB 7I9ezX/SKEIBlYrilz0QIX32nRzFNKHsLA4KUiwSVXAkPcvCFDVDXSdOvsC9qnyW 5/yeYa1E0wCXAgMBAAGjYzBhMB0GA1UdDgQWBBQGmpsfU33x9aTI04Y+oXNZtPdE ITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFAaamx9TffH1pMjThj6hc1m0 90QhMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAqgVutt0Vyb+z xiD2BkewhpMl0425yAA/l/VSJ4hxyXT968pk21vvHl26v9Hr7lxpuhbI87mP0zYu QEkHDVneixCwSQXi/5E/S7fdAo74gShczNxtr18UnH1YeA32gAm56Q6XKRm4t+v4 FstVEuTGfbvE7Pi1HE4+Z7/FXxttbUcoqgRYYdZ2vyJ/0Adqp2RT8JeNnYA/u8EH 22Wv5psymsNUk8QcCMNE+3tjEUPRahphanltkE8pjkcFwRJpadbGNjHh/PqAulxP xOu3Mqz4dWEX1xAZufHSCe96Qp1bWgvUxpVOKs7/B9dPfhgGiPEZtdmYu65xxBzn dFlY7wyJz4sfdZMaBBSSSFCp61cpABbjNhzI+L/wM9VBD8TMPN3pM0MBkRArHtG5 Xc0yGYuPjCB31yLEQtyEFpslbei0VXF/sHyz03FJuc9SpAQ/3D2gu68zngowYI7b nV2UqL1g52KAdoGDDIzMMEZJ4gzSqK/rYXHv5yJiqfdcZGyfFoxnNidF9Ql7v/YQ CvGwjVRDjAS6oz/v4jXH+XTgbzRB0L9zZVcg+ZtnemZoJE6AZb0QmQZZ8mWvuMZH u/2QeItBcy6vVR/cO5JyboTT0GFMDcx2V+IthSIVNg3rAZ3r2OvEhJn7wAzMMujj d9qDRIueVSjAi1jTkD5OGwDxFa2DK5o= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIHBDCCBOygAwIBAgIQDziMcP6mlV3pXZyHr3kEmTANBgkqhkiG9w0BAQsFADB1 MQswCQYDVQQGEwJFUzFBMD8GA1UEChM4QWdlbmNpYSBOb3RhcmlhbCBkZSBDZXJ0 aWZpY2FjaW9uIFMuTC5VLiAtIENJRiBCODMzOTU5ODgxIzAhBgNVBAMTGkFOQ0VS VCBDZXJ0aWZpY2Fkb3MgQ0dOIFYyMB4XDTEwMDUyNTE2MzEyMloXDTMwMDUyNTE2 MzEyM1owdTELMAkGA1UEBhMCRVMxQTA/BgNVBAoTOEFnZW5jaWEgTm90YXJpYWwg ZGUgQ2VydGlmaWNhY2lvbiBTLkwuVS4gLSBDSUYgQjgzMzk1OTg4MSMwIQYDVQQD ExpBTkNFUlQgQ2VydGlmaWNhZG9zIENHTiBWMjCCAiIwDQYJKoZIhvcNAQEBBQAD ggIPADCCAgoCggIBAJ1ScOknGIPK6sSZ2KbhLhSvbh4OZMqBN1UnHBd3WGcfjMn5 wopiZSh0m+LRvlUHdnbufG1OY1seSiV14Aeh0NKCp84PM+u6FMBlskou5WW8ItKv Gg7Ky/NkZSssmaOXi4t1MP5m+sFPSzdQjD/z3pl6ToecIEZyl/5WG2ZOoIJTo1zY KEYMBRdvONZcnw4lIsGG41waVNuunWV9AJLfqCEhxVsQJnThsXNXZHx9FwMM6vcU lw/5xe5ddbDFxgoLtD5J4xnGm0ST/FoVZAqyg/+AXogJ0Mogo1v7283hGncjGHAa i+1EP9YaqDY44Z0vp3fEerPAcrJyzR4/EF4aiHSN8BLF969J3JWvK020kMr57u8M 478WNyNT4yn69HRpaD1XbRRgimRpKGRN+jZH/bgSzsOGqlzcZjkHTzvj48Vors7g OVwggz8SCjizAMFcE5ciXjpLNZn4xB7e+YgRjoTJizLy0te/Igc/YHgudRyiuiMS 0/BPUDnsyXcnx1oqjtO5tXQEmRUvLoZfjwbByuriqB9NfTOEkaSSw9CmSF1mGneE IFCc6gQLDCOWz7Gc/Lm6H5eo06sDZS99rlTHeeIcNt1t0gaYAf3O/D9Lw9Ku/4nY OTED2LFkdwPG+KON/Cp55xC9uW2RHD6dy7xVfyL+YYT42NSnIXo5XnIy60x1AgMB AAGjggGOMIIBijAPBgNVHRMBAf8EBTADAQH/MIIBJQYDVR0gBIIBHDCCARgwggEU BgkrBgEEAYGTaAQwggEFMCUGCCsGAQUFBwIBFhlodHRwOi8vd3d3LmFuY2VydC5j b20vY3BzMIHbBggrBgEFBQcCAjCBzjANFgZBTkNFUlQwAwIBAR6BvABBAGcAZQBu AGMAaQBhACAATgBvAHQAYQByAGkAYQBsACAAZABlACAAQwBlAHIAdABpAGYAaQBj AGEAYwBpAG8AbgAuACAAUABhAHMAZQBvACAAZABlAGwAoABHAGUAbgBlAHIAYQBs ACAATQBhAHIAdABpAG4AZQB6ACAAQwBhAG0AcABvAHMAIAA0ADYAIAA2AGEAIABw AGwAYQBuAHQAYQAgADIAOAAwADEAMAAgAE0AYQBkAHIAaQBkMA4GA1UdDwEB/wQE AwIBhjAdBgNVHQ4EFgQUBW7hoZruB6/O9bTTZT0EUOLQm0QwHwYDVR0jBBgwFoAU BW7hoZruB6/O9bTTZT0EUOLQm0QwDQYJKoZIhvcNAQELBQADggIBAH9UQBkkykwT 9hP5XGKVMNW44JOAbNQVRtQnPpJSqtyBY4ZA29Ulr5+TbAr1TaH+VJZdh68Rkw+L 8uPwH0qf/KnRyVB3X5gICC16i4EQzDsCVFjlxqf098ro9jcGfucR12yFY/eoow7i JWIEpPJiU5xHtKdku4Hl1l5WEb5FEWHCZun0DXSoq/lbv4KykaZQ+4d+b7vI6wWi uRDXG0IHVc+J5r/7ufBqOVdTcIy9S6Npvx+LplxNZYq5AAnoaL8JJwdNXtpSCYzl cZOKzIWO0jdeU9yCbQtWSoR5CvQQJUT1b10aZrXN1RBLh1pO1H/kcazuaJ+8+i5Y wcSef6RZheBSDvLHR3UVLSx2jA9FBTVg+Hs7dzJ/KIAJ2jG8cX3hrJHNYAp5IOxu O7eE4HLzqUrQL+Rb49Ia1Eq89Xb5fyoZSOvdDs+ZVkW4fdYJjg7Os4RoSYRUNUvk mRuv86gU81SYCoB+T7zyZi0m/zCNp/a925qP5eHfu7cyDvmSb2nj5HbTADbxLV7H E1/V2Wot6NEba3bLGG4OBRD1WvJJG1m0herKGXTMu1LiN4zCagIlwtJxpJLbjsnW qW7QhShtXG0IeAKweQxXbwtaAeOEhAL2z/KrY+sCarnLShjVOSI8VkqqlYjmMAAf jSEhyVfuubdEKYhPtiunFO6O7m++FtAT -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIHEjCCBPqgAwIBAgIQCb1WBSoTFvRoT3QOqX0cSDANBgkqhkiG9w0BAQsFADB8 MQswCQYDVQQGEwJFUzFBMD8GA1UEChM4QWdlbmNpYSBOb3RhcmlhbCBkZSBDZXJ0 aWZpY2FjaW9uIFMuTC5VLiAtIENJRiBCODMzOTU5ODgxKjAoBgNVBAMTIUFOQ0VS VCBDZXJ0aWZpY2Fkb3MgTm90YXJpYWxlcyBWMjAeFw0xMDA1MjUxNjU2MTRaFw0z MDA1MjUxNjU2MTRaMHwxCzAJBgNVBAYTAkVTMUEwPwYDVQQKEzhBZ2VuY2lhIE5v dGFyaWFsIGRlIENlcnRpZmljYWNpb24gUy5MLlUuIC0gQ0lGIEI4MzM5NTk4ODEq MCgGA1UEAxMhQU5DRVJUIENlcnRpZmljYWRvcyBOb3RhcmlhbGVzIFYyMIICIjAN BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsua5xh1qKi1Jxfz81GRA0OAULveg wv+S80GmtD/avhkUkZR20xXMXn94UHrb2sVFqsscI3lzkKi7ZwFzjs5A+Rqpqofk k5IPXGhcXvAGYCtY3DxtPMd6MGsFqpKGcyrS8hqIxNvlWmaOdclCP5uIKEAe9alc HvrIQaEwqwuc7haiwS2lhfrtoAzof5ZKe72PmqIYdtKv3bc9EKtSEIiuHeu4MnSW 9LeqJ/elBw3jlFdqVCB3zR28eS3knLTeUYj+VtY9i6HP+lIejAVzd9YFz2MAUYdh 41C+mZfh/B4ReWtOas+chQoclirAIDYUxQkXYjv0rerV1/3QOSp409Ciz8hzMAlH xU4Z/bgw1A+AmIiGwUxBeiPFQ/1eErg+D7G3gWIMfm/je5rCwkcRIR/PntEwzoPB EE1Ad9e1wksyQEL6m7Csz+sh2BnrZMVr3VUtgIdEfEw8qw3YEr80goyxqsS4a+gO RnfSiwYdQvusvcnnM7Mib37VLgPFXwUWhnzt457RFncaRtjJ0IzkXFwhBZHxZOSs xTeutb1nE64p5bNCxHAJo11M6zcg4/D1czM7wvyOUYU2KsuB2w6JI9ni4Wi6LER3 PhxAuvBnjhiH8D3X6T9HWzVCzacEzkhyKQUatNGi5w15ipZtZ1ItOyPm+YKc1rN5 XhTeZUgz/B1C6C0CAwEAAaOCAY4wggGKMA8GA1UdEwEB/wQFMAMBAf8wggElBgNV HSAEggEcMIIBGDCCARQGCSsGAQQBgZNoATCCAQUwJQYIKwYBBQUHAgEWGWh0dHA6 Ly93d3cuYW5jZXJ0LmNvbS9jcHMwgdsGCCsGAQUFBwICMIHOMA0WBkFOQ0VSVDAD AgEBHoG8AEEAZwBlAG4AYwBpAGEAIABOAG8AdABhAHIAaQBhAGwAIABkAGUAIABD AGUAcgB0AGkAZgBpAGMAYQBjAGkAbwBuAC4AIABQAGEAcwBlAG8AIABkAGUAbACg AEcAZQBuAGUAcgBhAGwAIABNAGEAcgB0AGkAbgBlAHoAIABDAGEAbQBwAG8AcwAg ADQANgAgADYAYQAgAHAAbABhAG4AdABhACAAMgA4ADAAMQAwACAATQBhAGQAcgBp AGQwDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBT2Ejqre1jBjUNvdoHS8rjT7xfq CzAfBgNVHSMEGDAWgBT2Ejqre1jBjUNvdoHS8rjT7xfqCzANBgkqhkiG9w0BAQsF AAOCAgEAVDXTomXJ2TbFU9G0jXI0ibqnCJ/pNRC5uAwG+WSqlZYoqMijgNxWwL9y TVa/f10E1a0oW02988MPFbBx2laNQFVXpn1ioq0TaVGqlFC6vQAwUPXdpE4JepQx a9tzA73z2hoPjC+yyTe8VNULIzf15Fs3ZolPtMcFpGXcWTCmEyt+Fe3sEBeJUsmd 36JM7fYPHqZJsA1RszGxUZnLtNEjeNJLqLQdFqag0D4HfmU/Jc5kThsuS02ChRpl 2+7iA/BZJAWPme95gt/uKjdow2pQAVlfn2jcLFFgK13gUjw7cLgA0zeoPlsedgha 1Lt2MK75yPKOpI8KdX0amOG/0DaULzzBUtNp6hpgN4yA201txppdjaBhUbs9DeYS oJ9vWVZ0MmcK/DcGwTrkK46EH9ohDEmIQ9Ol9YINdobDLMyQu7O4q8bLrsAXUZ7T gPck2hzszhKDzk42MDl1+HR2kIKePkBMDBS5Gh5IarAx6oh/gEFAU3s4S4eQYHpL zmdGaHV3jgBdILDkkzdtA99YOeiaxaTr7GEzCIUka08G6a2QpTZibOPdfQkfM7+3 u/fJdQX3W6v6h1mvGmcQfoTcjHDWROkQwdibLtHGQGrq5loPEH1s+1WHuk21cQOe F4942lU9V14iCmqY8I0Izd2WQlobzbpvJ7h0J6g/5aDWc8deLyE= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM 9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6 VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L 93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU 5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy rqXRfboQnoZsG4q5WTP468SQvvG5 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv b3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK gXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ W0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg 1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K 8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r 2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me z/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR 8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj mUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz 7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6 +XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI 0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB Af8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm UjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2 LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY +gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS k5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl 7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm btmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl urR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+ fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63 n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE 76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H 9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT 4PsJYGw= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5 MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg Q0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl ui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr ttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr BqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM YyRIHN8wfdVoOw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5 MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g Um9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg Q0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi 9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk M6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB /zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB MAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW 1KyLa2tJElMzrdfkviT8tQp21KW8EA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2 8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk 6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn 0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN sSi6 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/E jG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWo ePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GI ULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapu Ob7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUg AKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7 HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA uI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQa TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs 6GAqm4VKQPNriiTsBhYscw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICZTCCAeugAwIBAgIQeI8nXIESUiClBNAt3bpz9DAKBggqhkjOPQQDAzB0MQsw CQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScw JQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGTAXBgNVBAMT EENlcnR1bSBFQy0zODQgQ0EwHhcNMTgwMzI2MDcyNDU0WhcNNDMwMzI2MDcyNDU0 WjB0MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBT LkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGTAX BgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATE KI6rGFtqvm5kN2PkzeyrOvfMobgOgknXhimfoZTy42B4mIF4Bk3y7JoOV2CDn7Tm Fy8as10CW4kjPMIRBSqniBMY81CE1700LCeJVf/OTOffph8oxPBUw7l8t1Ot68Kj QjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI0GZnQkdjrzife81r1HfS+8 EF9LMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNoADBlAjADVS2m5hjEfO/J UG7BJw+ch69u1RsIGL2SKcHvlJF40jocVYli5RsJHrpka/F2tNQCMQC0QoSZ/6vn nvuRlydd3LBbMHHOXjgaatkl5+r3YZJW+OraNsKHZZYuciUvf9/DE8k= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3 WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8 J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI 03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCB gDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG A1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMCIYDzIwMTExMDA2MDgz OTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQTDEiMCAGA1UEChMZ VW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRp ZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3 b3JrIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWA DGSdhhuWZGc/IjoedQF97/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn 0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+oCgCXhVqqndwpyeI1B+twTUrWwbNWuKFB OJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40bRr5HMNUuctHFY9rnY3lE fktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2puTRZCr+E Sv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1m o130GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02i sx7QBlrd9pPPV3WZ9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOW OZV7bIBaTxNyxtd9KXpEulKkKtVBRgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgez Tv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pyehizKV/Ma5ciSixqClnrDvFAS adgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vMBhBgu4M1t15n 3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMC AQYwDQYJKoZIhvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQ F/xlhMcQSZDe28cmk4gmb3DWAl45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTf CVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuAL55MYIR4PSFk1vtBHxgP58l1cb29 XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMoclm2q8KMZiYcdywm djWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tMpkT/ WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jb AoJnwTnbw3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksq P/ujmv5zMnHCnsZy4YpoJ/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Ko b7a6bINDd82Kkhehnlt4Fj1F4jNy3eFmypnTycUm/Q1oBEauttmbjL4ZvrHG8hnj XALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLXis7VmFxWlgPF7ncGNf/P 5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7zAYspsbi DrW5viSP -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFwDCCA6igAwIBAgIQHr9ZULjJgDdMBvfrVU+17TANBgkqhkiG9w0BAQ0FADB6 MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEu MScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNV BAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwHhcNMTgwMzE2MTIxMDEzWhcNNDMw MzE2MTIxMDEzWjB6MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEg U3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRo b3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwggIiMA0GCSqG SIb3DQEBAQUAA4ICDwAwggIKAoICAQDRLY67tzbqbTeRn06TpwXkKQMlzhyC93yZ n0EGze2jusDbCSzBfN8pfktlL5On1AFrAygYo9idBcEq2EXxkd7fO9CAAozPOA/q p1x4EaTByIVcJdPTsuclzxFUl6s1wB52HO8AU5853BSlLCIls3Jy/I2z5T4IHhQq NwuIPMqw9MjCoa68wb4pZ1Xi/K1ZXP69VyywkI3C7Te2fJmItdUDmj0VDT06qKhF 8JVOJVkdzZhpu9PMMsmN74H+rX2Ju7pgE8pllWeg8xn2A1bUatMn4qGtg/BKEiJ3 HAVz4hlxQsDsdUaakFjgao4rpUYwBI4Zshfjvqm6f1bxJAPXsiEodg42MEx51UGa mqi4NboMOvJEGyCI98Ul1z3G4z5D3Yf+xOr1Uz5MZf87Sst4WmsXXw3Hw09Omiqi 7VdNIuJGmj8PkTQkfVXjjJU30xrwCSss0smNtA0Aq2cpKNgB9RkEth2+dv5yXMSF ytKAQd8FqKPVhJBPC/PgP5sZ0jeJP/J7UhyM9uH3PAeXjA6iWYEMspA90+NZRu0P qafegGtaqge2Gcu8V/OXIXoMsSt0Puvap2ctTMSYnjYJdmZm/Bo/6khUHL4wvYBQ v3y1zgD2DGHZ5yQD4OMBgQ692IU0iL2yNqh7XAjlRICMb/gv1SHKHRzQ+8S1h9E6 Tsd2tTVItQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSM+xx1 vALTn04uSNn5YFSqxLNP+jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQAD ggIBAEii1QALLtA/vBzVtVRJHlpr9OTy4EA34MwUe7nJ+jW1dReTagVphZzNTxl4 WxmB82M+w85bj/UvXgF2Ez8sALnNllI5SW0ETsXpD4YN4fqzX4IS8TrOZgYkNCvo zMrnadyHncI013nR03e4qllY/p0m+jiGPp2Kh2RX5Rc64vmNueMzeMGQ2Ljdt4NR 5MTMI9UGfOZR0800McD2RrsLrfw9EAUqO0qRJe6M1ISHgCq8CYyqOhNf6DR5UMEQ GfnTKB7U0VEwKbOukGfWHwpjscWpxkIxYxeU72nLL/qMFH3EQxiJ2fAyQOaA4kZf 5ePBAFmo+eggvIksDkc0C+pXwlM2/KfUrzHN/gLldfq5Jwn58/U7yn2fqSLLiMmq 0Uc9NneoWWRrJ8/vJ8HjJLWG965+Mk2weWjROeiQWMODvA8s1pfrzgzhIMfatz7D P78v3DSk+yshzWePS/Tj6tQ/50+6uaWTRRxmHyH6ZF5v4HaUMst19W7l9o/HuKTM qJZ9ZPskWkoDbGs4xugDQ5r3V7mzKWmTOPQD8rv7gmsHINFSH5pkAnuYZttcTVoP 0ISVoDwUQwbKytu4QTbaakRnh6+v40URFWkIsr4WOZckbxJF0WddCajJFdr60qZf E2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyRVJ12AMXDuDjb -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGFDCCA/ygAwIBAgIIG3Dp0v+ubHEwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UE BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0xNDA5MjMxNTIyMDdaFw0zNjA1 MDUxNTIyMDdaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9 thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF 6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMB0GA1UdDgQWBBRlzeurNR4APn7VdMAc tHNHDhpkLzASBgNVHRMBAf8ECDAGAQH/AgEBMIGmBgNVHSAEgZ4wgZswgZgGBFUd IAAwgY8wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuZmlybWFwcm9mZXNpb25hbC5j b20vY3BzMFwGCCsGAQUFBwICMFAeTgBQAGEAcwBlAG8AIABkAGUAIABsAGEAIABC AG8AbgBhAG4AbwB2AGEAIAA0ADcAIABCAGEAcgBjAGUAbABvAG4AYQAgADAAOAAw ADEANzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAHSHKAIrdx9m iWTtj3QuRhy7qPj4Cx2Dtjqn6EWKB7fgPiDL4QjbEwj4KKE1soCzC1HA01aajTNF Sa9J8OA9B3pFE1r/yJfY0xgsfZb43aJlQ3CTkBW6kN/oGbDbLIpgD7dvlAceHabJ hfa9NPhAeGIQcDq+fUs5gakQ1JZBu/hfHAsdCPKxsIl68veg4MSPi3i1O1ilI45P Vf42O+AMt8oqMEEgtIDNrvx2ZnOorm7hfNoD6JQg5iKj0B+QXSBTFCZX2lSX3xZE EAEeiGaPcjiT3SC3NL7X8e5jjkd5KAb881lFJWAiMxujX6i6KtoaPc1A6ozuBRWV 1aUsIC+nmCjuRfzxuIgALI9C2lHVnOUTaHFFQ4ueCyE8S1wF3BqfmI7avSKecs2t CsvMo2ebKHTEm9caPARYpoKdrcd7b/+Alun4jWq9GJAd/0kakFI3ky88Al2CdgtR 5xbHV/g4+afNmyJU72OwFW1TZQNKXkqgsqeOSQBZONXH9IBk9W6VULgRfhVwOEqw f9DEMnDAGf/JOC0ULGb0QkTmVXYbgBVX/8Cnp6o5qtjTcNAuuuuUavpfNIbnYrX9 ivAwhZTJryQCL2/W3Wf+47BVTwSYT6RBVuKT0Gro1vP7ZeDOdcQxWQzugsgMYDNK GbqEZycPvEJdvSRUDewdcAZfpLz6IHxV -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9 thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF 6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF 661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9 am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1 ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481 PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS 3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF 3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw HgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB BQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1g1Lr 6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPV L4O2fuPn9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC91 1K2GScuVr1QGbNgGE41b/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHx MlAQTn/0hpPshNOOvEu/XAFOBz3cFIqUCqTqc/sLUegTBxj6DvEr0VQVfTzh97QZ QmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeffawrbD02TTqigzXsu8lkB arcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgIzRFo1clr Us3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLi FRhnBkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRS P/TizPJhk9H9Z2vXUq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN 9SG9dKpN6nIDSdvHXx1iY8f93ZHsM+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxP AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMmAd+BikoL1Rpzz uvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAU18h 9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3t OluwlN5E40EIosHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo +fsicdl9sz1Gv7SEr5AcD48Saq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7 KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYdDnkM/crqJIByw5c/8nerQyIKx+u2 DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWDLfJ6v9r9jv6ly0Us H8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0oyLQ I+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK7 5t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h 3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPz Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw HgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB BQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRHsJ8Y ZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3E N3coTRiR5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9 tznDDgFHmV0ST9tD+leh7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX 0DJq1l1sDPGzbjniazEuOQAnFN44wOwZZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c /3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH2xc519woe2v1n/MuwU8X KhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV/afmiSTY zIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvS O1UQRwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D 34xFMFbG02SrZvPAXpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgP K9Dx2hzLabjKSWJtyNBjYt1gD1iqj6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3 AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEe4zf/lb+74suwv Tg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAACAj QTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXS IGrs/CIBKM+GuIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2 HJLw5QY33KbmkJs4j1xrG0aGQ0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsa O5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8ZORK15FTAaggiG6cX0S5y2CBNOxv 033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2KSb12tjE8nVhz36u dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41 3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq 4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFmTCCA4GgAwIBAgIIcYwvOXxAdEAwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE BhMCR1IxGzAZBgNVBAoMEkJZVEUgQ29tcHV0ZXIgUy5BLjEuMCwGA1UEAwwlQllU RSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IDAwMTAeFw0xNDA5MTAyMjAx NTRaFw0zOTA5MTAyMjAxNTRaMFoxCzAJBgNVBAYTAkdSMRswGQYDVQQKDBJCWVRF IENvbXB1dGVyIFMuQS4xLjAsBgNVBAMMJUJZVEUgUm9vdCBDZXJ0aWZpY2F0aW9u IEF1dGhvcml0eSAwMDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDt Ei4Xc55v9POZ6J4IVwk0JBFAH4whfhuvOMPRx+YU5fobul5m9SVp9+3NboJwr7pC 8LEZXCv8RYQYLHoXT2GFRhl8zsGNn1SedyVmD+D2+JLKKc4nVxUqbII4bSfmvk1z DnOv43E9vAlCD9UNoe19a673wfBszcKXoVj9NRWWF0yfv/XxOUtwt+dKbBw/wXBb z9aL6+9vMOhfyEZ3IWIWXsZURTn1dLpnJGilcVs+wfsJk+simfjS9XsCbI9Y4qvv 3XQh5CRplEDWwQQYDthC8P3XigXAXxuK6y7ADQcGcwGFjh/BwIqhWKZRuViRQg9u 4bwK6LsogxV15Q3+STApKULCwjb/pDx9Lvfa8qIvFrxhqJlYGKRJxmoHEusbfLTO 5/shgCtwpsjOrVUeHx2E0P1UakxWY8jdfqD5OdvvfFr3jDWlbipW+v7jX5NUcg5o 40krk001IpcUlWZPp3c6LiVM9gmLEhtxxXKnm7m86xygpclUg2HcV1WttebaeCt2 p/742/6MM6SKo0ZcrbIKEg6K5FCe8LjLmVNMZCFrijgq4IiGANQXrGay574tOynl +KeU24xY+NJLMJ/yxGJlUEdygM+kcEC2vUT+2b8oKy43x7NRDoIptbFvrX4sk8Cp f5H6xx818LuXyU9hKJCEQeh9IUDFyYY87ZqthZyiUwIDAQABo2MwYTAdBgNVHQ4E FgQUtE1mt9OzyJl8ATLQkTr31qgSMd4wDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME GDAWgBS0TWa307PImXwBMtCROvfWqBIx3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI hvcNAQELBQADggIBABwa6wauVb07PzYsYZ7qx1P8cKoyb+RCquu9hewbilrylZYp oQQGks4kV/9AI3hOyfgwTUJVRE43on1rjmj+Dv5/37CfY1Hz4cWllJ+KIyhI80GL 0v547dnQCA9tfdWdlazV/hJmGuS+dVTz0U2cThPUnnA0bai6CjOIja0FN/5LeX99 A0F5Ew2fPfc4nDVaRE8+PKLlgcV/X3ZPGztub5ptt+0PyzIfiLRFDJwR0vgEWhM3 WZiBzkz05ZQoBMS1U8lUjXA/aAHbzBMK5CWjbJntELN6IKlJvAX0+Bto1rogHYJn ZuCwn1zKNdJFrtWIGdt6BpuMoDeHUSO+Rdpcs39rz8aoHDOKex2R+p687H07RRVP G6c7NbR581uCUOCcp+0WddtjgGKh2hgCaoDegqpETUQ4KKpu+hhjOWD3QylJWrok wL+zCpcdZ0laIrJnBJxYqfgMNFxAlrSHtUVhGeWO7wbekRXAuIrKlMkKdX1xO1iB M8j3B0FVmClDtcuaQ+ly+s/wizG85++5auNBnSE+DRWohb0bToeOR7IQ/jcYaoTl iRwUY+i5g6m1u+hjmnoZjMt09/gXCPGLGdi07B5uSXM/XCDdNSqWd+lGbxY7y6nv mwohEcjDpMkjRW0/YpWd0yjHnQ+z/jeNHUiyUOYluU4zYTbWFhzKMjcgdhws -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFojCCA4qgAwIBAgIGC4LclDN2MA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNVBAYT AkNBMSswKQYDVQQKEyJDYXJpbGxvbiBJbmZvcm1hdGlvbiBTZWN1cml0eSBJbmMu MSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMRAwDgYDVQQDEwdD SVNSQ0ExMB4XDTEyMTAxNjE4MjgzM1oXDTMyMTAxNjE4MjgzM1owcDELMAkGA1UE BhMCQ0ExKzApBgNVBAoTIkNhcmlsbG9uIEluZm9ybWF0aW9uIFNlY3VyaXR5IElu Yy4xIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxEDAOBgNVBAMT B0NJU1JDQTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEdvFial/N Kc0ENn9uYX5z9J1m3yJamoNEgWb9ThGwPqzoiLJTOf/jur7U/9OF2L1br2hPM6y4 FH0SW3qVa8c2/iuP9IhgiTqqWThMwV1VgaXf2B8xetOjTvBRy8Mxh64L3speG6F0 OPCSd3E8yxN+oMEKmL3YuPhUNJhOZxaaV0smhl8bZnKqwfJogp1YQXxxIuLPATH+ 4uBWqWjgrTOvNTkunG4GTPMjdi9pJugFOWm39Uga99/ZOTcyVREnBIEfnTyLjINS d8GuLM0rKkrlLfEZabqHXoud4HHIdNLN7m44N2pdGQDSdt2i6247qh31NgZPX15s whDz3W+12nla/tVGRDRIr4YANHwkhN1FkPkWgqyokdTpRjNvfrpHH+Hvr+VQ1sb5 p+1sl6orKU5dxfge9nTJqyT4DVPHaBW+/FyrPXIL0nAEtxbjaanxZ7rGAEx7gDQ1 Ll7tH6Al96WCahB/v49Zb8NGpspCTkIjhQY5NYy18dfBI0JF/S8lcfjzB9MHaL7b mGwq9qVH97BlYK2ufOYRHSdUCGWw2ILAYWvpfo8i1nEda0EgZdhXmh98DlpU4JSw bXXvKDI1PFXDbWf4JL37QPNanTbZNUy74mvZsTYP5G8gGsVvesOROa+vzPP2vSCG utMkITwfNynmn/wav5jfPLogIRKpwjoqkwIDAQABo0IwQDAdBgNVHQ4EFgQU6pUV 2lw5AOKa28S6LWf6ofd1NO0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC AcYwDQYJKoZIhvcNAQELBQADggIBADXQ2Lie8gn48J+ybkiy1+qhmyiJOc3+Fmod 6ZyCX1FHOvWe0byuH5/iXErI7O1GQvF8QwcV326X9u2G/J/FCF6CDqMuqAouvI4b MRIo9nkowSK20ZVpQOhZCSeikWR26tATjXD8ZcNvEZ8qSMqnYvWDFOUaFseRi7QJ xc574+QdbZei6csmHmu03D6Ddi9eTahoiVT9TtJGqED22Mp4zzYaPVlljJv1Kx9M gt94eE0mSkdprW8zHwMeIk7ZBlmeRvxQNV/GhRvkG/gAyeDTOqsmQ81H+lr4hQvH Mtq1DS0wKTp5sxTppQ9wJdGNCVCU7U2SnjA3QNtaeEmPDzkvvS7XqwiUySmK992M vYJ8MFti6DVGVjhdkfYOb4zulZ/9dJ3t7RCrzouPt61/TWlJ8McRVZuagvei+jPy RBH6FUtGqZtrl0LWtLcJERR5U6bnfy0nOgo0JETOVYx6gHVzAkvi+kaUfTMUDUJW uaDmL4VIkZ9EuqEoqbEfiXomClNchbl8hJiMKGCltnqNPaAAPdx/qkjpqC6sX96H LVykaxbqveiVtc54CfhxNuWQaNIHlrq8AIsOmG1NcFPAw8wbE5xImpk9EsAnjmGS TGhSb40DHIn104bA/3FJTyBr/dFvkST18UcjTVnf0L1JQv1AOD7i8QVcJegQ5FoC A+O7fCUq -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIF2jCCA8KgAwIBAgIGRCnTs8Z9MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQG EwJDQTErMCkGA1UEChMiQ2FyaWxsb24gSW5mb3JtYXRpb24gU2VjdXJpdHkgSW5j LjEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczErMCkGA1UEAxMi Q2FyaWxsb24gUEtJIFNlcnZpY2VzIEcyIFJvb3QgQ0EgMTAeFw0yMDAxMjAxOTQy NDVaFw00MDAxMjAxOTQyNDVaMIGLMQswCQYDVQQGEwJDQTErMCkGA1UEChMiQ2Fy aWxsb24gSW5mb3JtYXRpb24gU2VjdXJpdHkgSW5jLjEiMCAGA1UECxMZQ2VydGlm aWNhdGlvbiBBdXRob3JpdGllczErMCkGA1UEAxMiQ2FyaWxsb24gUEtJIFNlcnZp Y2VzIEcyIFJvb3QgQ0EgMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB AMO5XBmVDlHyw4pIktk28Uy7Tdecwcxf2ogVKDW332xN1UmsGMXryGl2xr/ZN3JI 0lBx6WibzlF7rZk2b3PjYInZe0/Q6AYOVYybGNZc7ywdKyBKjw2YPRZNgxgbadEE bpl8ClR2cTy/PrZSOSGF+6QBPuBSuNhmhg2gu2AUXhTyGcWHFRjpXC4G67eWLVK4 CE1+t9KdgnvHXMTotK+9CGee/S8xszVwIl2bxdEoh7xW5LcEEp6bueL2JnSzG9OY ABrtkqIgzl6IRtasVPtLZWXc3QD0EZftiosUaC3nYLdylHfn27qyoL5A6BpitahO Qv0LqnCD6dkmAlKXMT0knuSaDnO9GQwGmlETyqegDh8bQ5XT+mylki8UQi4RLk+b MA/jY7cRLDep8Zn/F0KT/bhnjZ0gK3i5G+OzV8ht1i+SJ05zps7ILGt4rcJnIP9T xkbh3seyf5QCnStn5J+PwnHvesWBSxQ8i6mMh2Gkv8SsUxqlz0yT7ULwbydPHHdq 0QbzoB/fiJy4drIO0tfn2vlDXhEU5BlGgb1d04jv3ynH9lW/ziTy0gH4Opjp+r2Y 9oDv/dS6xVIe+VuBuy/xC3LoulsC2FGWgZPrfELhC89BWTSRqo32LmrhB199DtQe cPPivHXG4iL0mSbVy+04l6RFNtbK/YuNqtdlAWDETWKDAgMBAAGjQjBAMB0GA1Ud DgQWBBQ9YZY5F/sQgP8aaFhl/OkDGVYe+TAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud DwEB/wQEAwIBxjANBgkqhkiG9w0BAQsFAAOCAgEAftnQq/XkiRe7lRfAK5p1y+O1 3XxbJCLrhr6R6y9aF7dsFzKiw2c+98978ihULzmi7UueTHINSBGcnF6p+2Mn/37D 25MD7LjzJg5sZ99yQtQL89WS9w1fL72NnzIGasrNZ/Bcn8tujbgVE+ppyO05WME9 NuoJr0sqVEgnyB0tv+1saYq9WqGMf2I9kN+UUClZyzZhXfvpqLcik6KVnjEX9p0d DdARB9pFL+HLqc7ppkwzzJ9RVDMG8Ak7tNJvXTlkslcDnrtNXfk16VDTqLfDHA2b R8QAg8nk7gbLtXU53OhXCQsZlY3RFaZVpj2SF2tzd8jDxid1tAhaEr5AukcxNfMn UUx9pdQOJqIWXKWSL7rabwvilc4QHjuLhopVkrxbtO+ocbki3DE039syuJtRchPa wr1FNdeFJgQMnpOu8r9nU7NKpyndE3tJBq0Zt3Ic/+049lcS9hp2lnYFd0BmAayD fOVgduDlbHaPo4Z3wmfH5rrxCjH4ANwtejD5ehQDIaCTnlJXNZwxX34IxTh7W/3p 5Ce8cmXXLS3lD5BauFsSJ5ZDBQFdUgk4c4XbInLUVKKAutKccNeDwIDtnfrJB7rj 0xU4BLl+FAyNNvHcuEW6yn3sAvaOxwLxtk3mpqrxx+Nt+blrhIW8kRG0NDKgVyHA PnqXWpa1VrLSGwWKBLU= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGbzCCBFegAwIBAgIQQxwoxnQP7SVXRJ/y/Q5eFDANBgkqhkiG9w0BAQsFADB7 MQswCQYDVQQGEwJDTzFHMEUGA1UECgw+U29jaWVkYWQgQ2FtZXJhbCBkZSBDZXJ0 aWZpY2FjacOzbiBEaWdpdGFsIC0gQ2VydGljw6FtYXJhIFMuQS4xIzAhBgNVBAMM GkFDIFJhw616IENlcnRpY8OhbWFyYSBTLkEuMB4XDTE2MDUyNDE4Mzk0NloXDTMx MDUyNDE4Mzk0NlowezELMAkGA1UEBhMCQ08xRzBFBgNVBAoMPlNvY2llZGFkIENh bWVyYWwgZGUgQ2VydGlmaWNhY2nDs24gRGlnaXRhbCAtIENlcnRpY8OhbWFyYSBT LkEuMSMwIQYDVQQDDBpBQyBSYcOteiBDZXJ0aWPDoW1hcmEgUy5BLjCCAiIwDQYJ KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKtriaNTzEgjCPvDz1GWCC64CHptPJAX hqnp7S4TNEey0HDcyTzQjcruSxer0IWwpyMEy6ii/OV120DKYomPUJ4BPSZbGIQc y3w3t33s039zGbBqstiIii1FdKj3s7jA1NrNIol0TVoVOXMYdE+165mnwR6ItMKT kGOX86enErIJIgcz2ZHNDpwfDiDH7rszjY/C0linX/1lN+KIwtiPhnVe+S2nhzPy eDcvi7wdhjc5sZTy2LxKnIMYWgb889TUuowVCSXw+baNBH4XEjNrV0hMT9smHuvM kOeL+Wh8cA+jKtA6ON83l+Jb3oBh04DYkYNCWkwEiWgRPKxfaIBBzGBCzg1aKgwP mzDApvCG26tJ15dtSIv5A8BSZ5sS98LyLphlQtnWmuPQGTEMrYfVVwJ6MOiGJvuP I4pUh+S/PO7rw3VIXx45b4FibMUtxBdUGbc3jZw3kcj2C9XqY2+DrDjC8z/emvvh I2HwyCbLNsih8zCPpKOiod1Ts97wmjIfg5F5MMGpH1ObU6IVUz/dnbMQO0h9iQ/8 7QP1+yVkdQ4XGQ2PABZneXpA/C1ZB9mQ+pqtPdyAiuZcNaJnTBFrsfiAZAAtbyJh xaxLJuVaEIKbpIN7NPeeiZEgl463Qsdmw9DppNb1II3Ew5WsRAqdW3M8Jj0vSr6n yacQHvufUGnzAgMBAAGjge4wgeswHQYDVR0OBBYEFNEJ0OnXznl0VPk6MLP0bSwD AxtoMIGoBgNVHSAEgaAwgZ0wgZoGBFUdIAAwgZEwMwYIKwYBBQUHAgEWJ2h0dHBz Oi8vd2ViLmNlcnRpY2FtYXJhLmNvbS9tYXJjby1sZWdhbDBaBggrBgEFBQcCAjBO GkxMaW1pdGFjaW9uZXMgZGUgZ2FyYW507WFzIGRlIGVzdGUgY2VydGlmaWNhZG8g c2UgcHVlZGVuIGVuY29udHJhciBlbiBsYSBEUEMuMA8GA1UdEwEB/wQFMAMBAf8w DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQBRG5A+g1oa6Gpwpa1w /hCCYTCtjMO1xtjTMRLJH3lTFeJDx+EO8T1IzmgLFXlt4XaHf3Bm7fUPgqS8ce+x K8yxuusqqWAfQ4C+knJCLp+h/xgIsV5d9WzOKNvAbJrNh16W6cjvNZe6ZKq3fkVA ibBDg0574bT0dglLzFY+IUmyxp9j293wtg8X9bpMcI3VJwDJQ1QPZqq6rrHZdu4D ke2YtxobopZQblV/zV4Y0Gcbv/T6ctm72vvemqpRLgW6ztpqbRhoJmiChTTtTXna mnYN9PHUw/uxKnTskFLjDV31SVhUJwAwl6AjAWyJvx0A8f38GayfOymow4HNknH4 1+Wx2hs6F49T2qauAc6ynhrNCWLPddTXZ1Cin1n2hPPHJzGeqh4mS7oOiqzp9eNc HaEqNzm7NG4zltVxpUM+NjSH/5Kiq+kl4NlRd1Sqe0E0hljxquU+kt7INBCThD8m Rb1Sxjx29yEcruDhxaNT8gmffROeqfOyWYIUlE7fdqqD6SjaiohU+xRxqlA7viT9 xD5E+Jhk82qPYnWwrEdl9psiOiHhtVdBVsUk1hmSd3CwrBf0LpUQThIwmahURWEv N2/6iVdGMvRb6ZvtCSkvla6U4oeqHmpx6W8bOe38fNQNpk4jIjb5Zc9C8ByxM500 1YkkaeYXaKOZ73pcL/0gvXeZYA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4 QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q 130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2 JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG 9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAw WjELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAw MiA0ODE0NjMwODEwMDAzNjEZMBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0x MzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjdaMFoxCzAJBgNVBAYTAkZSMRIwEAYD VQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYzMDgxMDAwMzYxGTAX BgNVBAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw ggIKAoICAQDNGDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sO ty3tRQgXstmzy9YXUnIo245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9M CiBtnyN6tMbaLOQdLNyzKNAT8kxOAkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPu I9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8JXrJhFwLrN1CTivngqIkicuQstDuI7pm TLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16XdG+RCYyKfHx9WzMfgIh C59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQwFsWq4NYKpkDf ePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBBe3Yz IoejwpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWT Co/1VTp2lc5ZmIoJlXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1k JWumIWmbat10TWuXekG9qxf5kBdIjzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5 hwjCxAnxl4YqKE3idMDaxIzb3+KhF1nOJFl0Mdp//TBt2dzhauH8XwIDAQABo4IB GjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE FBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1UdIwQYMBaAFBiHVuBud+4kNTxOc5of 1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwczov L3d3d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBkMC+gLaArhilo dHRwOi8vY3JsLmNlcnRpZ25hLmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+gLYYr aHR0cDovL2NybC5kaGlteW90aXMuY29tL2NlcnRpZ25hcm9vdGNhLmNybDANBgkq hkiG9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOItOoldaDgvUSILSo3L 6btdPrtcPbEo/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxPTGRG HVyH41neQtGbqH6mid2PHMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH6 0BGM+RFq7q89w1DTj18zeTyGqHNFkIwgtnJzFyO+B2XleJINugHA64wcZr+shncB lA2c5uk5jR+mUYyZDDl34bSb+hxnV29qao6pK0xXeXpXIs/NX2NGjVxZOob4Mkdi o2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd8VRY+WCv2hikLyhF3HqgiIZd8zvn/yk1 gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS6Cvu5zHbugRqh5jnxV/v faci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaYtlu3zM63 Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayh jWZSaX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw 3kAP+HwV96LOPNdeE4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP MREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7IJUqOtdu0KBuqV5Do 0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHHrfAQ UySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5d RdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQ OA7+j0xbm0bqQfWwCHTD0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwv JoIQ4uNllAoEwF73XVv4EOLQunpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08C AwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0O BBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJ LjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecY MnQ8SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ 44gx+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNw i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN 9u6wWk5JRFRYX0KD -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFRzCCAy+gAwIBAgIJEQA0tk7GNi02MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV BAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04g Uk9PVCBDQSBHMjAeFw0xNzAyMDYwOTI3MzVaFw00MjAyMDYwOTI3MzVaMEExCzAJ BgNVBAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJ R04gUk9PVCBDQSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDF dRmRfUR0dIf+DjuW3NgBFszuY5HnC2/OOwppGnzC46+CjobXXo9X69MhWf05N0Iw vlDqtg+piNguLWkh59E3GE59kdUWX2tbAMI5Qw02hVK5U2UPHULlj88F0+7cDBrZ uIt4ImfkabBoxTzkbFpG583H+u/E7Eu9aqSs/cwoUe+StCmrqzWaTOTECMYmzPhp n+Sc8CnTXPnGFiWeI8MgwT0PPzhAsP6CRDiqWhqKa2NYOLQV07YRaXseVO6MGiKs cpc/I1mbySKEwQdPzH/iV8oScLumZfNpdWO9lfsbl83kqK/20U6o2YpxJM02PbyW xPFsqa7lzw1uKA2wDrXKUXt4FMMgL3/7FFXhEZn91QqhngLjYl/rNUssuHLoPj1P rCy7Lobio3aP5ZMqz6WryFyNSwb/EkaseMsUBzXgqd+L6a8VTxaJW732jcZZroiF DsGJ6x9nxUWO/203Nit4ZoORUSs9/1F3dmKh7Gc+PoGD4FapUB8fepmrY7+EF3fx DTvf95xhszWYijqy7DwaNz9+j5LP2RIUZNoQAhVB/0/E6xyjyfqZ90bp4RjZsbgy LcsUDFDYg2WD7rlcz8sFWkz6GZdr1l0T08JcVLwyc6B49fFtHsufpaafItzRUZ6C eWRgKRM+o/1Pcmqr4tTluCRVLERLiohEnMqE0yo7AgMBAAGjQjBAMA8GA1UdEwEB /wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSCIS1mxteg4BXrzkwJ d8RgnlRuAzANBgkqhkiG9w0BAQsFAAOCAgEAYN4auOfyYILVAzOBywaK8SJJ6ejq kX/GM15oGQOGO0MBzwdw5AgeZYWR5hEit/UCI46uuR59H35s5r0l1ZUa8gWmr4UC b6741jH/JclKyMeKqdmfS0mbEVeZkkMR3rYzpMzXjWR91M08KCy0mpbqTfXERMQl qiCA2ClV9+BB/AYm/7k29UMUA2Z44RGx2iBfRgB4ACGlHgAoYXhvqAEBj500mv/0 OJD7uNGzcgbJceaBxXntC6Z58hMLnPddDnskk7RI24Zf3lCGeOdA5jGokHZwYa+c NywRtYK3qq4kNFtyDGkNzVmf9nGvnAvRCjj5BiKDUyUM/FHE5r7iOZULJK2v0ZXk ltd0ZGtxTgI8qoXzIKNDOXZbbFD+mpwUHmUUihW9o4JFWklWatKcsWMy5WHgUyIO pwpJ6st+H6jiYoD2EEVSmAYY3qXNL3+q1Ok+CHLsIwMCPKaq2LxndD0UF/tUSxfj 03k9bWtJySgOLnRQvwzZRjoQhsmnP+mg7H/rpXdYaXHmgwo38oZJar55CJD2AhZk PuXaTH4MNMn5X7azKFGnpyuqSfqNZSlO42sTp5SjLVFteAxEy9/eCG/Oo2Sr05WE 1LlSVHJ7liXMvGnjSG4N0MedJ5qq+BOS3R7fY581qRY27Iy4g/Q9iY/NtBde17MX QRBdJ3NghVdJIgc= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJD TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y aXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkx MjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5j aWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJP T1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnVBU03 sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpL TIpTUnrD7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5 /ZOkVIBMUtRSqy5J35DNuF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp 7hZZLDRJGqgG16iI0gNyejLi6mhNbiyWZXvKWfry4t3uMCz7zEasxGPrb382KzRz EpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7xzbh72fROdOXW3NiGUgt hxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9fpy25IGvP a931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqot aK8KgWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNg TnYGmE69g60dWIolhdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfV PKPtl8MeNPo4+QgO48BdK4PRVmrJtqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hv cWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAfBgNVHSMEGDAWgBTj/i39KNAL tbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd BgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObT ej/tUxPQ4i9qecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdL jOztUmCypAbqTuv0axn96/Ua4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBS ESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sGE5uPhnEFtC+NiWYzKXZUmhH4J/qy P5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfXBDrDMlI1Dlb4pd19 xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjnaH9d Ci77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN 5mydLIhyPDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe /v5WOaHIz16eGWRGENoXkbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+Z AAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ 5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFoTCCA4mgAwIBAgIQLHA+VOkP2ZggzMbZ9UY/NTANBgkqhkiG9w0BAQsFADBa MQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmlj YXRpb24gQXV0aG9yaXR5MRkwFwYDVQQDDBBDRkNBIElkZW50aXR5IENBMB4XDTE1 MDYzMDAxMjExMloXDTQwMDYzMDAxMjExMlowWjELMAkGA1UEBhMCQ04xMDAuBgNV BAoMJ0NoaW5hIEZpbmFuY2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEZMBcG A1UEAwwQQ0ZDQSBJZGVudGl0eSBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC AgoCggIBAOFRJSx4u/rui1XDTiVkGS2UQqTm3oQPITUo3DKJPvs0c3tX6awSKUoM mCzOyb+kT6VtDs7CzhgJMRBwcg0ia5798whuktLAJc+1s+thfxeE/HVrtaxXF0EZ DDTVL1Fu1fdRa3FvMrHi066g1jsUUEgZdPztr7UgqJLgP64H0VC81d2v1tD5zs6S uMaBjMX5OY2+9hsumjhkv7fNcuf/7YlauKR1WuH+rzIMbSJukzWoYuLArgqX0bCq PvY6UB6bUCoH25eVYAM/o6RdGVUhJzpJnsvI7CzMmxdI0wgQsqlvIQH0WmHd096J XbUK8+AV1wZ3C17YaFjfoHe+XxQKRL0tHxo+8aosXQyFDOej24s4BqVbd0zUyt1X leSj6LJkd9k0r2gdKm0/MkcmmTOfCmBoEVZb1gLxhyrYadhRKZej3vchJozd8yyM BY+ZNkqQsVhpOf2U0xfWpinDUAvVu6MhQE+xBxwAZFfjUVRz4+sZdAKIdw/RflWD AszZzHSlAWyvlbC52RindZoeTo9rXkNHKjGEA6yIETDos7F4x0PhrQWHnGhLI597 ND/M/e+cQsvxNhELNdqaeqGvhU4uWmwneQtFgSV2ZG9k52jKluUEMQVYnqi0j/h9 VsTtKDHNbYnikHh78ZAalERJ04PvGCPHamW+n+q0e7VjBONc4Xf7AgMBAAGjYzBh MB8GA1UdIwQYMBaAFMCsdqLTXf/2zRYAWzinf1V9hVlsMA8GA1UdEwEB/wQFMAMB Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTArHai013/9s0WAFs4p39VfYVZ bDANBgkqhkiG9w0BAQsFAAOCAgEAfNPmbXRLuY9du1uVIvxlr0psXoETrLoUCE2v 8Hnx0iVCwPjZZCoCNcHhKg86fWoaOhZhG0FGqHVDv9881e1MO0O8LJA5/kyOeetQ vsDNWFihMB46a5GR4TRxlSEUoCASy4MqzIGuRuAebbIMytOCiPpua3i2XK28QSva fkMLgjP9MqwF/KmKfE5YrTcWCfRgdMVT3JNtZYC9cSCF8RCFOGQj0yGCgeu3bSZl TqvQ1hB1huroHTWf6HdWsZO6qfl3BdQeIg1LuIflM58K4QG8kSQurL+hAzASN06V 3rziYz6cM+bYWP5twY+2cwrBGkrB4IsqxzdCZfbFyHXe+UxlqDb/2+ldPczGY/A2 C3sCT89pvcLvpZ4hTl616jBEo4MtMYYJJKRWwYTz63w2czJtF6HnpTCT01q6h2aM BmjJbhNI75kpUd3FBDdj3lY7jKX3XIVAHPDULuM43ojnpoiKkmo7gSehjl/9LIJY lq/asEdwPg4kUwymUeqCo8ttc66xcAeNM4A2P6ywPl8eBrtuVfYZK+xq/ZuaMnqR ortgZGH57BRmxsE3vrrcsNSvGhpdd66EVqGxzGO8kzfDRDi0hDFjuKX4wrGIoNnm RdlHESm7na7pbEGyTl2VwHLlAnbv0NtBPu/gL/ukgvx60RunN4pJo8d/DG9CNhx9 gMl9JH4= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe Fw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw IQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL SSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF AAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH SyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X DZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1 TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ fzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA sgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU WH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS nT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip NiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF MAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB uvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl PwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP JXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/ gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2 j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6 5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS /jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D hNQ+IIX3Sj0rnP0qCglN6oH4EZw= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFkzCCA3ugAwIBAgIRANaWLsEKFZMSr49jvNREyVswDQYJKoZIhvcNAQELBQAw YzELMAkGA1UEBhMCVFcxIzAhBgNVBAoMGkNodW5naHdhIFRlbGVjb20gQ28uLCBM dGQuMS8wLQYDVQQDDCZlUEtJIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg LSBHMjAeFw0xNTExMTcwODIzNDJaFw0zNzEyMzExNTU5NTlaMGMxCzAJBgNVBAYT AlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEvMC0GA1UE AwwmZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwggIiMA0G CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCkWR+gL9++4Pvp3LWJ/lqXA8k6d6eO XK/y4xg59ardD0bSaA9XnKdjYNNYzjXCp/aIwk9/Gyjp0KcAxBdNbeIPxQ4mIyCr 9zoookwKC8yOzuYAmlpADdRQGpvRDZyU+dvuXNDxigfNmitALEmkXWJfp2vf7lYI UPNCGGwxsF7lnHOSvA7SDH3FOFe8u1jbJhkC7eNDhIpOVmvbraEx2cwiZ5Z4/3ed zGTFMiBq704w1SQl/Yh5r3Ea/tVLGxWIvBhwqr2tOApmMEbliYXVdiSpqbPmWWAP tKlTwjqdRRrWruN3XsRiNjMvMMS/lfEtOKV16NFqky5Fh0tKot+/WCeaymIZql7U sYBJlt0r7F+Pm+Cdl4j1hAOjr7Olcy1BuuUHt29rcff3yVqvaZmzL8hPQutsa3Fn eN8KrE/XSoUARhrVzbif6pWdD3zRxgWF5gjeiBeB9tW1buqhHNdhquNZQomcWX6x fGQ03WEjKjm1EKv8hqlTGsXrauKATlmRwDiJ/rNd1vuR6dewfdl4CMz1K8wr4aHW lHPB/lH0jH0KtZqKufXa4Mmz2I+qgoONaVMt/QAEGEqg2lTheYyJ63/1gueguXdN rvm6AjuIdut8XbNaE9t8KRZrmdEd5Eghog1eAYjovvGYTT7HFlccX+EIbxxMWENW 94BljHEOogRnTwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRy W7qqcjjuJZAktZQi+gmIyosK+zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEL BQADggIBAAaj8bZzVcZnZiHlnVvWlC5KImDyVAGQof21v8CVvxhfLPZrNQ78Mcjt RA6Sl9yv3VbPtR+6cpwwyJuxkcB2d9QPGpUa6U0UiKHPawKmautkRU1kjd7862zy UwmhhVEV0E+eYvoRuc7IJA5yZIh1NCMwKj+8PDnMzN0LNru9BoKPEgHFcQXRJKGZ bMrk96rtitenCq2v8OCAu6GyP1qHZHCGM3sNHtcAhoNDl3X1O8FI/bYOQ6gCbrg+ f49O4l20fZ4wNC+o8esnh2gNWgpNAdvJFFiV8ppNFqpz2/QliBc4t69ZCQm0Hy0P q/W4J1XuRTAzuO0bjryIbK/4Wipr4KyxBSShCfyjD/OwLXuWuraUBxVFjincWA6p Bdg7OqB7zYrHZoKXz9Yz4Gf8pttALwXlxYt6KnrwsDabDBj2N+lBof2xKPlva73r H0xjcXtQ3Sny/+73x0Vf6DYK6GxbIsPowOcm3OOolYDluToT2wBLGv2uM0d+eJTj sV0rtVa1QoufgcX8k0wQtboKvH434/pUbfUExXCzqQTSUdeFzX1vQ49ZaOUxVhFx +WQpCRP+0B+8iwA4stDKNFZ2EDlWc2bD0UnZvldPPxZ9ani3qIK4W86uhYoKQgwD 0RfEGPfYV4jGgrgHuT79pOku3G+6kJLuZbBQNNMH2gGXD7znc4J7 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFkzCCA3ugAwIBAgIRAPZw+VmI9FIFjjHhaIY++nowDQYJKoZIhvcNAQELBQAw YzELMAkGA1UEBhMCVFcxIzAhBgNVBAoMGkNodW5naHdhIFRlbGVjb20gQ28uLCBM dGQuMS8wLQYDVQQDDCZlUEtJIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg LSBHNDAeFw0yMjExMDMwMzQzMTRaFw00NzExMDMxNTU5NTlaMGMxCzAJBgNVBAYT AlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEvMC0GA1UE AwwmZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwggIiMA0G CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC+6rvkEY1CtqIA4KNcNzeta2TDeCz4 6DTWdEh/JPozqkf6VlTlS994ce3jGXJQeboea4tAmvNa/9OUidhfJJ9JwbIuiCKd q7ANTuyYZaS0qAw3jT9cnmbuZfCwlpwtvFzqQnMjDW7Q9WWS3rP2pZjPoo7k0T9q sLbjdWKTn3SZd75x7OhhVQ9wcvgeX79pGQ/KzRg1Gxmiuo38yLsEqQGhNejQhfE/ FePtjqbmFx/SvDEWYi+BXJUC/KYM/VfZiuMRvsoQuNuP3SNY67H8ontqCzgagQCg M16geYHsNQg3sWl3C6pKMMOUxeC9lMsF/auHNTRNI9CRneAdjICoe+Ue7mnS7RSr 9a+BaW7WywY6pxAq9bJqvUM6Z7sSVpjeeGHmxGn6UCUFdsC734CxTIctDJSQD4z/ FTYmfBAe/QitHqGyrqVvXgtEcdBgyj983usjimugpQS2Wt9K5fVc2Kgiydwuw6l4 rt+mDcRlr6rohFhNy8e74ipgOaby0xUxx5ce/5BiLKYEiCbTz4oeT+q0vudcahmu ibWi39QwhHDzvLsU6quVHWzcvRnab6eVCkT2MjkFcMbmaIxQpx1WWyUBmR8gfQFT XMTsYlu6tK3SDcwklJcg0MB/IPv/yXqoFAsH5Lar2rBzZ4jE1qa92EZo496Jt0tf zYrb9eImYfkRsQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSN zwp8byGdtlOqRml82j91ZFSgmDAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL BQADggIBAFyhwJkz+xQyLikIZWBqMVBDS5UvIrL34rqPmfwII5ZJUQHc0zgXgKt+ 2lL0JhqXXTvPuSkvv8UvmEOymBnGH5vPIs/hq8LI53zZZj07KqRQN8wBZ/QsAhKG po5GKhwwkSPyLZKcEJ4VwJMBkd1du47utkUn8QZk/0O0TEt/FU4comJUpZu8+Obz bDRV1CvWs/5hPX4SQRYNaNSwVpadl85t2rqD5gCmdmu3Jkoc8jnZAue5aLiblf0K sUOKMBDH8r+LKIAdAKY53t1RG++9v9nJ1rPEPkl8k0kvyWYDwT0ZE1ptK0dCtKpw wmmtT12PjZUEOBX9tCjBob0K16cmqYn46IbL938Y7EBigVSPvP9u3CvBXlySb3mB E5KcUwakkoXgaMseZOJ4fKgaxFWwglJ3htLjMvFtoR87IZUELPKfu3SoUrXai1bu jou0nrgG3B0/NjrcPHAmAK+GrY/nYyCWxnfmxVxCigAvVTcv70fTSxcXbAnMmZja 26b/OzJ7Irt4Iw0ktpDJOaDhH+20hbOwz4qulcGQqU3nbiFYjkhxBE3vYi3hkdOM G4fSJZP29CmjjLEg1BHz4PzxZ7F++iAbKdOwSalNVNmqduMnYFkKE1M3LjVxiJ5R wyY+yw0SA2BnkQyMAdxv+8ALpRv5xI+OAegoZPS/BHLZ3NH0iv/K -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFajCCA1KgAwIBAgIQLd2szmKXlKFD6LDNdmpeYDANBgkqhkiG9w0BAQsFADBP MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 ZC4xGzAZBgNVBAMMEkhpUEtJIFJvb3QgQ0EgLSBHMTAeFw0xOTAyMjIwOTQ2MDRa Fw0zNzEyMzExNTU5NTlaME8xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3 YSBUZWxlY29tIENvLiwgTHRkLjEbMBkGA1UEAwwSSGlQS0kgUm9vdCBDQSAtIEcx MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9B5/UnMyDHPkvRN0o9Qw qNCuS9i233VHZvR85zkEHmpwINJaR3JnVfSl6J3VHiGh8Ge6zCFovkRTv4354twv Vcg3Px+kwJyz5HdcoEb+d/oaoDjq7Zpy3iu9lFc6uux55199QmQ5eiY29yTw1S+6 lZgRZq2XNdZ1AYDgr/SEYYwNHl98h5ZeQa/rh+r4XfEuiAU+TCK72h8q3VJGZDnz Qs7ZngyzsHeXZJzA9KMuH5UHsBffMNsAGJZMoYFL3QRtU6M9/Aes1MU3guvklQgZ KILSQjqj2FPseYlgSGDIcpJQ3AOPgz+yQlda22rpEZfdhSi8MEyr48KxRURHH+CK FgeW0iEPU8DtqX7UTuybCeyvQqww1r/REEXgphaypcXTT3OUM3ECoWqj1jOXTyFj HluP2cFeRXF3D4FdXyGarYPM+l7WjSNfGz1BryB1ZlpK9p/7qxj3ccC2HTHsOyDr y+K49a6SsvfhhEvyovKTmiKe0xRvNlS9H15ZFblzqMF8b3ti6RZsR1pl8w4Rm0bZ /W3c1pzAtH2lsN0/Vm+h+fbkEkj9Bn8SV7apI09bA8PgcSojt/ewsTu8mL3WmKgM a/aOEmem8rJY5AIJEzypuxC00jBF8ez3ABHfZfjcK0NVvxaXxA/VLGGEqnKG/uY6 fsI/fe78LxQ+5oXdUG+3Se0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNV HQ4EFgQU8ncX+l6o/vY9cdVouslGDDjYr7AwDgYDVR0PAQH/BAQDAgGGMA0GCSqG SIb3DQEBCwUAA4ICAQBQUfB13HAE4/+qddRxosuej6ip0691x1TPOhwEmSKsxBHi 7zNKpiMdDg1H2DfHb680f0+BazVP6XKlMeJ45/dOlBhbQH3PayFUhuaVevvGyuqc SE5XCV0vrPSltJczWNWseanMX/mF+lLFjfiRFOs6DRfQUsJ748JzjkZ4Bjgs6Fza ZsT0pPBWGTMpWmWSBUdGSquEwx4noR8RkpkndZMPvDY7l1ePJlsMu5wP1G4wB9Tc XzZoZjmDlicmisjEOf6aIW/Vcobpf2Lll07QJNBAsNB1CI69aO4I1258EHBGG3zg iLKecoaZAeO/n0kZtCW+VmWuF2PlHt/o/0elv+EmBYTksMCv5wiZqAxeJoBF1Pho L5aPruJKHJwWDBNvOIf2u8g0X5IDUXlwpt/L9ZlNec1OvFefQ05rLisY+GpzjLrF Ne85akEez3GoorKGB1s6yeHvP2UEgEcyRHCVTjFnanRbEEV16rCf0OY1/k6fi8wr kkVbbiVghUbN0aqwdmaTd5a+g744tiROJgvM7XpWGuDpWsZkrUx6AEhEL7lAuxM+ vhV4nYWBSipX3tUZQ9rbyltHhoMLP7YNdnhzeSJesYAfz77RP1YQmCuVh6EfnWQU YDksswBVLuT1sw5XxJFBAJw/6KXf6vb/yPCtbVKoF6ubYfwSUTXkJf2vqmqGOQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDQzCCAiugAwIBAgIQX/h7KCtU3I1CoxW1aMmt/zANBgkqhkiG9w0BAQUFADA1 MRYwFAYDVQQKEw1DaXNjbyBTeXN0ZW1zMRswGQYDVQQDExJDaXNjbyBSb290IENB IDIwNDgwHhcNMDQwNTE0MjAxNzEyWhcNMjkwNTE0MjAyNTQyWjA1MRYwFAYDVQQK Ew1DaXNjbyBTeXN0ZW1zMRswGQYDVQQDExJDaXNjbyBSb290IENBIDIwNDgwggEg MA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCwmrmrp68Kd6ficba0ZmKUeIhH xmJVhEAyv8CrLqUccda8bnuoqrpu0hWISEWdovyD0My5jOAmaHBKeN8hF570YQXJ FcjPFto1YYmUQ6iEqDGYeJu5Tm8sUxJszR2tKyS7McQr/4NEb7Y9JHcJ6r8qqB9q VvYgDxFUl4F1pyXOWWqCZe+36ufijXWLbvLdT6ZeYpzPEApk0E5tzivMW/VgpSdH jWn0f84bcN5wGyDWbs2mAag8EtKpP6BrXruOIIt6keO1aO6g58QBdKhTCytKmg9l Eg6CTY5j/e/rmxrbU6YTYK/CfdfHbBcl1HP7R2RQgYCUTOG/rksc35LtLgXfAgED o1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJ/PI FR5umgIJFq0roIlgX9p7L6owEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEF BQADggEBAJ2dhISjQal8dwy3U8pORFBi71R803UXHOjgxkhLtv5MOhmBVrBW7hmW Yqpao2TB9k5UM8Z3/sUcuuVdJcr18JOagxEu5sv4dEX+5wW4q+ffy0vhN4TauYuX cB7w4ovXsNgOnbFp1iqRe6lJT37mjpXYgyc81WhJDtSd9i7rp77rMKSsH0T8lasz Bvt9YAretIpjsJyp8qS5UwGH0GikJ3+r/+n6yUA4iGe0OcaEb1fJU9u6ju7AQ7L4 CYNu/2bPPu8Xs1gYJQk0XuPL1hS27PKSb3TkL4Eq1ZKR4OCXPDJoBYVL0fdX4lId kxpUnwVwwEpxYB5DC2Ae/qPOgRnhCzU= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDNTCCAh2gAwIBAgIBATANBgkqhkiG9w0BAQsFADA8MQswCQYDVQQGEwJVUzEW MBQGA1UEChMNQ2lzY28gU3lzdGVtczEVMBMGA1UEAxMMQ2lzY28gUlhDLVIyMB4X DTE0MDcwOTIxNDY1NloXDTM0MDcwOTIxNDY1NlowPDELMAkGA1UEBhMCVVMxFjAU BgNVBAoTDUNpc2NvIFN5c3RlbXMxFTATBgNVBAMTDENpc2NvIFJYQy1SMjCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANtCMXsK05wqTce60mQGZLAIL8wT 6i02PnfuPth2FAGDwUtPL4jLHBJW8uVJJEBLom3pyhPpc/jaqd1g6dddKxwK4Y2L vHW/c1j86IMqjXLeE9//u58xND+hiOhBx1QQpO+BFe4jpQW6NRKYqWlz7G5aPO+M fk3zDWEnEWRpoisf2jNOnNYVqRQdEY4+xZ9NHTsATS3NbAGFADRi7Vx0C6dSieI+ CtNsTRG6dMU8x8/IX40VzREyPtIqMSWtGwuz0xk6KayB1ADYuBW8mH5jfufIOLn1 /XSgVz7flasyfJ8iKbW1eoIgpGNyXJGBI39iPWTYZswh+Ok7swZskj0mPzECAwEA AaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE FJByBGD93fqE7I5aBFj3z/vDcgkWMA0GCSqGSIb3DQEBCwUAA4IBAQCBDfRhZWOb blcaSjp0A8tREiYjHaDW9oR6Pk3xd5SMYE2axpy45nFjbfXCr9HTBz+mi8SrunUw P4lzgv+P+EyyT/Kmt6KRrm2z+CPr6JUaexYgsennNi/TRmiqdWRXY4gyrYSsCgJB jw3A7srAUvZSma6JEiP2E4skx3KVHmliwyBaK04KSkKKwY4b+oQIZVq2cgySm2bB 1q2+SMI5jMk9pRUh0anImbDyZPCARsIQuhUD5MOSYh+GiG7oTurvsf70H1RxuZrQ /RwhDKseClSVWzBiLtiDW3LOAo5UNjqyQAZgZcS1yhAsGcsPXB7eel783IZDbq7Q kK4RSUNGApEO -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIHEzCCBPugAwIBAgIPLeQK4ZvRwqpM9ACsgTX5MA0GCSqGSIb3DQEBBQUAMIGk MQswCQYDVQQGEwJFUzFKMEgGA1UECgxBQ29sZWdpbyBkZSBSZWdpc3RyYWRvcmVz IGRlIGxhIFByb3BpZWRhZCB5IE1lcmNhbnRpbGVzIGRlIEVzcGHDsWExGzAZBgNV BAsMEkNlcnRpZmljYWRvIFByb3BpbzEsMCoGA1UEAwwjUmVnaXN0cmFkb3JlcyBk ZSBFc3Bhw7FhIC0gQ0EgUmHDrXowHhcNMDcwMTA5MTcwMDM5WhcNMzEwMTA5MTcw MDM5WjCBpDELMAkGA1UEBhMCRVMxSjBIBgNVBAoMQUNvbGVnaW8gZGUgUmVnaXN0 cmFkb3JlcyBkZSBsYSBQcm9waWVkYWQgeSBNZXJjYW50aWxlcyBkZSBFc3Bhw7Fh MRswGQYDVQQLDBJDZXJ0aWZpY2FkbyBQcm9waW8xLDAqBgNVBAMMI1JlZ2lzdHJh ZG9yZXMgZGUgRXNwYcOxYSAtIENBIFJhw616MIICIjANBgkqhkiG9w0BAQEFAAOC Ag8AMIICCgKCAgEArFAbDpLOuHwVavjkD518fHx25AsmOlEGzSiz7Q8+2ZF7zPyH g0L3e7BduHpn/jQhYr+5KcPeWvED8uvy4hLCZWR2p/XmyzGjaPJ5651UxVL/nz2D Yw7mvx0oAn38I/REk6OpQ5zY6CUaIDX1tbDO61Ur+tlesKFEK+UALCQPN38yNISy yBVvivXy6C73Q44CuDKbgBpTHQGZSGt081pwSqTo9wLRupGja4e+EF5+VLlYsgr2 OwrjDjjzgF33QY74jza5g5sRTOELscWTijOyv5u2nkS3H/4qgSg5fM/UrzVlrmde jSHfAGARK9Q85CdQn5O3BfHSDhTcKYKW8SqiG0MFcLPQXB4DQVX+FjjFUk2TtbQ8 diJNqSusFcSpS3S5pSPYzStIweLvzd74SrDfoOPuhjW/W3KUb7JGSupKU64x5pG1 dJhFmqR97HEq5ZBRNkP5SdTXKAYDsf15h9YG+Kyh+b8UeA3LI0vNuy4y9H28abu2 NX55z71Lcn5hqyp+QMcM5bKQtUwM1lcHfJfM+dl323vnjBN+zH4YT0xLI46uGsfq Xx+mF904tk/eCm5SUFmsbc3WMRm9JOmgWM/Z1LJDeT9f1m+qZchG8tLVfvkuQxjC mORo38HTX0UvadEd7pEkSNLrAA7CEEvSnb2jTRejN5qv75cxgdqJsWF6Y6cCAwEA AaOCAT4wggE6MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1Ud DgQWBBQbjVkcs7dYYmRmrOLkpPaiGRL25TCB9wYDVR0gBIHvMIHsMIHpBgRVHSAA MIHgMDwGCCsGAQUFBwIBFjBodHRwOi8vcGtpLnJlZ2lzdHJhZG9yZXMub3JnL25v cm1hdGl2YS9pbmRleC5odG0wgZ8GCCsGAQUFBwICMIGSGoGPQ2VydGlmaWNhZG8g c3VqZXRvIGEgbGEgRGVjbGFyYWNp824gZGUgUHLhY3RpY2FzIGRlIENlcnRpZmlj YWNp824gZGVsIENvbGVnaW8gZGUgUmVnaXN0cmFkb3JlcyBkZSBsYSBQcm9waWVk YWQgeSBNZXJjYW50aWxlcyBkZSBFc3Bh8WEgKKkgMjAwNikwDQYJKoZIhvcNAQEF BQADggIBAD8f1iwZdkCSnCbmnlgGEj0Swis63uXYiXdAH8ZRqnSJlsXGw53x+rxp E6AGdRcmifxlOY1zeevPd6e71UgmeTGRMCeYQaUX4F9cG1oqfLqtFmUAUX2H3rq6 Y9ZjtDXg104ZRX6/UWlIbz6IblJVg/CLxEz0CtQRIa4pYOhbi5/4wuy3dj+AwnQu R3hiUZ7bjPWtX4UF6P2ae71waAuTwjB+EvRLT3TiiY+5Q3QP1oReet5wVKQTNl9k ftMEDv7dGW8kU5Xt6ckO1Kbxk6FbCeOi0ldOPhrOfazE91PQzaiS7aTJlyJm+Mai 8nXlEX4vdRKW949vzwflyswHPvU8i+28fDJgPuMP1BGDNA12hmS9M5dOcO32IDhf mmnHwE8WyoWCjwG2uhNe0PHt6SjdKr0ljtD6EwwWD3efdik0cGzreUud70408EW7 JSx1kkRfp5vEqtKzby68YeuGAUzZerl1Z4sDS8czUnieBcDtj3R4HRIjtjL8UVBe Ld5QvhA8ju8IhfU6+vLe59hMOuUS6/Q2dJhaUoqUGmapbkU+FCuNNAiq7wUTYRKQ hGgNEVosr3mecJSfxWTLzHj2U1zg1w2xPuMWC/Om7DRCPnUQhKXYvbHj6mHmJJzC gdoe2G/8eC0W40QtwNI9Xn2g0lbUYDdx/kyOZZzWO9o23NgzZ9AB -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGATCCA+mgAwIBAgIRAI9hcRW6eVgXjH0ROqzW264wDQYJKoZIhvcNAQELBQAw RTEfMB0GA1UEAxMWQ29tU2lnbiBHbG9iYWwgUm9vdCBDQTEVMBMGA1UEChMMQ29t U2lnbiBMdGQuMQswCQYDVQQGEwJJTDAeFw0xMTA3MTgxMDI0NTRaFw0zNjA3MTYx MDI0NTVaMEUxHzAdBgNVBAMTFkNvbVNpZ24gR2xvYmFsIFJvb3QgQ0ExFTATBgNV BAoTDENvbVNpZ24gTHRkLjELMAkGA1UEBhMCSUwwggIiMA0GCSqGSIb3DQEBAQUA A4ICDwAwggIKAoICAQCyKClzKh3rm6n1nvigmV/VU1D4hSwYW2ro3VqpzpPo0Ph3 3LguqjXd5juDwN4mpxTpD99d7Xu5X6KGTlMVtfN+bTbA4t3x7DU0Zqn0BE5XuOgs 3GLH41Vmr5wox1bShVpM+IsjcN4E/hMnDtt/Bkb5s33xCG+ohz5dlq0gA9qfr/g4 O9lkHZXTCeYrmVzd/il4x79CqNvGkdL3um+OKYl8rg1dPtD8UsytMaDgBAopKR+W igc16QJzCbvcinlETlrzP/Ny76BWPnAQgaYBULax/Q5thVU+N3sEOKp6uviTdD+X O6i96gARU4H0xxPFI75PK/YdHrHjfjQevXl4J37FJfPMSHAbgPBhHC+qn/014DOx 46fEGXcdw2BFeIIIwbj2GH70VyJWmuk/xLMCHHpJ/nIF8w25BQtkPpkwESL6esaU b1CyB4Vgjyf16/0nRiCAKAyC/DY/Yh+rDWtXK8c6QkXD2XamrVJo43DVNFqGZzbf 5bsUXqiVDOz71AxqqK+p4ek9374xPNMJ2rB5MLPAPycwI0bUuLHhLy6nAIFHLhut TNI+6Y/soYpi5JSaEjcY7pxI8WIkUAzr2r+6UoT0vAdyOt7nt1y8844a7szo/aKf woziHl2O1w6ZXUC30K+ptXVaOiW79pBDcbLZ9ZdbONhS7Ea3iH4HJNwktrBJLQID AQABo4HrMIHoMA8GA1UdEwEB/wQFMAMBAf8wgYQGA1UdHwR9MHswPKA6oDiGNmh0 dHA6Ly9mZWRpci5jb21zaWduLmNvLmlsL2NybC9jb21zaWduZ2xvYmFscm9vdGNh LmNybDA7oDmgN4Y1aHR0cDovL2NybDEuY29tc2lnbi5jby5pbC9jcmwvY29tc2ln bmdsb2JhbHJvb3RjYS5jcmwwDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBQCRZPY DUhirGm6rgZbPvuqJpFQsTAfBgNVHSMEGDAWgBQCRZPYDUhirGm6rgZbPvuqJpFQ sTANBgkqhkiG9w0BAQsFAAOCAgEAk1V5V9701xsfy4mfX+tP9Ln5e9h3N+QMwUfj kr+k3e8iXOqADjTpUHeBkEee5tJq09ZLp/43F5tZ2eHdYq2ZEX7iWHCnOQet6Yw9 SU1TahsrGDA6JJD9sdPFnNZooGsU1520e0zNB0dNWwxrWAmu4RsBxvEpWCJbvzQL dOfyX85RWwli81OiVMBc5XvJ1mxsIIqli45oRynKtsWP7E+b0ISJ1n+XFLdQo/Nm WA/5sDfT0F5YPzWdZymudMbXitimxC+n4oQE4mbQ4Zm718Iwg3pP9gMMcSc7Qc1J kJHPH9O7gVubkKHuSYj9T3Ym6c6egL1pb4pz/uT7cT26Fiopc/jdqbe2EAfoJZkv hlp/zdzOoXTWjiKNA5zmgWnZn943FuE9KMRyKtyi/ezJXCh8ypnqLIKxeFfZl69C BwJsPXUTuqj8Fic0s3aZmmr7C4jXycP+Q8V+akMEIoHAxcd960b4wVWKqOcI/kZS Q0cYqWOY1LNjznRt9lweWEfwDBL3FhrHOmD4++1N3FkkM4W+Q1b2WOL24clDMj+i 2n9Iw0lc1llHMSMvA5D0vpsXZpOgcCVahfXczQKi9wQ3oZyonJeWx4/rXdMtagAB VBYGFuMEUEQtybI+eIbnp5peO2WAAblQI4eTy/jMVowe5tfMEXovV3sz9ULgmGb3 DscLP1I= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFyDCCA7CgAwIBAgIQR0ORJD/Oww1XSChr7oBdqzANBgkqhkiG9w0BAQsFADBd MQswCQYDVQQGEwJFUzESMBAGA1UEBRMJUTI4NjMwMDZJMScwJQYDVQQKDB5DT05T RUpPIEdFTkVSQUwgREUgTEEgQUJPR0FDSUExETAPBgNVBAMMCEFDQSBST09UMB4X DTE2MDUyNzEwNTg1MVoXDTQxMDUyNzEwNTg1MVowXTELMAkGA1UEBhMCRVMxEjAQ BgNVBAUTCVEyODYzMDA2STEnMCUGA1UECgweQ09OU0VKTyBHRU5FUkFMIERFIExB IEFCT0dBQ0lBMREwDwYDVQQDDAhBQ0EgUk9PVDCCAiIwDQYJKoZIhvcNAQEBBQAD ggIPADCCAgoCggIBALkrXvU+uokenfXRE8+7o1666d85cmSYUodppbbe4b+URb7F +KRTZxVQ3FJPKnYsLo0gaozmXbnZaL6RG7ppAxitGE42oqxGqyD4A2qqrXnV3x3B 7kVvIXT5TbGxPZA7PDKA7f8Vz1HK16SHLqrlDrbRelrHufhRu9mU3T7Ghk4K/juJ 8vhuJM6RA1gFEkrdUKtBes7tqR8RUx6lE9th8PWqgN50eR2k4ynW++D8l9qiuKsi PmWwIcTlxRBEh7Lj4CqCLn3m9LikEyXzd2BfY1OuLrGdimt2ezpxvZKBNrCcgvH3 xYkoXf+8QgazCGpPYc2kLZDTObh3/8jHo3m7A7mRAwE0Etgwi7aMAsrkSOw4KjJM bcp2KFqGCrrUII6voF8gLWKciPnxFW1bvbEDUMA/NteuP1HRyuNYZkTmo5t3LjH6 2X8ixAVM63QbXGN6pgKTfkMOdhQPTW8ylYiAklKXFPU8/JQH02wpBZVGD+Rx4X/4 bRQSgpK181M+mRGXR3ZKCXLu1MOWCaza//FLS7bXJc8eTJcmCzS7tpTxLGRxX4ny FTs3pwLkDU9IiTOjjGh4MVFnChnbtOJ0Lz1683cAn3ESY/9zKmRpVOysOq7a8lhj NH74PF7AQjql27Oo1FrBTli4abasgmLb0fsaQyEi/B31nE9OO+WN/3ZaI15bAgMB AAGjgYMwgYAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O BBYEFBpV5BUx4jGbEdSIcXoAPXAoBb/NMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkG CCsGAQUFBwIBFh1odHRwOi8vd3d3LmFjYWJvZ2FjaWEub3JnL2RvYzANBgkqhkiG 9w0BAQsFAAOCAgEAezDKVYbTr+4a17iVmOz5O92QE6OckkWgkolpoXGRvHGFh6At MAnkwlM99Km3aC1Nmc2kz547kJ2aCikNKkLBPVtrQILFixOxQWePvqR34MB25PO2 KVYs73FPwmTx2rQLytA5X1OygwH7sn3Zg3R6NdDBXY+b917nUt/uqjeTq9k9fR7x vRzb6HXduFtM4xaj9nWIDo88wwts22BZ5AWrKEb3Zmkld97KSjPYWF57j5rPUo49 bf3Rsr0+eVeGHkQcB030whCqeMvzURcNdj2NbmhJ6e8HSdG4Fsl5ncyuCwVHev2Y rDGhkFqHYvn4q2Ja4CF20GhC6By+coHwxmd9fnQ81VVvj6VolhHxytMwF71GtjGv cOmkhDdXugk8LtkLE1YHPpXEtXAvk8Kur4FdRhQw+67F85r3QXqx3ksW2UV1RwJ8 FB7VsTugLEG1m0t7o4PwuczOHpS3Xi4jBpWRHDhHHO3EeA6kD/wbfNbya9CKW+qW 8zHUXmrElLgwn5XhB4m4iNInhaRhdOWoRDF6IHXo+Njrs0+q/1M/lu3qu/xRQKYr 7CSh+/lEjSPnppcAD8ukar9QoMpxomyub9/Zg4Jm3FNdr/pU94P/qz+Jlae0bfMP Cg1IMy+BKcdLBcTGV3SEw5g2/++FMqtinBPRIoexvpjbdJqP6sLWk3lFIMM= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB 8zELMAkGA1UEBhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2Vy dGlmaWNhY2lvIChOSUYgUS0wODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1 YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYDVQQLEyxWZWdldSBodHRwczovL3d3 dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UECxMsSmVyYXJxdWlh IEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMTBkVD LUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQG EwJFUzE7MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8g KE5JRiBRLTA4MDExNzYtSSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBD ZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZlZ2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQu bmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJhcnF1aWEgRW50aXRhdHMg ZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUNDMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R 85iKw5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm 4CgPukLjbo73FCeTae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaV HMf5NLWUhdWZXqBIoH7nF2W4onW4HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNd QlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0aE9jD2z3Il3rucO2n5nzbcc8t lGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw0JDnJwIDAQAB o4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4 opvpXY0wfwYDVR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBo dHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidW ZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAwDQYJKoZIhvcN AQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJlF7W2u++AVtd0x7Y /X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNaAl6k SBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhy Rp/7SNVel+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOS Agu+TGbrIP65y7WZf+a2E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xl nJ2lYJU6Un/10asIbvPuW/mIPX64b24D5EI= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDEr MCkGA1UEChMiSmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoG A1UEAxMTU2VjdXJlU2lnbiBSb290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0 MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZp Y2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1cmVTaWduIFJvb3RD QTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvLTJsz i1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8 h9uuywGOwvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOV MdrAG/LuYpmGYz+/3ZMqg6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9 UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rPO7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni 8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitAbpSACW22s293bzUIUPsC h8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZXt94wDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB AKChOBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xm KbabfSVSSUOrTC4rbnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQ X5Ucv+2rIrVls4W6ng+4reV6G4pQOh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWr QbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01y8hSyn+B/tlr0/cR7SXf+Of5 pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061lgeLKBObjBmN QSdJQO7e5iNEOdyhIta6A/I= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFZTCCA82gAwIBAgIUCY6lAyDulTu3saSITYxv0WMfj8IwDQYJKoZIhvcNAQEL BQAwgYYxCzAJBgNVBAYTAkpQMRkwFwYDVQRhExBKQ04zMDEwNDAxMDY0NzcxMSMw IQYDVQQKExpDeWJlcnRydXN0IEphcGFuIENvLiwgTHRkLjE3MDUGA1UEAxMuQ3li ZXJ0cnVzdCBpVHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x ODAyMTkwNjA4NDJaFw00MzAyMTkwNjA4NDJaMIGGMQswCQYDVQQGEwJKUDEZMBcG A1UEYRMQSkNOMzAxMDQwMTA2NDc3MTEjMCEGA1UEChMaQ3liZXJ0cnVzdCBKYXBh biBDby4sIEx0ZC4xNzA1BgNVBAMTLkN5YmVydHJ1c3QgaVRydXN0IFJvb3QgQ2Vy dGlmaWNhdGlvbiBBdXRob3JpdHkwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGK AoIBgQCWFL86WlMGZDhlgeWeo2e5wZEIjL/Nualo9GxP8WErWeJg2fALH6JoJev1 7jlVkxQ7Mgb0Sxeg6vjlG4qNqOTZWwHShGrZi4+9EaddX5lrfM3T1+GLnM9mzvTa XoPQJKhs37Bz5qkIodspe6HUoYL+lNyYQ6tbdGddhMrhibAx6qT0cV7231NXgA8o IzDt6oL0/74cf8njo5/heTR/v9sb57XvyUm9/seMnhWWVbUGQZjlEjqCj6gTmMvK AjWmzMIbAP2Ge6J/3XfZPYuq4cFGKtuT4AZOasRmtFd/ShtQb+XzSc434Qq/pY8b DXDXxBZ257kBpK467o86+Ggjuhpxow1bZE7pE49QlT8APegpLF7JUxxc7VcSqQD5 mEAWcrGOjvuwSmIGPqZpp168pm+riVUOWhVn5UGxxNAL5MSuYgQLWcSzDdMyD9Nb CjqvreOAspAGklB8u6AF94F0YedUCUFOqNvXPUOjQ+c0B82UT6WZddWIhKQGkD7Z BYZ9VZ0CAwEAAaOByDCBxTASBgNVHRMBAf8ECDAGAQH/AgECMF8GA1UdIARYMFYw VAYJKoMIjJsRARQBMEcwRQYIKwYBBQUHAgEWOWh0dHBzOi8vd3d3LmN5YmVydHJ1 c3QubmUuanAvaXRydXN0L3JlcG9zaXRvcnkvaW5kZXguaHRtbDAOBgNVHQ8BAf8E BAMCAQYwHwYDVR0jBBgwFoAU8WpaO5tggGmPGtYdm1A2Y/rwRQYwHQYDVR0OBBYE FPFqWjubYIBpjxrWHZtQNmP68EUGMA0GCSqGSIb3DQEBCwUAA4IBgQCCpKRyWzAf CIX9lCWDoa4bLcEZppsmjDkt3VxM2h/HJ8hXSLJ62vLiGPsGyCuKzrH5Z8/fw1hG pavTauZyMiX/lnRHDXSeEfmxAe+cZJLozRuhGFwDEgWL4nvW8hzuElT7Qo8v1S6P /9I5H9DcHJI9dXfnbgMFXh/M0aw13S9hyrtuqOxqKxiNbYn5lECkbCk0aIuMTFAf tmkE73cwN08tP2QDXgnTHBveqX3M+GkPzmJ7QshcNHMySC1PGN7nMigDdX99jWAS OPi6kAZ4mCIBn1S79NotkH1taLbRIN1L1wmbrjJjm2A8InjZWLGLwhkM/akUrJoG 0HWJ3SVXyX+bIeNX/oLeb6O8Vi7HLHligDntCglqfx3lL0WlU9RSNP+gjeLixblo l2tgHXIvN8nNvWaCs2gEef/GoSwdB8qzh75rUGL4SlMbssk3lJv+unxgJvJOlJ9g mOAtr/EPR6mbojyFnl+BI6uM8rgCrnTfpoBGOkrIz+cEfoNc5xOvrHU= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDcjCCAlqgAwIBAgIUZvnHwa/swlG07VOX5uaCwysckBYwDQYJKoZIhvcNAQEL BQAwUTELMAkGA1UEBhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28u LCBMdGQuMR0wGwYDVQQDExRTZWN1cmVTaWduIFJvb3QgQ0ExMjAeFw0yMDA0MDgw NTM2NDZaFw00MDA0MDgwNTM2NDZaMFExCzAJBgNVBAYTAkpQMSMwIQYDVQQKExpD eWJlcnRydXN0IEphcGFuIENvLiwgTHRkLjEdMBsGA1UEAxMUU2VjdXJlU2lnbiBS b290IENBMTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6OcE3emhF KxS06+QT61d1I02PJC0W6K6OyX2kVzsqdiUzg2zqMoqUm048luT9Ub+ZyZN+v/mt p7JIKwccJ/VMvHASd6SFVLX9kHrko+RRWAPNEHl57muTH2SOa2SroxPjcf59q5zd J1M3s6oYwlkm7Fsf0uZlfO+TvdhYXAvA42VvPMfKWeP+bl+sg779XSVOKik71gur FzJ4pOE+lEa+Ym6b3kaosRbnhW70CEBFEaCeVESE99g2zvVQR9wsMJvuwPWW0v4J hscGWa5Pro4RmHvzC1KqYiaqId+OJTN5lxZJjfU+1UefNzFJM3IFTQy2VYzxV4+K h9GtxRESOaCtAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD AgEGMB0GA1UdDgQWBBRXNPN0zwRL1SXm8UC2LEzZLemgrTANBgkqhkiG9w0BAQsF AAOCAQEAPrvbFxbS8hQBICw4g0utvsqFepq2m2um4fylOqyttCg6r9cBg0krY6Ld mmQOmFxv3Y67ilQiLUoT865AQ9tPkbeGGuwAtEGBpE/6aouIs3YIcipJQMPTw4WJ mBClnW8Zt7vPemVV2zfrPIpyMpcemik+rY3moxtt9XUa5rBouVui7mlHJzWhhpmA 8zNL4WukJsPvdFlseqJkth5Ew1DgDzk9qTPxpfPSvWKErI4cqc1avTc7bgoitPQV 55FYxTpE05Uo2cBl6XLK0A+9H7MV2anjpEcJnuDLN/v9vZfVvhgaaaI5gdka9at/ yOPiZwud9AzqVN/Ssq+xIvEg37xEHA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFcjCCA1qgAwIBAgIUZNtaDCBO6Ncpd8hQJ6JaJ90t8sswDQYJKoZIhvcNAQEM BQAwUTELMAkGA1UEBhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28u LCBMdGQuMR0wGwYDVQQDExRTZWN1cmVTaWduIFJvb3QgQ0ExNDAeFw0yMDA0MDgw NzA2MTlaFw00NTA0MDgwNzA2MTlaMFExCzAJBgNVBAYTAkpQMSMwIQYDVQQKExpD eWJlcnRydXN0IEphcGFuIENvLiwgTHRkLjEdMBsGA1UEAxMUU2VjdXJlU2lnbiBS b290IENBMTQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDF0nqh1oq/ FjHQmNE6lPxauG4iwWL3pwon71D2LrGeaBLwbCRjOfHw3xDG3rdSINVSW0KZnvOg vlIfX8xnbacuUKLBl422+JX1sLrcneC+y9/3OPJH9aaakpUqYllQC6KxNedlsmGy 6pJxaeQp8E+BgQQ8sqVb1MWoWWd7VRxJq3qdwudzTe/NCcLEVxLbAQ4jeQkHO6Lo /IrPj8BGJJw4J+CDnRugv3gVEOuGTgpa/d/aLIJ+7sr2KeH6caH3iGicnPCNvg9J kdjqOvn90Ghx2+m1K06Ckm9mH+Dw3EzsytHqunQG+bOEkJTRX45zGRBdAuVwpcAQ 0BB8b8VYSbSwbprafZX1zNoCr7gsfXmPvkPx+SgojQlD+Ajda8iLLCSxjVIHvXib y8posqTdDEx5YMaZ0ZPxMBoH064iwurO8YQJzOAUbn8/ftKChazcqRZOhaBgy/ac 18izju3Gm5h1DVXoX+WViwKkrkMpKBGk5hIwAUt1ax5mnXkvpXYvHUC0bcl9eQjs 0Wq2XSqypWa9a4X0dFbD9ed1Uigspf9mR6XU/v6eVL9lfgHWMI+lNpyiUBzuOIAB SMbHdPTGrMNASRZhdCyvjG817XsYAFs2PJxQDcqSMxDxJklt33UkN4Ii1+iW/RVL ApY+B3KVfqs9TC7XyvDf4Fg/LS8EmjijAQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUBpOjCl4oaTeqYR3r6/wtbyPk 86AwDQYJKoZIhvcNAQEMBQADggIBAJaAcgkGfpzMkwQWu6A6jZJOtxEaCnFxEM0E rX+lRVAQZk5KQaID2RFPeje5S+LGjzJmdSX7684/AykmjbgWHfYfM25I5uj4V7Ib ed87hwriZLoAymzvftAj63iP/2SbNDefNWWipAA9EiOWWF3KY4fGoweITedpdopT zfFP7ELyk+OZpDc8h7hi2/DsHzc/N19DzFGdtfCXwreFamgLRB7lUe6TzktuhsHS DCRZNhqfLJGP4xjblJUK7ZGqDpncllPjYYPGFrojutzdfhrGe0K22VoF3Jpf1d+4 2kd92jjbrDnVHmtsKheMYc2xbXIBw8MgAGJoFjHVdqqGuw6qnsb58Nn4DSEC5MUo FlkRudlpcyqSeLiSV5sI8jrlL5WwWLdrIBRtFO8KvH7YVdiI2i/6GaX7i+B/OfVy K4XELKzvGUWSTLNhB9xNH27SgRNcmvMSZ4PPmz+Ln52kuaiWA3rF7iDeM9ovnhp6 dB7h7sxaOgTdsxoEqBRjrLdHEoOabPXm6RUVkRqEGQ6UROcSjiVbgGcZ3GOTEAtl Lor6CZpO2oYofaphNdgOpygau1LgePhsumywbrmHXumZNTfxPWQrqaA0k89jL9WB 365jJ6UeTo3cKXhZ+PmhIIynJkBugnLNeLLIjzwec+fBH7/PzqUqm9tEZDKgu39c JRNItX+S -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICIzCCAamgAwIBAgIUFhXHw9hJp75pDIqI7fBw+d23PocwCgYIKoZIzj0EAwMw UTELMAkGA1UEBhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28uLCBM dGQuMR0wGwYDVQQDExRTZWN1cmVTaWduIFJvb3QgQ0ExNTAeFw0yMDA0MDgwODMy NTZaFw00NTA0MDgwODMyNTZaMFExCzAJBgNVBAYTAkpQMSMwIQYDVQQKExpDeWJl cnRydXN0IEphcGFuIENvLiwgTHRkLjEdMBsGA1UEAxMUU2VjdXJlU2lnbiBSb290 IENBMTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQLUHSNZDKZmbPSYAi4Io5GdCx4 wCtELW1fHcmuS1Iggz24FG1Th2CeX2yF2wYUleDHKP+dX+Sq8bOLbe1PL0vJSpSR ZHX+AezB2Ot6lHhWGENfa4HL9rzatAy2KZMIaY+jQjBAMA8GA1UdEwEB/wQFMAMB Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTrQciu/NWeUUj1vYv0hyCTQSvT 9DAKBggqhkjOPQQDAwNoADBlAjEA2S6Jfl5OpBEHvVnCB96rMjhTKkZEBhd6zlHp 4P9mLQlO4E/0BdGF9jVg3PVys0Z9AjBEmEYagoUeYWmJSwdLZrWeqrqgHkHZAXQ6 bkU6iYAZezKYVWOr62Nuk22rGwlgMU4= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEDjCCAvagAwIBAgIDD92sMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNVBAYTAkRF MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxHzAdBgNVBAMMFkQtVFJVU1QgUm9vdCBD QSAzIDIwMTMwHhcNMTMwOTIwMDgyNTUxWhcNMjgwOTIwMDgyNTUxWjBFMQswCQYD VQQGEwJERTEVMBMGA1UECgwMRC1UcnVzdCBHbWJIMR8wHQYDVQQDDBZELVRSVVNU IFJvb3QgQ0EgMyAyMDEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA xHtCkoIf7O1UmI4SwMoJ35NuOpNcG+QQd55OaYhs9uFp8vabomGxvQcgdJhl8Ywm CM2oNcqANtFjbehEeoLDbF7eu+g20sRoNoyfMr2EIuDcwu4QRjltr5M5rofmw7wJ ySxrZ1vZm3Z1TAvgu8XXvD558l++0ZBX+a72Zl8xv9Ntj6e6SvMjZbu376Ml1wrq WLbviPr6ebJSWNXwrIyhUXQplapRO5AyA58ccnSQ3j3tYdLl4/1kR+W5t0qp9x+u loYErC/jpIF3t1oW/9gPP/a3eMykr/pbPBJbqFKJcu+I89VEgYaVI5973bzZNO98 lDyqwEHC451QGsDkGSL8swIDAQABo4IBBTCCAQEwDwYDVR0TAQH/BAUwAwEB/zAd BgNVHQ4EFgQUP5DIfccVb/Mkj6nDL0uiDyGyL+cwDgYDVR0PAQH/BAQDAgEGMIG+ BgNVHR8EgbYwgbMwdKByoHCGbmxkYXA6Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQv Q049RC1UUlVTVCUyMFJvb3QlMjBDQSUyMDMlMjAyMDEzLE89RC1UcnVzdCUyMEdt YkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MDugOaA3hjVodHRwOi8v Y3JsLmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2FfM18yMDEzLmNybDAN BgkqhkiG9w0BAQsFAAOCAQEADlkOWOR0SCNEzzQhtZwUGq2aS7eziG1cqRdw8Cqf jXv5e4X6xznoEAiwNStfzwLS05zICx7uBVSuN5MECX1sj8J0vPgclL4xAUAt8yQg t4RVLFzI9XRKEBmLo8ftNdYJSNMOwLo5qLBGArDbxohZwr78e7Erz35ih1WWzAFv m2chlTWL+BD8cRu3SzdppjvW7IvuwbDzJcmPkn2h6sPKRL8mpXSSnON065102ctN h9j8tGlsi6BDB2B4l+nZk3zCRrybN1Kj7Yo8E6l7U0tJmhEFLAtuVqwfLoJs4Gln tQ5tLdnkwBXxP/oYcuEVbSdbLTAoK59ImmQrme/ydUlfXA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha ME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMM HkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOADER03 UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42 tSHKXzlABF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9R ySPocq60vFYJfxLLHLGvKZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsM lFqVlNpQmvH/pStmMaTJOKDfHR+4CS7zp+hnUquVH+BGPtikw8paxTGA6Eian5Rp /hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUCAwEAAaOCARowggEWMA8G A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ4PGEMA4G A1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVj dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUy MENBJTIwMiUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRl cmV2b2NhdGlvbmxpc3QwQ6BBoD+GPWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3Js L2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAwOS5jcmwwDQYJKoZIhvcNAQEL BQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm2H6NMLVwMeni acfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4K zCUqNQT4YJEVdT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8 PIWmawomDeCTmGCufsYkl4phX5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3Y Johw1+qRzT65ysCQblrGXnRl11z+o+I= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD bGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUw NDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV BAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpn ljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM0 3TP1YtHhzRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6Z qQTMFexgaDbtCHu39b+T7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lR p75mpoo6Kr3HGrHhFPC+Oh25z1uxav60sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8 HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure3511H3a6UCAwEAAaOCASQw ggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyvcop9Ntea HNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFw Oi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh c3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1E RT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQt dHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDku Y3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp 3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNF CSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7na xpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqX KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEIjCCAwqgAwIBAgIUKeuSM0ZPMkH/gxkAqa3E2fjj4n8wDQYJKoZIhvcNAQEL BQAwcTELMAkGA1UEBhMCQVUxDDAKBgNVBAoTA0dPVjEMMAoGA1UECxMDRG9EMQww CgYDVQQLEwNQS0kxDDAKBgNVBAsTA0NBczEqMCgGA1UEAxMhQXVzdHJhbGlhbiBE ZWZlbmNlIFB1YmxpYyBSb290IENBMB4XDTE2MTEyODIyMjUyOFoXDTM2MTEyODIy MTM0OFowcTELMAkGA1UEBhMCQVUxDDAKBgNVBAoTA0dPVjEMMAoGA1UECxMDRG9E MQwwCgYDVQQLEwNQS0kxDDAKBgNVBAsTA0NBczEqMCgGA1UEAxMhQXVzdHJhbGlh biBEZWZlbmNlIFB1YmxpYyBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEA005UBBvQ9JuduCOH4CDHnpixcXoGkC7irUj+kwVs7Ia/KECFs0x5 70dTmBAeVO59eLgYEwxEUv3QgaqTCCM5vl8Pa90ll/MBQt/UgQDEUL56iS0Zr3NK P8w6wL+iqMUV9z58QXSCay53ZuJqpZGIbgYxp68L5lrgrn1ary9H0PL7hHOcRqEe hERRxF8u2pACX4HfEQ7S+7s6F3Oj8o1jqk//cnplYoNaKjzyzSwjjc/rIR+/1ANX 9TcWDF7lVxHCqPr/bDnyPVLmtXnAW+Ky6mMgDA6lKl4S4eavX4t8oK05NTWYX/Gv ONAm0029Ynd1Pa9rFIZ7WvYhj9bq4qcOrQIDAQABo4GxMIGuMA8GA1UdEwEB/wQF MAMBAf8wSwYDVR0gBEQwQjAGBgRVHSAAMDgGCSokAYJOAQEBBzArMCkGCCsGAQUF BwIBFh1odHRwOi8vY3JsLmRlZmVuY2UuZ292LmF1L3BraTAOBgNVHQ8BAf8EBAMC AcYwHwYDVR0jBBgwFoAUrJnhAi/oXEtBtzS4HumbgzYNlLQwHQYDVR0OBBYEFKyZ 4QIv6FxLQbc0uB7pm4M2DZS0MA0GCSqGSIb3DQEBCwUAA4IBAQB4vIFK2DpXu70m v+oqKPCIivJQTJBn2kv1uBQIutt/cqiaWbzxHImo9DoDEFQTel3G2ro+D4jVatMb ly1iYTpv+QCvcgZz7BDAYR7MXE8ZMkY4wd0/0jcapY6GoPAJzDXWGQJ8zTn89/kf 55R5Tj23+JdOO0RqzZSwufd+4uP5mX/F06ZQtEn7Fn5OQSzPPsd5QLqBGCYI+cWd 49jxbxxoP2pbdxdSowbeGcJLbqKV/NUIvyy1aTVR4+PfTxopbYN4PTgkygI/VBDh s2Th1Zre8zf2MxC1drOr18kfUzqtVUEcSMk2nof/ddxp0K/ZelfGyrFD/DmB/Nx6 o5qlmFBU -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290 IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl 6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+ xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU Cm26OWMohpLzGITY+9HPBVZkVw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN 8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ 1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT 91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p TpPDpFQUWw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1 OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi 1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/ WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6 g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN 9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP BSeOE6Fuwg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICRzCCAc2gAwIBAgIQFSrdFMkY0aRWQIamJa8HXzAKBggqhkjOPQQDAzBlMQsw CQYDVQQGEwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBH bWJIMS0wKwYDVQQDDCRUZWxla29tIFNlY3VyaXR5IFNNSU1FIEVDQyBSb290IDIw MjEwHhcNMjEwMzE4MTEwODMwWhcNNDYwMzE3MjM1OTU5WjBlMQswCQYDVQQGEwJE RTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBHbWJIMS0wKwYD VQQDDCRUZWxla29tIFNlY3VyaXR5IFNNSU1FIEVDQyBSb290IDIwMjEwdjAQBgcq hkjOPQIBBgUrgQQAIgNiAASwGY+ia7XHzQ8wmTcMw2Bb8fEnIFU9wJKLq1ehb3OD IcJDEwxeiarHBTV5k2KQ1l0TH9F6oLyeEKdmfEYKsFdsv+ZUOTghbBJccczTWl9t t6eG37Pf7sLniUGWNfYvSrWjQjBAMB0GA1UdDgQWBBQrywEMY8NTEqWoV6/QnIP7 vZA6SzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQD AwNoADBlAjEA1rxIkodHA8dwOyW2H65GZ3N0ACdL5KUEogPfXiitbl4DyN1onLa/ lBBIlS8P/xiLAjABQDOel5dNBfJ0VAzNOf1qawnBJD9hjjiht+jXRBURYv8OYTdH S0B/Sl+yZ1pzdcI= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFtzCCA5+gAwIBAgIQDH5i9XlzO51Djotj7ZGVuDANBgkqhkiG9w0BAQwFADBl MQswCQYDVQQGEwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0 eSBHbWJIMS0wKwYDVQQDDCRUZWxla29tIFNlY3VyaXR5IFNNSU1FIFJTQSBSb290 IDIwMjMwHhcNMjMwMzI4MTIwOTIyWhcNNDgwMzI3MjM1OTU5WjBlMQswCQYDVQQG EwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBHbWJIMS0w KwYDVQQDDCRUZWxla29tIFNlY3VyaXR5IFNNSU1FIFJTQSBSb290IDIwMjMwggIi MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDvxQ6LvjLSZ0f/Ckxnsyq/yMPF keu1xx6R4WaoiItVIIAfUV53l54ZClzHazchfAM2AfSIJdmoLkGq/Ngm4JZAYnmu V54DOBocsncUPumhctDk4DfRF0btUFx6WMX4K/d1L8+BnlostzqsoFmYBFEM/0nF UP0e00eFSzNPoje1rwSaJzKdVtU/VWHji2+uUf6X/mkH+mJbJuYUeRWlEziuXze+ lErWDYAWaaSRsjpJmHWdRhCKXHp/hKXorx7Hq7NaRrWjS/WmIzYARrHbBbYbzp56 Mlya1XLDnYZNK4TTHrWI2hB4nCLDOyO16xMHvW9T7Jvsm9Nl9QcJ412nmbV+ho7V Av+3hQnjRxTdlmYYNN4I1d/LGJliCyvsAF1SRNPGlvwyViWRz80ZO5U5PgKHmWO2 1T40eg8RdYG8fQTKYLQoddcCUd1SAC7H/YnxXPPLpCcSOI+7+4nw5MQ4LL6CoHFh YpGPSAwvK6mw8csQBOd0vzeQ708qQzWXEsYqcA3eLFVHeWMp9cofagZSHK4tJCKD Iq/QqjC3Kh//ZSNYZZPIjn1AEDGGeNlVyzww8N5RKgA20idFX9jooSE9fkZWOylF 8R0FCc62QzDcRZAQMEyka4aLPz0vMZFx7ya59r6dsGzfEe5YP0N5hjmA8SYXB5jw maowLENZFM7t4kAThQIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE FJrOrCrsAfplcN6XnfHSAIylo2S7MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgw FoAUms6sKuwB+mVw3ped8dIAjKWjZLswDQYJKoZIhvcNAQEMBQADggIBAONQ/fVA FiIJljoNqe+B5y4y8KHxSV57iA0Ecte+Z6i6He5Qu3JuetG7DHIwRsjV1wISFplO Ht9alu6Pkb6uhvgQd6XEbkdhwPIm2U9haAVIdQgVpaF71biziXnm7fHzYQCGey4x /qNc+Hk9tFuIe+Ajuw2hF/rLaA2Yd3EI4m1DdGvENsWUQaQA1lctmYqLIBIVAjIO 0knsgUjFaidS17JzVVOWPJ5PTLWg0E9X0GcoSGS+xri67GTPyHvFaucq5llXttbU 1sBnXNmeKAlAv/OpNTFlYAPLGWyClQMeXz/hvepJceVbtwtHFhsgiW2UmQx+iGwd DfS3IRpZl6zL6L4XH5V8U5uvUFKqjQsur1rXYPIqaSq57lRwGKq99aE/0t2hYxkA +KcM66N58nBZo/iiEgPsE//kAoY218HDpLXUpMI3RbaUcD3FveujFR3jNnoVaSpW NDnPpZo2qsjtebzP9s4EUwvaslAjfLw+Jq3wDkO7JsuuwkDeNx8KoFHNY522T9jG R3y82LTtnovzEeKotT7srnA+fiK7NUgXYGIUkTCjdj2mUTaLHw3dajEcpe3dlqNu cg8TTaqnqVx4+QMSGJM3RRKJPfi+yr3ZvgzZGGSnyEE+dYIhOH1l9KDUE0sHeCn5 nX7Mhz/E2i6I3eML3FpRWunZEk+eAtv3BSVR -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICQjCCAcmgAwIBAgIQNjqWjMlcsljN0AFdxeVXADAKBggqhkjOPQQDAzBjMQsw CQYDVQQGEwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBH bWJIMSswKQYDVQQDDCJUZWxla29tIFNlY3VyaXR5IFRMUyBFQ0MgUm9vdCAyMDIw MB4XDTIwMDgyNTA3NDgyMFoXDTQ1MDgyNTIzNTk1OVowYzELMAkGA1UEBhMCREUx JzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJpdHkgR21iSDErMCkGA1UE AwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgRUNDIFJvb3QgMjAyMDB2MBAGByqGSM49 AgEGBSuBBAAiA2IABM6//leov9Wq9xCazbzREaK9Z0LMkOsVGJDZos0MKiXrPk/O tdKPD/M12kOLAoC+b1EkHQ9rK8qfwm9QMuU3ILYg/4gND21Ju9sGpIeQkpT0CdDP f8iAC8GXs7s1J8nCG6NCMEAwHQYDVR0OBBYEFONyzG6VmUex5rNhTNHLq+O6zd6f MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2cA MGQCMHVSi7ekEE+uShCLsoRbQuHmKjYC2qBuGT8lv9pZMo7k+5Dck2TOrbRBR2Di z6fLHgIwN0GMZt9Ba9aDAEH9L1r3ULRn0SyocddDypwnJJGDSA3PzfdUga/sf+Rn 27iQ7t0l -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFszCCA5ugAwIBAgIQIZxULej27HF3+k7ow3BXlzANBgkqhkiG9w0BAQwFADBj MQswCQYDVQQGEwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0 eSBHbWJIMSswKQYDVQQDDCJUZWxla29tIFNlY3VyaXR5IFRMUyBSU0EgUm9vdCAy MDIzMB4XDTIzMDMyODEyMTY0NVoXDTQ4MDMyNzIzNTk1OVowYzELMAkGA1UEBhMC REUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJpdHkgR21iSDErMCkG A1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgUlNBIFJvb3QgMjAyMzCCAiIwDQYJ KoZIhvcNAQEBBQADggIPADCCAgoCggIBAO01oYGA88tKaVvC+1GDrib94W7zgRJ9 cUD/h3VCKSHtgVIs3xLBGYSJwb3FKNXVS2xE1kzbB5ZKVXrKNoIENqil/Cf2SfHV cp6R+SPWcHu79ZvB7JPPGeplfohwoHP89v+1VmLhc2o0mD6CuKyVU/QBoCcHcqMA U6DksquDOFczJZSfvkgdmOGjup5czQRxUX11eKvzWarE4GC+j4NSuHUaQTXtvPM6 Y+mpFEXX5lLRbtLevOP1Czvm4MS9Q2QTps70mDdsipWol8hHD/BeEIvnHRz+sTug BTNoBUGCwQMrAcjnj02r6LX2zWtEtefdi+zqJbQAIldNsLGyMcEWzv/9FIS3R/qy 8XDe24tsNlikfLMR0cN3f1+2JeANxdKz+bi4d9s3cXFH42AYTyS2dTd4uaNir73J co4vzLuu2+QVUhkHM/tqty1LkCiCc/4YizWN26cEar7qwU02OxY2kTLvtkCJkUPg 8qKrBC7m8kwOFjQgrIfBLX7JZkcXFBGk8/ehJImr2BrIoVyxo/eMbcgByU/J7MT8 rFEz0ciD0cmfHdRHNCk+y7AO+oMLKFjlKdw/fKifybYKu6boRhYPluV75Gp6SG12 mAWl3G0eQh5C2hrgUve1g8Aae3g1LDj1H/1Joy7SWWO/gLCMk3PLNaaZlSJhZQNg +y+TS/qanIA7AgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtqeX gj10hZv3PJ+TmpV5dVKMbUcwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS2 p5eCPXSFm/c8n5OalXl1UoxtRzANBgkqhkiG9w0BAQwFAAOCAgEAqMxhpr51nhVQ pGv7qHBFfLp+sVr8WyP6Cnf4mHGCDG3gXkaqk/QeoMPhk9tLrbKmXauw1GLLXrtm 9S3ul0A8Yute1hTWjOKWi0FpkzXmuZlrYrShF2Y0pmtjxrlO8iLpWA1WQdH6DErw M807u20hOq6OcrXDSvvpfeWxm4bu4uB9tPcy/SKE8YXJN3nptT+/XOR0so8RYgDd GGah2XsjX/GO1WfoVNpbOms2b/mBsTNHM3dA+VKq3dSDz4V4mZqTuXNnQkYRIer+ CqkbGmVps4+uFrb2S1ayLfmlyOw7YqPta9BO1UAJpB+Y1zqlklkg5LB9zVtzaL1t xKITDmcZuI1CfmwMmm6gJC3VRRvcxAIU/oVbZZfKTpBQCHpCNfnqwmbU+AGuHrS+ w6jv/naaoqYfRvaE7fzbzsQCzndILIyy7MMAo+wsVRjBfhnu4S/yrYObnqsZ38aK L4x35bcF7DvB7L6Gs4a8wPfc5+pbrrLMtTWGS9DiP7bY+A4A7l3j941Y/8+LN+lj X273CXE2whJdV/LItM3z7gLfEdxquVeEHVlNjM7IDiPCtyaaEBRx/pOyiriA8A4Q ntOoUAw3gi/q4Iqd4Sw5/7W0cwDk90imc6y/st53BIe0o82bNSQ3+pCTE4FCxpgm dTdmQRCsu/WU48IxK63nI1bMNSWSs1A= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm +9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep +OkuE6N36B9K -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt 43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg 06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe +o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv b3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQG EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSA n61UQbVH35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4Htecc biJVMWWXvdMX0h5i89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9Hp EgjAALAcKxHad3A2m67OeYfcgnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lA bx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6Yu YjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+RnlTGNAgMB AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQW BBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPI QW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I 0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni lmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9 B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo IhNzbM8m9Yop5w== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv 6pZjamVFkpUBtA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICHzCCAaWgAwIBAgIQBk+mpigpFB8OnYNi4RdeOjAKBggqhkjOPQQDAzBRMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xKTAnBgNVBAMTIERp Z2lDZXJ0IENsaWVudCBFQ0MgUDM4NCBSb290IEc1MB4XDTIxMDExNTAwMDAwMFoX DTQ2MDExNDIzNTk1OVowUTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0 LCBJbmMuMSkwJwYDVQQDEyBEaWdpQ2VydCBDbGllbnQgRUNDIFAzODQgUm9vdCBH NTB2MBAGByqGSM49AgEGBSuBBAAiA2IABGccPoSdUFeo//Ftm0qfjw07rsbG8eqB zMO1usko/cGp2vZs9iBCAYRKWmL9DF88W3kWed3X5delJjH1ZMbzJL/19kUvIYZt 83aXZQUguq+5kcUq7pjF/pcb86fx59LPrqNCMEAwHQYDVR0OBBYEFLMsqpCF7XM8 9c7QwUtG0sVgbZR5MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAoG CCqGSM49BAMDA2gAMGUCMA+xAdFskP8ICqhlLebjF8aVdClLedTB64pmR9WrI38F XyW4HOyOxz2nObN2wJVzdAIxAPxsGdjNe5nR/lSqYzVCmsBe59u5HcnCny2HfswZ Nm9hi+opTmtpPNJloAPNqSXojA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFbDCCA1SgAwIBAgIQBMj8A6hU65igmwKIPGajwDANBgkqhkiG9w0BAQwFADBQ MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xKDAmBgNVBAMT H0RpZ2lDZXJ0IENsaWVudCBSU0E0MDk2IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAw WhcNNDYwMTE0MjM1OTU5WjBQMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNl cnQsIEluYy4xKDAmBgNVBAMTH0RpZ2lDZXJ0IENsaWVudCBSU0E0MDk2IFJvb3Qg RzUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDj5uj0wpUboAFRLX+I QSuQu82uUBQ2Z5vvcB6iQP+eAEwpG0yWS14MOh8mMifsddzfgmhVsFKbtnxboguE 15i2LlAWtXz5u3f6Mz+krrB2VW1VGG6fF4Yk9EuUMIZyhTeVT8H5rCjRgcu/MWOF eTMCNOD4kT5fcb49xWdRQT4iE3MYDXNRFd5odImBB2yZhmksQQ6Vl/MWA1ZQgWqW 2YbSp1DvlXT+AgPJUb2DvrAA/Rt6I3PfR5ux4sgA6U92sicwkcq696rhA2an39jj 80pCMcwHQ/WouQXqhCf5e0QocgAv8+rzif5MgcFElEk6C1PJAU9nl30lyeDfCmE+ Zoja1fhUoqtUsdXc/iSCZrS3giGWY6KTt7Nwh6EgNPr6WF0vexfIH1y2lDVgw5q7 jiL4prUp3Cbe51dJgU1kue/CPIgLTMwBmNJYLVJEOrPOwz6+zrnDS+XRUbbhMdEy R0HPwJ+Wk1tl55NGtYsVlAJSurMuYlkHtDYFkVNec4Ho/7lMdo/ak3PArTgX7uf4 owW0fV9gNpwqoVBIfhUeRXn4IFEF9uxiHWrRLw2L73RO8aNsNu4TRrE/CIIyu7n0 YLmR4delkuCVoEGFFdjM0Y2htyQy7WOSRbDqB+jkdCDxJrlj9cLHbY2xVuheRRyM vNFAj2LuSb00sKKWwTkd/M1l7wIDAQABo0IwQDAdBgNVHQ4EFgQUk2078qYZI73o uEyOuc/V/vzEvXowDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJ KoZIhvcNAQEMBQADggIBAJf7rW+sE2WxsOHVVpktlQqqgbVwgROdfZfVRyH+127F RTQA63zRgbUkkfsLmn7eYl+OUMT7RUYdU0vWsBnhj6GFc4V4lgG0uOg70K+Qa5Lv fPZnUjFmF55q4se9VUqSD2a0RQYAzJu2QQAsCkAKdLbYSsF0KKE1KCS11q7FjpQJ APog8EoWRf+HcFf6MyqaA+awMwy4vsOWO06jolechshjIte2FoLwOHF1j4uK4TUQ twrG651sWHJdC2jEq2XlS9I7gKqHn1ikGiKsq4pRyVN2hmIuLu8vVKfD1XLwoCxf f3T0i+QnCziTjdh5GO6rqvQK9MF5kjpFXnJkNqWaTl0y3GFFNDo3Lo8CtIC2DoVH pILSqMpngrkjnuNNENi3xq6YXBV2oyyHhggwDW9u1Bb2yokrgF1cXdoLfo+811E4 oz3688ZMCpdmhHObOXSf+z1qwJvC4anrv7Lrl2Eb+d5G9lXiKwy0Z+hcVhDWuTl8 4q0yIbA1IbrW0cRQAx2xAEc3u3ZAITXwLmXbUsDpttcIYNqOiVHYeK/7aAzRvkmf ICdRoooBEuLAf+CN0+sxBeYlYUKIAONWBaBDF01dFTkRr1Ebb/Xe38SzyyAeWIVg ZAcMGDpl6+ohzswf6wSVPAxNqDe1t8GeWAM1oDzRSTALzohNU1kgK5YqxhXHkA5A -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICFjCCAZ2gAwIBAgIQA2mP5xLVGfPO0P23sWQwETAKBggqhkjOPQQDAzBNMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMTHERp Z2lDZXJ0IENTIEVDQyBQMzg0IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcNNDYw MTE0MjM1OTU5WjBNMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIElu Yy4xJTAjBgNVBAMTHERpZ2lDZXJ0IENTIEVDQyBQMzg0IFJvb3QgRzUwdjAQBgcq hkjOPQIBBgUrgQQAIgNiAAR/FK2Ftpf9AiE1TWDoOJOTmz0FEG2v0/7v+rv7c5nz 7DISjcdouIveiaKIVHeNuyF+M5VWlgno1YyhBLibbhkAYuhCKKZYN4QZVSZ7Mzdn 8ppyraGurgBCPBx+uHqeIZyjQjBAMB0GA1UdDgQWBBTwjJhxOThlwjobphdmHcjt Zd6SNjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQD AwNnADBkAjAjb+EAGSZQ5EYgZYs3p8/rBuHMMskqoewyDXOiHgIcNWEqTmmrOXft l4jAfWvqid0CMEPx0VijdT6Gm7ZVEYsX9z3+CmnFf07GdRtalMvqERHGCCKI3tB6 oqV56OMhp80Tsw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFZDCCA0ygAwIBAgIQBs7hMb5tVcgH98DH+0TmIDANBgkqhkiG9w0BAQwFADBM MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJDAiBgNVBAMT G0RpZ2lDZXJ0IENTIFJTQTQwOTYgUm9vdCBHNTAeFw0yMTAxMTUwMDAwMDBaFw00 NjAxMTQyMzU5NTlaMEwxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwg SW5jLjEkMCIGA1UEAxMbRGlnaUNlcnQgQ1MgUlNBNDA5NiBSb290IEc1MIICIjAN BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtjNzgNhiA3AULBEcOV58rnyDhh3+ Ji9MJK2L6oNfqbw9W/wLmEwCRzDs4v7s6DRbZl6/O9cspiX/jFmz3+rafCnZRlBy CB1u0RsK3R/NmYn6Dw9zxOGcHXUyzW+X2ipqlbJsyQnQ6gt7fRcGSZnv1t7gyFPU rsZ38Ya7Ixy4wN9Z94590e+C5iaLWji1/3XVstlPCfM3iFDaEaSKFBTRUwQAffNq RBj+UHAyBxyomg46HcUKH24LJmm3PKJXcCyG+kxulalYQ7msEtb/P+3XQxdrTM6e xJCr//oQUJqjkFfW54wQrp8WGs81HX/Xdu2KnDWnKLinXSH8MDfd3ggZTxXG56ba kEeO95RTTI5TAr79meXqhtCvAwLTm6qT8asojiAB/0z7zLcpQPWHpBITBR9DbtdR UJ84tCDtFwkSj8y5Ga+fzb5pEdOvVRBtF4Z5llLGsgCd5a84sDX0iGuPDgQ9fO6v zdNqEErGzYbKIj2hSlz7Dv+I31xip8C5HtmsbH44N/53kyXChYpPtTcGWgaBFPHO lJ2ZkeoyWs5nPW4EZq0MTy2jLvee9Xid9wr9fo/jQopVlrzxnzct/J5flf6MGBv8 jv1LkK/XA2gSY6zik6eiywTlT2TOA/rGFJ/Zi+jM1GKMa+QALBmfGgbGMYFU+1Mk mq9Vmbqdda64wt0CAwEAAaNCMEAwHQYDVR0OBBYEFGgBk7HSSkBCaZRGLBxaiKkl tEdPMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB DAUAA4ICAQCS/O64AnkXAlF9IcVJZ6ek8agkOOsMaOpaQmuc9HPBaUotszcFUEKY kp4GeSwuBpn2798roM2zkgGDtaDLJ7U8IxqYSaLsLZmlWUOs0rGT1lfXHLyT1sZA 4bNvGVW3E9flQzOktavL2sExZA101iztw41u67uvGUdhYS3A9AW5b3jcOvdCQGVT kb2ZDZOSVKapN1krm8uZxrw99wSE8JQzHQ+CWjnLLkXDKBmjspuYyPwxa2CP9umG KLzgPH10XRaJW2kkxxCLxEu7Nk/UWT/DsKSRmfgu0UoBnfWIEu+/WhFqWU9Za1pn 84+0Ew/A2C89KHKqGX8RfWpbn5XnX7eUT/E+oVr/Lcyd3yd3jzJzHGcKdvP6XLG/ vB29DCibsscXZwszD8O9Ntz7ukILq+2Ew2LWhBapsQdrqW7uxs/msEQpwvCzYYAq i2/SFFwlh1Rk86RMwaH4p2vq/uo6/HnbDo/cxvPJ1Gze6YOhjh0i7Mk6sgB73Dun Qhp/3IupET2Op8Agb10JXUNE5o9mzKlbB/Hvm3oOs1ThlP0OLMaT11X9cZg1uAlK /8YpKCz2Ui3bFBiSJ+IWfozK1GG+goeR65g3P79fXXc/NKwbOEOraHKZMh46Ghml ozhMI9ej58zVKpIXkAtaS70WvfuGauKJmezkoFUYyaMIHxPgMghy0A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICETCCAZegAwIBAgIQDfPZN2WjecWVZuqS4iRPNDAKBggqhkjOPQQDAzBKMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xIjAgBgNVBAMTGURp Z2lDZXJ0IEVDQyBQMzg0IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcNNDYwMTE0 MjM1OTU5WjBKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4x IjAgBgNVBAMTGURpZ2lDZXJ0IEVDQyBQMzg0IFJvb3QgRzUwdjAQBgcqhkjOPQIB BgUrgQQAIgNiAAT8WR/OmWx/mw62KWNvxoXzCtPWm65XFUwO7V3jCX5tKqOGqrp4 oKdxvUT6CMBKBtZv3SxKOHTl0L3/ev/lOU69vRceH0Ot1bwn2Eu/dowwMqT7+VPl 2Ko4U12ooDegZwqjQjBAMB0GA1UdDgQWBBSSlvfmutURuvkiLnt+WtnwJeUFGzAO BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBl AjEA/cBN8aSn26cMJhH0Sb0HOGMrRGIGeQjHw9TPmz6rOieqkMf9WaK4MlLbyo4X CwqQAjBdGuxRidRk3PnlHji9Wy7j5UTkOxh61/CVQI/y68/0+dBlokHysOZ8wTYs j1453Tc= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDdTCCAl2gAwIBAgIBATANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQGEwJVUzEZ MBcGA1UECgwQVmVyaXpvbiBCdXNpbmVzczERMA8GA1UECwwIT21uaVJvb3QxHzAd BgNVBAMMFlZlcml6b24gR2xvYmFsIFJvb3QgQ0EwHhcNMDkwNzMwMTQyNzA0WhcN MzQwNzMwMTQyNzA0WjBcMQswCQYDVQQGEwJVUzEZMBcGA1UECgwQVmVyaXpvbiBC dXNpbmVzczERMA8GA1UECwwIT21uaVJvb3QxHzAdBgNVBAMMFlZlcml6b24gR2xv YmFsIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKAAxw Hb/rNIbDmUU1Hn9D96tvJC3NGcIQu7DKKVupIKurcizE4gI5bYK4xRHq+PuznmL4 Mx6wH8nj9jfbBMg7Y0824oWkJR3HaR8EvWhFE5YHH5RQ9T7FJ1SewElXRI4HY9Sm ru0imcxNlmkEE252iZ90FpT5HVS9ornSgwEiDE1EgKr+NYknJaeGicbVGpLjj8WV oBRymuhWxQJVHJf5IC7Q9TwTGVr24fkLA4Jpp4y31m+cVj6d6CoJYG1L5vuLmRT3 NE9lWYCNuVfIojUh2IhxVl3uglctJpAYn5qcnI/v1MVjp1R9R5GHfRoSqBsYb6lv sSe65AR0zjcef2bFAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ BAQDAgEGMB0GA1UdDgQWBBRMOBG4mABbWitwPqp45NVnZ2enfjANBgkqhkiG9w0B AQsFAAOCAQEAAV+gsQYB9HnXZRhgPs95oLrCI08j34eWX4EOOBUuXMgCaCkg/Ivu pYoYgWRcmDV+OTCCpIKKULW6w+ha1qie4sMX29vE67AKIA3pnuP/YFRH8Tud1Cg8 oq6j+6qLgiIqNYeQuBxZR5DVnS76SeNlqDbrx+QcaNyzMWyrTs4kgBXIEFkQEXJN epyYnMT8YeCzsp1OoMbCWasY1qJVRewpqiU31k5KPQtAweST5PzNkQv45qvMs3bE Yr8Z7Ya2ecMpVFS8mX1GV8+mz/RUKpoDZUcBoUIqyyVHbnxeAEuR2fkbEAZw+UIV pl+q10Ae/clInZeB6lxowqDniaFTTb/H4w== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI 2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx 1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV 5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY 1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl MrY= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/ oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8 sycX -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFXjCCA0agAwIBAgIQCL+ib5o/M2WirPCmOMQBcDANBgkqhkiG9w0BAQwFADBJ MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xITAfBgNVBAMT GERpZ2lDZXJ0IFJTQTQwOTYgUm9vdCBHNTAeFw0yMTAxMTUwMDAwMDBaFw00NjAx MTQyMzU5NTlaMEkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5j LjEhMB8GA1UEAxMYRGlnaUNlcnQgUlNBNDA5NiBSb290IEc1MIICIjANBgkqhkiG 9w0BAQEFAAOCAg8AMIICCgKCAgEAqr4NsgZ9JvlH6uQb50JpuJnCue4ksUaQy1kk UlQ1piTCX5EZyLZC1vNHZZVk54VlZ6mufABP4HgDUK3zf464EeeBYrGL3/JJJgne Dxa82iibociXL5OQ2iAq44TU/6mesC2/tADemx/IoGNTaIVvTYXGqmP5jbI1dmJ0 A9yTmGgFns2QZd3SejGrJC1tQC6QP2NsLOv6HoBUjXkCkBSztU9O9YgEQ4DDSLMm L6xRlTJVJS9BlrBWoQg73JgfcoUsd8qYzDj7jnLJbewF7O1NtzxbFFCF3Zf7WfeQ EvQTv4NNgLIVZRGXYOXWXOYEtVDmcTO2IJOpaAA4zknbtFw7ctdFXFS/zTwBIx58 1vhpLKUACmwySLTecC06ExfBf2TL8zDtoT2WZ/GUtWBsW2lo9YIzCaK22fOFsm6g lPDCxH2hLMpz9a7gUpyiZuYDzurf7RjUuWOL9+j/+7Nbj0PFr7d0lFA1Za7WL/GF j1OhcPSNMl28lsMewgQEnAQPs11+iSDKXicNiUoSI7T2xN3YH/hoszb4HrzG94S2 6IpOiDA4wCbYcAoJOjQOa4ISlhwv5p6t2HE1gbGMBm70bmb/S0quvfD+11xfU7sy PM1i0RSgKR8Q3qlyT7GtZOWDKo+L6oSV7pglmJqzcTzBp1DyrEJiMcKhkMbu4reK qLW2GzsCAwEAAaNCMEAwHQYDVR0OBBYEFGJtt5FPxOqjYmCPoNC+tY8GfGgAMA4G A1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4IC AQBh6PsnbdbiuLMJr6rwsYJM/j0XiU0tFZ377tC7hOyEddtDE96Mn8cp74d0yxNw gVYAdPyu9Nk63iIIUaWgXIJmtntMqdqPq6wcQZZm1p3eVua/TrGyXl/Aw27UwoSQ 9X2xuhbRKYrInenP0McZOz/P7vfhM65CyJjACJ7zWvPf1Cs7jqgoVhnHTnc8JVTc uEhI0fknaj7sE6+yBYn9VV/zfY4NnAldLIp+hc744b8RPTKMWtd+PfQzWM+iBZij s/vOib/9whbdbtyISQ0LoAP/50XpBMHp/aqddfi4H4eD2es501qny5isE4kA/G+V TuF9EUZt9jhGoxOgLAH1Ys+/HFCRJ3Rdt+xHfNDRdct77tFNIwrDYKV3LYDaZw+O a3YH8KYP6oSuHnm/CIraCfP07rU289R6Q7qUNeH6wTsblpmkV2PrtaiC9634d9d2 hvN2U1Zb/CZChM6fg5GRr/S+cBWApdjoabHYkVS4GbJi+aL6Ve0Ev7lEhuTP8ZsA vxEPvrV0JFH/dzRj7EgjDugR63dt2sqCkb6khJNM2qH+zAaE6CHoVLrm0x1jPcJa /ObJg55yZKmGWQCMwvcTg7bQpDHGrJGOe6QiVhPGdccjvItb/EY9/l1SKa+v6MnD dkvoq0cC8poN0yyIgAeGwGMPAkyOBFN2uVhCb3wpcF2/Jw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICHDCCAaOgAwIBAgIQBT9uoAYBcn3tP8OjtqPW7zAKBggqhkjOPQQDAzBQMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xKDAmBgNVBAMTH0Rp Z2lDZXJ0IFNNSU1FIEVDQyBQMzg0IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcN NDYwMTE0MjM1OTU5WjBQMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQs IEluYy4xKDAmBgNVBAMTH0RpZ2lDZXJ0IFNNSU1FIEVDQyBQMzg0IFJvb3QgRzUw djAQBgcqhkjOPQIBBgUrgQQAIgNiAAQWnVXlttT7+2drGtShqtJ3lT6I5QeftnBm ICikiOxwNa+zMv83E0qevAED3oTBuMbmZUeJ8hNVv82lHghgf61/6GGSKc8JR14L HMAfpL/yW7yY75lMzHBrtrrQKB2/vgSjQjBAMB0GA1UdDgQWBBRzemuW20IHi1Jm wmQyF/7gZ5AurTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAKBggq hkjOPQQDAwNnADBkAjA3RPUygONx6/Rtz3zMkZrDbnHY0iNdkk2CQm1cYZX2kfWn CPZql+mclC2YcP0ztgkCMAc8L7lYgl4Po2Kok2fwIMNpvwMsO1CnO69BOMlSSJHW Dvu8YDB8ZD8SHkV/UT70pg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFajCCA1KgAwIBAgIQBfa6BCODRst9XOa5W7ocVTANBgkqhkiG9w0BAQwFADBP MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJzAlBgNVBAMT HkRpZ2lDZXJ0IFNNSU1FIFJTQTQwOTYgUm9vdCBHNTAeFw0yMTAxMTUwMDAwMDBa Fw00NjAxMTQyMzU5NTlaME8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2Vy dCwgSW5jLjEnMCUGA1UEAxMeRGlnaUNlcnQgU01JTUUgUlNBNDA5NiBSb290IEc1 MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4Gpb2fj5fey1e+9f3Vw0 2Npd0ctldashfFsA1IJvRYVBiqkSAnIy8BT1A3W7Y5dJD0CZCxoeVqfS0OGr3eUE G+MfFBICiPWggAn2J5pQ8LrjouCsahSRtWs4EHqiMeGRG7e58CtbyHcJdrdRxDYK mVNURCW3CTWGFwVWkz1BtwLXYh+KkhGH6hFt6ggR3LF4SEmS9rRRgHgj2P7hVho6 kBNWNInV4pWLX96yzPs/OLeF9+qevy6hLi9NfWoRLjag/xEIBJVV4Bs7Z5OplFXq Mu0GOn/Cf+OtEyfRNEGzMMO/tIj4A4Kk3z6reHegWZNx593rAAR7zEg5KOAeoxVp yDayoQuX31XW75GcpPYW91EK7gMjkdwE/+DdOPYiAwDCB3EaEsnXRiqUG83Wuxvu v75NUFiwC80wdin1z+W2ai92sLBpatBtZRg1fpO8chfBVULNL8Ilu/T9HaFkIlRd 4p5yQYRucZbqRQe2XnpKhp1zZHc4A9IPU6VVIMRN/2hvVanq3XHkT9mFo3xOKQKe CwnyGlPMAKbd0TT2DcEwsZwCZKw17aWwKbHSlTMP0iAzvewjS/IZ+dqYZOQsMR8u 4Y0cBJUoTYxYzUvlc4KGjOyo1nlc+2S73AxMKPYXr+Jo1haGmNv8AdwxuvicDvko Rkrh/ZYGRXkRaBdlXIsmh1sCAwEAAaNCMEAwHQYDVR0OBBYEFNGj1FcdT1XbdUxc Qp5jFs60xjsfMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MA0GCSqG SIb3DQEBDAUAA4ICAQAHpwreU7ua63C/sjaQzeSnuPEM5F1aHXhl/Mm4HiMRV3xp NW0B/1NQvwcOuscBP1gqlHUDqxwLI9wbih43PR1Yj3PZsypv3xCgWwynyrB/uSSi ATUy5V5GQevYf3PnQumkUSZ3gQqo6w8KUJ1+iiBn/AuOOhHTxYxgGNlLsfzU8bRJ Tq6H4dH7dqFf8wbPl5YM6Z51gVxTDSL8NuZJbnTbAIWNfCKgjvsQTNRiE1vvS3Im i/xOio/+lxBTxXiLQmQbX+CJ/bsJf1DgVIUmEWodZflJKdx8Nt/7PffSrO4yjW6m fTmcRcTKDfU7tHlTpS9Wx1HFikxkXZBDI45rTBd4zOi/9TvkqEjPrZsM3zJK09kS jiN4DS2vn6+ePAnClwDtOmkccT8539OPxGb17zaUD/PdkraWX5Cm3XOqpiCUlCVq CQxy5BMjYEyjyhcue2cA29DN6nofOSZXiTB3y07llUVPX/s2XD35ILU6ECVPkzJa 7sGW6OlWBLBJYU3seKidGMH/2OovVu+VK3sEXmfjVUDtOQT5C3n1aoxcD4makMfN i97bJjWhbs2zQvKiDzsMjpP/FM/895P35EEIbhlSEQ9TGXN4DM/YhYH4rVXIsJ5G Y6+cUu5cv/DAWzceCSDSPiPGoRVKDjZ+MMV5arwiiNkMUkAf3U4PZyYW0q0XHA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICGTCCAZ+gAwIBAgIQCeCTZaz32ci5PhwLBCou8zAKBggqhkjOPQQDAzBOMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJjAkBgNVBAMTHURp Z2lDZXJ0IFRMUyBFQ0MgUDM4NCBSb290IEc1MB4XDTIxMDExNTAwMDAwMFoXDTQ2 MDExNDIzNTk1OVowTjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJ bmMuMSYwJAYDVQQDEx1EaWdpQ2VydCBUTFMgRUNDIFAzODQgUm9vdCBHNTB2MBAG ByqGSM49AgEGBSuBBAAiA2IABMFEoc8Rl1Ca3iOCNQfN0MsYndLxf3c1TzvdlHJS 7cI7+Oz6e2tYIOyZrsn8aLN1udsJ7MgT9U7GCh1mMEy7H0cKPGEQQil8pQgO4CLp 0zVozptjn4S1mU1YoI71VOeVyaNCMEAwHQYDVR0OBBYEFMFRRVBZqz7nLFr6ICIS B4CIfBFqMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49 BAMDA2gAMGUCMQCJao1H5+z8blUD2WdsJk6Dxv3J+ysTvLd6jLRl0mlpYxNjOyZQ LgGheQaRnUi/wr4CMEfDFXuxoJGZSZOoPHzoRgaLLPIxAJSdYsiJvRmEFOml+wG4 DXZDjC5Ty3zfDBeWUA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFZjCCA06gAwIBAgIQCPm0eKj6ftpqMzeJ3nzPijANBgkqhkiG9w0BAQwFADBN MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMT HERpZ2lDZXJ0IFRMUyBSU0E0MDk2IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcN NDYwMTE0MjM1OTU5WjBNMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQs IEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0MDk2IFJvb3QgRzUwggIi MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz0PTJeRGd/fxmgefM1eS87IE+ ajWOLrfn3q/5B03PMJ3qCQuZvWxX2hhKuHisOjmopkisLnLlvevxGs3npAOpPxG0 2C+JFvuUAT27L/gTBaF4HI4o4EXgg/RZG5Wzrn4DReW+wkL+7vI8toUTmDKdFqgp wgscONyfMXdcvyej/Cestyu9dJsXLfKB2l2w4SMXPohKEiPQ6s+d3gMXsUJKoBZM pG2T6T867jp8nVid9E6P/DsjyG244gXazOvswzH016cpVIDPRFtMbzCe88zdH5RD nU1/cHAN1DrRN/BsnZvAFJNY781BOHW8EwOVfH/jXOnVDdXifBBiqmvwPXbzP6Po sMH976pXTayGpxi0KcEsDr9kvimM2AItzVwv8n/vFfQMFawKsPHTDU9qTXeXAaDx Zre3zu/O7Oyldcqs4+Fj97ihBMi8ez9dLRYiVu1ISf6nL3kwJZu6ay0/nTvEF+cd Lvvyz6b84xQslpghjLSR6Rlgg/IwKwZzUNWYOwbpx4oMYIwo+FKbbuH2TbsGJJvX KyY//SovcfXWJL5/MZ4PbeiPT02jP/816t9JXkGPhvnxd3lLG7SjXi/7RgLQZhNe XoVPzthwiHvOAbWWl9fNff2C+MIkwcoBOU+NosEUQB+cZtUMCUbW8tDRSHZWOkPL tgoRObqME2wGtZ7P6wIDAQABo0IwQDAdBgNVHQ4EFgQUUTMc7TZArxfTJc1paPKv TiM+s0EwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN AQEMBQADggIBAGCmr1tfV9qJ20tQqcQjNSH/0GEwhJG3PxDPJY7Jv0Y02cEhJhxw GXIeo8mH/qlDZJY6yFMECrZBu8RHANmfGBg7sg7zNOok992vIGCukihfNudd5N7H PNtQOa27PShNlnx2xlv0wdsUpasZYgcYQF+Xkdycx6u1UQ3maVNVzDl92sURVXLF O4uJ+DQtpBflF+aZfTCIITfNMBc9uPK8qHWgQ9w+iUuQrm0D4ByjoJYJu32jtyoQ REtGBzRj7TG5BO6jm5qu5jF49OokYTurWGT/u4cnYiWB39yhL/btp/96j1EuMPik AdKFOV8BmZZvWltwGUb+hmA+rYAQCd05JS9Yf7vSdPD3Rh9GOUrYU9DzLjtxpdRv /PNn5AeP3SYZ4Y1b+qOTEZvpyDrDVWiakuFSdjjo4bq9+0/V77PnSIMx8IIh47a+ p6tv75/fTM8BuGJqIz3nCU2AG3swpMPdB380vqQmsvZB6Akd4yCYqjdP//fx4ilw MUc/dNAUFvohigLVigmUdy7yWSiLfFCSCmZ4OIN1xLVaqBHG5cGdZlXPU8Sv13WF qUITVuwhd4GTWgzqltlJyqEI8pc7bZsEGCREjnwB8twl2F6GmrE52/WRMmrRpnCK ovfepEWFJqgejF0pW8hL2JpqA15w8oVPbEtoL8pU9ozaMv7Da4M/OMZ+ -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/ CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t 9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2 SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd +SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N 0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie 4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1 /YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEW MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVy c2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UE BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0 IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYV VaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9tJPi8 cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTT QjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFh F7em6fgemdtzbvQKoiFs7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2v c7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/w mZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xd VHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCX teGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZ f9hBZ3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfRe Bi9Fi1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+ nhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB /wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8GA1UdIwQY MBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG 9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fX IwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzyn ANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0z uzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqN Pnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja QI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW koRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9 ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm bJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFbDCCA1SgAwIBAgIQDLMPcPKGpDPguQmJ3gHttzANBgkqhkiG9w0BAQsFADBQ MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPV0ZBIEhvdHNwb3QgMi4wMScwJQYDVQQD Ex5Ib3RzcG90IDIuMCBUcnVzdCBSb290IENBIC0gMDMwHhcNMTMxMjA4MTIwMDAw WhcNNDMxMjA4MTIwMDAwWjBQMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPV0ZBIEhv dHNwb3QgMi4wMScwJQYDVQQDEx5Ib3RzcG90IDIuMCBUcnVzdCBSb290IENBIC0g MDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsdEtReIUbMlO+hR6b yQk4nGVITv3meYTaDeVwZnQVal8EjHuu4Kd89g8yRYVTv3J1kq9ukE7CDrDehrXK ym+8VlR7ro0lB/lwRyNk3W7yNccg3AknQ0x5fKVwcFznwD/FYg37owGmhGFtpMTB cxzreQaLXvLta8YNlJU10ZkfputBpzi9bLPWsLOkIrQw7KH1Wc+Oiy4hUMUbTlSi cjqacKPR188mVIoxxUoICHyVV1KvMmYZrVdc/b5dbmd0haMHxC0VSqbydXxxS7vv /lCrC2d5qbKE66PiuBPkhzyU7SI9C8GU/S7akYm1MMSTn5W7lSp2AWRDnf9LQg51 dLvDxJ7t2fruXtSkkqG/cwY1yQI8O+WZYPDThKPcDmNbaxVE9lOizAHXFVsfYrXA PbbMOkzKehYwaIikmNgcpxtQNw+wikJiZb9N8VwwtwHK71XEFi+n5DGlPa9VDYgB YkBcxvVo2rbE3i3teQgHm+pWZNP08aFNWwMk9yQkm/SOGdLq1jLbQA9yd7fyR1Ct W1GLzKi1Ojr/6XiB9/noL3oxP/+gb8OSgcqVfkZp4QLvrGdlKiOI2fE7Bslmzn6l B3UTpApjab7BQ99rCXzDwt3Xd7IrCtAJNkxi302J7k6hnGlW8S4oPQBElkOtoH9y XEhp9rNS0lZiuwtFmWW2q50fkQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G A1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUZw5JLGEXnuvt4FTnhNmbrWRgc2UwDQYJ KoZIhvcNAQELBQADggIBAFPoGFDyzFg9B9+jJUPGW32omftBhChVcgjllI07RCie KTMBi47+auuLgiMox3xRyP7/dX7YaUeMXEQ1BMv6nlrsXWv1lH4yu+RNuehPlqRs fY351mAfPtQ654SBUi0Wg++9iyTOfgF5a9IWEDt4lnSZMvA4vlw8pUCz6zpKXHnA RXKrpY3bU+2dnrFDKR0XQhmAQdo7UvdsT1elVoFIxHhLpwfzx+kpEhtrXw3nGgt+ M4jNp684XoWpxVGaQ4Vvv00Sm2DQ8jq2sf9F+kRWszZpQOTiMGKZr0lX2CI5cww1 dfmd1BkAjI9cIWLkD8YSeaggZzvYe1o9d7e7lKfdJmjDlSQ0uBiG77keUK4tF2fi xFTxibtPux56p3GYQ2GdRsBaKjH3A3HMJSKXwIGR+wb1sgz/bBdlyJSylG8hYD// 0Hyo+UrMUszAdszoPhMY+4Ol3QE3QRWzXi+W/NtKeYD2K8xUzjZM10wMdxCfoFOa 8bzzWnxZQlnu880ULUSHIxDPeE+DDZYYOaN1hV2Rh/hrFKvvV+gJj2eXHF5G7y9u Yg7nHYCCf7Hy8UTIXDtAAeDCQNon1ReN8G+XOqhLQ9TalmnJ5U5ARtC0MdQDht7T DZpWeEVv+pQHARX9GDV/T85MV2RPJWKqfZ6kK0gvQDkunADdg8IhZAjwMMx3k6B/ -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIID9jCCAt6gAwIBAgIQJDJ18h0v0gkz97RqytDzmDANBgkqhkiG9w0BAQsFADCB lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl YyBDbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 IC0gRzYwHhcNMTExMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAx IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHOddJZKmZgiJM6kXZBxbje/SD 6Jlz+muxNuCad6BAwoGNAcfMjL2Pffd543pMA03Z+/2HOCgs3ZqLVAjbZ/sbjP4o ki++t7JIp4Gh2F6Iw8w5QEFa0dzl2hCfL9oBTf0uRnz5LicKaTfukaMbasxEvxvH w9QRslBglwm9LiL1QYRmn81ApqkAgMEflZKf3vNI79sdd2H8f9/ulqRy0LY+/3gn r8uSFWkI22MQ4uaXrG7crPaizh5HmbmJtxLmodTNWRFnw2+F2EJOKL5ZVVkElauP N4C/DfD8HzpkMViBeNfiNfYgPym4jxZuPkjctUwH4fIa6n4KedaovetdhitNAgMB AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW BBQzQejIORIVk0jyljIuWvXalF9TYDANBgkqhkiG9w0BAQsFAAOCAQEAFeNzV7EX tl9JaUSm9l56Z6zS3nVJq/4lVcc6yUQVEG6/MWvL2QeTfxyFYwDjMhLgzMv7OWyP 4lPiPEAz2aSMR+atWPuJr+PehilWNCxFuBL6RIluLRQlKCQBZdbqUqwFblYSCT3Q dPTXvQbKqDqNVkL6jXI+dPEDct+HG14OelWWLDi3mIXNTTNEyZSPWjEwN0ujOhKz 5zbRIWhLLTjmU64cJVYIVgNnhJ3Gw84kYsdMNs+wBkS39V8C3dlU6S+QTnrIToNA DJqXPDe/v+z28LSFdyjBC8hnghAXOKK3Buqbvzr46SMHv3TgmDgVVXjucgBcGaP0 0jPg/73RVDkpDw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIID9jCCAt6gAwIBAgIQZIKe/DcedF38l/+XyLH/QTANBgkqhkiG9w0BAQsFADCB lDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRl YyBDbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 IC0gRzYwHhcNMTExMDE4MDAwMDAwWhcNMzcxMjAxMjM1OTU5WjCBlDELMAkGA1UE BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZT eW1hbnRlYyBUcnVzdCBOZXR3b3JrMUUwQwYDVQQDEzxTeW1hbnRlYyBDbGFzcyAy IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzYwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNzOkFyGOFyz9AYxe9GPo15gRn V2WYKaRPyVyPDzTS+NqoE2KquB5QZ3iwFkygOakVeq7t0qLA8JA3KRgmXOgNPLZs ST/B4NzZS7YUGQum05bh1gnjGSYc+R9lS/kaQxwAg9bQqkmi1NvmYji6UBRDbfkx +FYW2TgCkc/rbN27OU6Z4TBnRfHU8I3D3/7yOAchfQBeVkSz5GC9kSucq1sEcg+y KNlyqwUgQiWpWwNqIBDMMfAr2jUs0Pual07wgksr2F82owstr2MNHSV/oW5cYqGN KD6h/Bwg+AEvulWaEbAZ0shQeWsOagXXqgQ2sqPy4V93p3ec5R7c6d9qwWVdAgMB AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW BBSHjCCVyJhK0daABkqQNETfHE2/sDANBgkqhkiG9w0BAQsFAAOCAQEAgY6ypWaW tyGltu9vI1pf24HFQqV4wWn99DzX+VxrcHIa/FqXTQCAiIiCisNxDY7FiZss7Y0L 0nJU9X3UXENX6fOupQIR9nYrgVfdfdp0MP1UR/bgFm6mtApI5ud1Bw8pGTnOefS2 bMVfmdUfS/rfbSw8DVSAcPCIC4DPxmiiuB1w2XaM/O6lyc+tHc+ZJVdaYkXLFmu9 Sc2lo4xpeSWuuExsi0BmSxY/zwIa3eFsawdhanYVKZl/G92IgMG/tY9zxaaWI4Sm KIYkM2oBLldzJbZev4/mHWGoQClnHYebHX+bn5nNMdZUvmK7OaxoEkiRIKXLsd3+ b/xa5IJVWa8xqQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta 3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk 6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6 Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2 /qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/ LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7 jVaMaA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+ rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/ NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y 5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ 4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJ BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy aVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24s IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp Z24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJBgNV BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp Z24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIElu Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24g Q2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt IEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWU J92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDO JxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUY wZF7C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9o koqQHgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/E Srg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekhktdmnLfe xbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf0xwLRtxyID+u 7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RI sH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTP cjnhsUPgKM+351psE2tJs//jGHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHKMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT aWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu IENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4 nN493GwTFtl63SRRZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO 8ESlV8dAWB6jRx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjV ojYJrKshJlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjb PG7PoBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2 6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHhv2Vr n5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQBfGfMY1a qtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/Ny9Sn2WCVhDr4 wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUfxJM8/XmPBNQ+T+r3 ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFMDSZl4kSAHsef493oCtrs pSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5SCJ5ShkPshw+IHTZasO+8ih4 E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXVOBRgmaNL3gaWcSzy27YfpO8/7g== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCB vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe Fw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJVUzEX MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0 IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9y IGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNh bCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj1mCOkdeQmIN65lgZOIzF 9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGPMiJhgsWH H26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+H LL729fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN /BMReYTtXlT2NJ8IAfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPT rJ9VAMf2CGqUuV/c4DPxhGD5WycRtPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1Ud EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFsw WTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgs exkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4 sAPmLGd75JR3Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+ seQxIcaBlVZaDrHC1LGmWazxY8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz 4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+ BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+PwGZsY6rp2aQW9IHR lRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4mJO3 7M2CYfE45k+XmCpajQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFajCCA1KgAwIBAgIQEoG5GPN5OkKTzpFYYeTtXDANBgkqhkiG9w0BAQsFADBP MSUwIwYDVQQDDBxEaWdpZGVudGl0eSBTZXJ2aWNlcyBSb290IENBMRkwFwYDVQQK DBBEaWdpZGVudGl0eSBCLlYuMQswCQYDVQQGEwJOTDAeFw0xODA3MTAxMDA1NDJa Fw00MzA3MDQxMDA1NDJaME8xJTAjBgNVBAMMHERpZ2lkZW50aXR5IFNlcnZpY2Vz IFJvb3QgQ0ExGTAXBgNVBAoMEERpZ2lkZW50aXR5IEIuVi4xCzAJBgNVBAYTAk5M MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkgc7BfM91cHK5ubHBvp5 qD9oZ0R3M2TDH13YclmDY8+TzKWTEwFBxAoPps9nGjI0oLpAnEe+QqzeGwdcSCMz Up0p87dcxjVCaoZ0Z8jJmhNVk1BfRi9AKfCmnnx7WlTaiiryAZtKje7PbBBF9fAg ETq9jlh6mEKXkwNiDzx8YSia2lVNJMB8zwvL2R3ZzWm6i82ONMX0dVdGK4KNbjzl CJV6b0qLfeOEf35CKtmxIaAm4po4F7Gq3TLkTKar+cQmB14GlbnPrZ/J/8sj0jno JEiIErHVz7TE7D2L/nVvxxFyEui62prSfXFrXtmMfjGG31jdLJlKrLAtzcrcYC9r MKJaizzLGzD8ETNJSdlW1ugh3rS6PHrXGCUegPaL5gWXddR0aIVDCnSLHLEtuZ8E 2KGX1KY0UsyNMoStie3m+EWMc5wdNeYO562Y90nJCpmWUKIujX/uqRoeqawntsxZ y0qS6PLXjqeNXU7VdQeg1Hgj2bUfWuOxQBqg8X5taMR8OVq+StI1k/VmNNb9C5Sq mK6iLS5AcsCrrgBzijeIevxCmoXderIy/t3EhjSEf3saacC3PrST3Aax4Bjifoey KMXVaU7xy8PTUjwFIZzZZawZq/+xZSw4emoEM6esnyguzsJMk5jwwgGqkBhH07or MKnNaVXYH2M8NzM8Ze/v5x0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNV HQ4EFgQUwnhnF2uPPk6xWJaOekLaZz/EF10wDgYDVR0PAQH/BAQDAgEGMA0GCSqG SIb3DQEBCwUAA4ICAQAeojNQBng8utKsHlJ2xUc7zr06qqTAr7Vcp3Us4yBks7WF VwnfPpPPlgYyHtZOMxc/6KIIuV2qgC6d71JeFw/gB3yJ40EY7YxUrlayfECIFit8 xUWuwuZPNvhz/bQOmUBJha8hvhKT0/5mQPzRU6Alf512EWBIMEydrInciCS/olMz sYrL4t5hQ3h/euHtJI58CL80zjOUdXNu9M8oMt+9IhjNIbykHN6wpP+OGiPHX3RT ebYAe2wyf1ztO3GwGgTiDuOjb39TvWZ/tbkfG6xz05NSo1kDOK1bZ2hiGifJ9r1/ Ha2dMHYUWDvzMKpCeUcQs3/ZOsrZmUpHnFuEEp9l+MeAtfQ/HNBeWfx4RIGniT6I XZKWsXRipuzpYnVbzelCESyLFCKaB4wG5IOoyleSWQZosjk6mlEIReIGA+U2T4he lL0UPK9V+DJ1M1/LUbsSGUZlAXNBZgWMvxhL/zk5j27g4lnW8Jy8DD46eIFPJFna RErXT7avmuxE9Xeb28MjkPZGGL2/L9F+KEAUMX26IAV4pHbdFg4KeqxpRv7wAe5q 0m0OjjsVLnwjj3fh5X38GAOU3iGUJttGiVT4I7NYK/4v9vSWG5NlrXkDLMTfITh0 5Jod9kVHOXLVcV37vghtFtWot2FjKqcowAemtd6V7ZKqbPvNXE1ZWuZdIJuGlw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQy MDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjIw ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbCw3Oe NcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNH PWSb6WiaxswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3I x2ymrdMxp7zo5eFm1tL7A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbe QTg06ov80egEFGEtQX6sx3dOy1FU+16SGBsEWmjGycT6txOgmLcRK7fWV8x8nhfR yyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqVg8NTEQxzHQuyRpDRQjrO QG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa5Beny912 H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJ QfYEkoopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUD i/ZnWejBBhG93c+AAk9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORs nLMOPReisjQS1n6yqEm70XooQL6iFh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1 rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud DwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5uQu0wDQYJKoZI hvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqf GopTpti72TVVsRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkb lvdhuDvEK7Z4bLQjb/D907JedR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka +elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W81k/BfDxujRNt+3vrMNDcTa/F1bal TFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjxmHHEt38OFdAlab0i nSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01utI3 gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18Dr G5gPcFw0sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3Os zMOl6W8KjptlwlCFtaOgUxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8x L4ysEr3vQCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcL -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFkjCCA3qgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJGUjET MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxHTAb BgNVBAMTFENlcnRpbm9taXMgLSBSb290IENBMB4XDTEzMTAyMTA5MTcxOFoXDTMz MTAyMTA5MTcxOFowWjELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNlcnRpbm9taXMx FzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMR0wGwYDVQQDExRDZXJ0aW5vbWlzIC0g Um9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANTMCQosP5L2 fxSeC5yaah1AMGT9qt8OHgZbn1CF6s2Nq0Nn3rD6foCWnoR4kkjW4znuzuRZWJfl LieY6pOod5tK8O90gC3rMB+12ceAnGInkYjwSond3IjmFPnVAy//ldu9n+ws+hQV WZUKxkd8aRi5pwP5ynapz8dvtF4F/u7BUrJ1Mofs7SlmO/NKFoL21prbcpjp3vDF TKWrteoB4owuZH9kb/2jJZOLyKIOSY008B/sWEUuNKqEUL3nskoTuLAPrjhdsKkb 5nPJWqHZZkCqqU2mNAKthH6yI8H7KsZn9DS2sJVqM09xRLWtwHkziOC/7aOgFLSc CbAK42C++PhmiM1b8XcF4LVzbsF9Ri6OSyemzTUK/eVNfaoqoynHWmgE6OXWk6Ri wsXm9E/G+Z8ajYJJGYrKWUM66A0ywfRMEwNvbqY/kXPLynNvEiCL7sCCeN5LLsJJ wx3tFvYk9CcbXFcx3FXuqB5vbKziRcxXV4p1VxngtViZSTYxPDMBbRZKzbgqg4SG m/lg0h9tkQPTYKbVPZrdd5A9NaSfD171UkRpucC63M9933zZxKyGIjK8e2uR73r4 F2iw4lNVYC2vPsKD2NkJK/DAZNuHi5HMkesE/Xa0lZrmFAYb1TQdvtj/dBxThZng WVJKYe2InmtJiUZ+IFrZ50rlau7SZRFDAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTvkUz1pcMw6C8I6tNxIqSSaHh0 2TAfBgNVHSMEGDAWgBTvkUz1pcMw6C8I6tNxIqSSaHh02TANBgkqhkiG9w0BAQsF AAOCAgEAfj1U2iJdGlg+O1QnurrMyOMaauo++RLrVl89UM7g6kgmJs95Vn6RHJk/ 0KGRHCwPT5iVWVO90CLYiF2cN/z7ZMF4jIuaYAnq1fohX9B0ZedQxb8uuQsLrbWw F6YSjNRieOpWauwK0kDDPAUwPk2Ut59KA9N9J0u2/kTO+hkzGm2kQtHdzMjI1xZS g081lLMSVX3l4kLr5JyTCcBMWwerx20RoFAXlCOotQqSD7J6wWAsOMwaplv/8gzj qh8c3LigkyfeY+N/IZ865Z764BNqdeuWXGKRlI5nU7aJ+BIJy29SWwNyhlCVCNSN h4YVH5Uk2KRvms6knZtt0rJ2BobGVgjF6wnaNsIbW0G+YSrjcOa4pvi2WsS9Iff/ ql+hbHY5ZtbqTFXhADObE5hjyW/QASAJN1LnDE8+zbz1X5YnpyACleAu6AdBBR8V btaw5BngDwKTACdyxYvRVB9dSsNAl35VpnzBMwQUAR1JIGkLGZOdblgi90AMRgwj Y/M50n92Uaf0yKHxDHYiI0ZSKS3io0EHVmmY0gUJvGnHWmHNj4FgFU2A3ZDifcRQ 8ow7bkrHxuaAKzyBvBGAFhAn1/DNP3nMcyrDflOR1m749fPH0FFNjkulW+YZFzvW gQncItzujrnEj1PhZ7szuIgVRs/taTX/dQ1G885x4cVrhkIGuUE= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIH/jCCBeagAwIBAgIBADANBgkqhkiG9w0BAQUFADCB1DELMAkGA1UEBhMCQVQx DzANBgNVBAcTBlZpZW5uYTEQMA4GA1UECBMHQXVzdHJpYTE6MDgGA1UEChMxQVJH RSBEQVRFTiAtIEF1c3RyaWFuIFNvY2lldHkgZm9yIERhdGEgUHJvdGVjdGlvbjEq MCgGA1UECxMhR0xPQkFMVFJVU1QgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRQwEgYD VQQDEwtHTE9CQUxUUlVTVDEkMCIGCSqGSIb3DQEJARYVaW5mb0BnbG9iYWx0cnVz dC5pbmZvMB4XDTA2MDgwNzE0MTIzNVoXDTM2MDkxODE0MTIzNVowgdQxCzAJBgNV BAYTAkFUMQ8wDQYDVQQHEwZWaWVubmExEDAOBgNVBAgTB0F1c3RyaWExOjA4BgNV BAoTMUFSR0UgREFURU4gLSBBdXN0cmlhbiBTb2NpZXR5IGZvciBEYXRhIFByb3Rl Y3Rpb24xKjAoBgNVBAsTIUdMT0JBTFRSVVNUIENlcnRpZmljYXRpb24gU2Vydmlj ZTEUMBIGA1UEAxMLR0xPQkFMVFJVU1QxJDAiBgkqhkiG9w0BCQEWFWluZm9AZ2xv YmFsdHJ1c3QuaW5mbzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANIS R+xfmOgNhhVJxN3snvFszVG2+5VPi8SQPVMzsdMTxUjipb/19AOED5x4cfaSl/Fb WXUYPycLUS9caMeh6wDz9pU9acN+wqzECjZyelum0PcBeyjHKscyYO5ZuNcLJ92z RQUre2Snc1zokwKXaOz8hNue1NWBR8acwKyXyxnqh6UKo7h1JOdQJw2rFvlWXbGB ARZ98+nhJPMIIbm6rF2ex0h5f2rK3zl3BG0bbjrNf85cSKwSPFnyas+ASOH2AGd4 IOD9tWR7F5ez5SfdRWubYZkGvvLnnqRtiztrDIHutG+hvhoSQUuerQ75RrRa0QMA lBbAwPOs+3y8lsAp2PkzFomjDh2V2QPUIQzdVghJZciNqyEfVLuZvPFEW3sAGP0q GVjSBcnZKTYl/nfua1lUTwgUopkJRVetB94i/IccoO+ged0KfcB/NegMZk3jtWoW WXFb85CwUl6RAseoucIEb55PtAAt7AjsrkBu8CknIjm2zaCGELoLNex7Wg22ecP6 x63B++vtK4QN6t7565pZM2zBKxKMuD7FNiM4GtZ3k5DWd3VqWBkXoRWObnYOo3Ph XJVJ28EPlBTF1WIbmas41Wdu0qkZ4Vo6h2pIP5GW48bFJ2tXdDGY9j5xce1+3rBN LPPuj9t7aNcQRCmt7KtQWVKabGpyFE0WFFH3134fAgMBAAGjggHXMIIB0zAdBgNV HQ4EFgQUwAHV4HgfL3Q64+vAIVKmBO4my6QwggEBBgNVHSMEgfkwgfaAFMAB1eB4 Hy90OuPrwCFSpgTuJsukoYHapIHXMIHUMQswCQYDVQQGEwJBVDEPMA0GA1UEBxMG Vmllbm5hMRAwDgYDVQQIEwdBdXN0cmlhMTowOAYDVQQKEzFBUkdFIERBVEVOIC0g QXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0aW9uMSowKAYDVQQLEyFH TE9CQUxUUlVTVCBDZXJ0aWZpY2F0aW9uIFNlcnZpY2UxFDASBgNVBAMTC0dMT0JB TFRSVVNUMSQwIgYJKoZIhvcNAQkBFhVpbmZvQGdsb2JhbHRydXN0LmluZm+CAQAw DwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAcYwEQYDVR0gBAowCDAGBgRVHSAA MD0GA1UdEQQ2MDSBFWluZm9AZ2xvYmFsdHJ1c3QuaW5mb4YbaHR0cDovL3d3dy5n bG9iYWx0cnVzdC5pbmZvMD0GA1UdEgQ2MDSBFWluZm9AZ2xvYmFsdHJ1c3QuaW5m b4YbaHR0cDovL3d3dy5nbG9iYWx0cnVzdC5pbmZvMA0GCSqGSIb3DQEBBQUAA4IC AQAVO4iDXg7ePvA+XdwtoUr6KKXWB6UkSM6eeeh5mlwkjlhyFEGFx0XuPChpOEmu Io27jAVtrmW7h7l+djsoY2rWbzMwiH5VBbq5FQOYHWLSzsAPbhyaNO7krx9i0ey0 ec/PaZKKWP3Bx3YLXM1SNEhr5Qt/yTIS35gKFtkzVhaP30M/170/xR7FrSGshyya 5BwfhQOsi8e3M2JJwfiqK05dhz52Uq5ZfjHhfLpSi1iQ14BGCzQ23u8RyVwiRsI8 p39iBG/fPkiO6gs+CKwYGlLW8fbUYi8DuZrWPFN/VSbGNSshdLCJkFTkAYhcnIUq mmVeS1fygBzsZzSaRtwCdv5yN3IJsfAjj1izAn3ueA65PXMSLVWfF2Ovrtiuc7bH UGqFwdt9+5RZcMbDB2xWxbAH/E59kx25J8CwldXnfAW89w8Ks/RuFVdJG7UUAKQw K1r0Vli/djSiPf4BJvDduG3wpOe8IPZRCPbjN4lXNvb3L/7NuGS96tem0P94737h HB5Ufg80GYEQc9LjeAYXttJR+zV4dtp3gzdBPi1GqH6G3lb0ypCetK2wHkUYPDSI Aofo8DaR6/LntdIEuS64XY0dmi4LFhnNdqSr+9Hio6LchH176lDq9bIEO4lSOrLD GU+5JrG8vCyy4YGms2G19EVgLyx1xcgtiEsmu3DuO38BLQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGDDCCA/SgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCQVQx DTALBgNVBAgTBFdpZW4xDTALBgNVBAcTBFdpZW4xIzAhBgNVBAoTGmUtY29tbWVy Y2UgbW9uaXRvcmluZyBHbWJIMSowKAYDVQQLEyFHTE9CQUxUUlVTVCBDZXJ0aWZp Y2F0aW9uIFNlcnZpY2UxGTAXBgNVBAMTEEdMT0JBTFRSVVNUIDIwMTUwHhcNMTUw NjExMDAwMDAwWhcNNDAwNjEwMDAwMDAwWjCBlzELMAkGA1UEBhMCQVQxDTALBgNV BAgTBFdpZW4xDTALBgNVBAcTBFdpZW4xIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9u aXRvcmluZyBHbWJIMSowKAYDVQQLEyFHTE9CQUxUUlVTVCBDZXJ0aWZpY2F0aW9u IFNlcnZpY2UxGTAXBgNVBAMTEEdMT0JBTFRSVVNUIDIwMTUwggIgMA0GCSqGSIb3 DQEBAQUAA4ICDQAwggIIAoICAQDUppeo8vSQEUOttIJGQfEvkW9jos0NINy9DDiK ZUoKKzqodKl3oYuO8i+B94QYza3rYraSfeBB5U5UODeC78vg7c+7ysyjS/db/rh8 pwhty0PETCIUZuOdA7l3IatEayFHI8gg+irLkXYddWz4m+kPJulDL5ogBWgYx46Z hS1BB6ZkjljhjZWApE1f9QLYgXnb1effoiL9FKdnFuzZWEzKqd3qGo6pCGRPUSG2 cqJO/1BxvTtl5L1/UxGu3xA5e132R3AX90ORA3phJV8s/PiJETzsOVQWScQhmnHg eYt2HXY9B1m4B7GM3MfNTuH7rUNNP0DvIWIvMUROacdvIsurVEvowvoRaKzIbg7e bMUnlglRAk0Btle/MijVCUOW98SItflU/ho6arcstSRk+0p4csP82U/ITiO5KdgN oUhBkwJtvxKFm8bFYC3wkfyZ/SCUnnFjq9VJq5DshzmFf42FzAvo20s7DvzCdn1G 5zkmnt9V3x6E+UE2JmwCWSuO+7zpHyckYgRnhOE/2J0YTpagJe7KKANPAlHP9zU3 aaS01tbVHhlDJxYfR1HuSglMEVq2Wz1h6DsQvtZG5vQc/bhFvXz6dVrs4VIjDY4f hpdTkVybmyjWjuVuJ60gjKfBQamXN4ss6m4YBZf2zgNS8b15NJtAxyOSdPNv7aPp WfBVSwIBA6NjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD VR0OBBYEFMuw3T2MPN9iLCtmPJ486RVtcbTXMB8GA1UdIwQYMBaAFMuw3T2MPN9i LCtmPJ486RVtcbTXMA0GCSqGSIb3DQEBCwUAA4ICAQCifVUEZu4WFLyCgYclGTli 9P47H+HAcwBxynWp4nPxxQ1Bo12OwS3ZZVvZieLwjsWgfb3LzEZTH1/tILYCKtYT 8p19UUpAVXGtnux26kUgjqr6ekOacGd+E96Y6MuN3R+sNNKhte3+uOcWz/jRODCN NInSzn2B0h7/URhTNpPcCcsIFrgI11owkIoK+S+1z8TNVHIqxr0B51gLbgZAtAnO tI6zmumJkZSselTh++OELIOgT/7r6MH067Ym0zjELa2sRYA0bSE9XYU64nv+VLfd 6IVUy6TxqylQeNcktaMvnq8RZq4YuP1dKM9A11XgLOtSMWhDZgWXkrvF8SEs/RJk MZlDb4udS2D+FF5SsyOo4Zh67hTJoeLMP3YhYv1rDdm0SpXmblt6JMPTxtYfous3 a06j32Lr6w5KCL/rGIj7RxqtwlHD1Xz3HyuzyEpQDmlYIGIBSlvKY5YmIq726ZxA rGcDnZ1pFcLA+F2nJLEnPL8F4quiysmwLX6jwTEgRiFlkt3K3t+TG7xtL1+pFqRX hyxymlqCZ9FE4j0JCoGMHhD9xjRo7P93YXZ/Jvfb/BJGEqrA0fh5haICzIuqpK1s FMC9/GiuRH0i+QpFXewE5vrjpMXm+bIZw9mMqJN7OoppO1ITPB0zAk6WQJ+5lf2T FzPByQv2/b1pEPWtKfvj2g== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFgjCCA2qgAwIBAgILWku9WvtPilv6ZeUwDQYJKoZIhvcNAQELBQAwTTELMAkG A1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkw FwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMB4XDTIwMDIxMDAwMDAwMFoXDTQwMDYx MDAwMDAwMFowTTELMAkGA1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9u aXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMIICIjANBgkq hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAri5WrRsc7/aVj6B3GyvTY4+ETUWiD59b RatZe1E0+eyLinjF3WuvvcTfk0Uev5E4C64OFudBc/jbu9G4UeDLgztzOG53ig9Z YybNpyrOVPu44sB8R85gfD+yc/LAGbaKkoc1DZAoouQVBGM+uq/ufF7MpotQsjj3 QWPKzv9pj2gOlTblzLmMCcpL3TGQlsjMH/1WljTbjhzqLL6FLmPdqqmV0/0plRPw yJiT2S0WR5ARg6I6IqIoV6Lr/sCMKKCmfecqQjuCgGOlYx8ZzHyyZqjC0203b+J+ BlHZRYQfEs4kUmSFC0iAToexIiIwquuuvuAC4EDosEKAA1GqtH6qRNdDYfOiaxaJ SaSjpCuKAsR49GiKweR6NrFvG5Ybd0mN1MkGco/PU+PcF4UgStyYJ9ORJitHHmkH r96i5OTUawuzXnzUJIBHKWk7buis/UDr2O1xcSvy6Fgd60GXIsUf1DnQJ4+H4xj0 4KlGDfV0OoIu0G4skaMxXDtG6nsEEFZegB31pWXogvziB4xiRfUg3kZwhqG8k9Me dKZssCz3AwyIDMvUclOGvGBG85hqwvG/Q/lwIHfKN0F5VVJjjVsSn8VoxIidrPIw q7ejMZdnrY8XD2zHc+0klGvIg5rQmjdJBKuxFshsSUktq6HQjJLyQUp5ISXbY9e2 nKd+Qmn7OmMCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC AQYwHQYDVR0OBBYEFNwuH9FhN3nkq9XVsxJxaD1qaJwiMB8GA1UdIwQYMBaAFNwu H9FhN3nkq9XVsxJxaD1qaJwiMA0GCSqGSIb3DQEBCwUAA4ICAQCR8EICaEDuw2jA VC/f7GLDw56KoDEoqoOOpFaWEhCGVrqXctJUMHytGdUdaG/7FELYjQ7ztdGl4wJC XtzoRlgHNQIw4Lx0SsFDKv/bGtCwr2zD/cuz9X9tAy5ZVp0tLTWMstZDFyySCstd 6IwPS3BD0IL/qMy/pJTAvoe9iuOTe8aPmxadJ2W8esVCgmxcB9CpwYhgROmYhRZf +I/KARDOJcP5YBugxZfD0yyIMaK9MOzQ0MAS8cE54+X1+NZK3TTN+2/BT+MAi1bi kvcoskJ3ciNnxz8RFbLEAwW+uxF7Cr+obuf/WEPPm2eggAe2HcqtbepBEX4tdJP7 wry+UUTF72glJ4DjyKDUEuzZpTcdN3y0kcra1LGWge9oXHYQSa9+pTeAsRxSvTOB TI/53WXZFM2KJVj04sWDpQmQ1GwUY7VA3+vA/MRYfg0UFodUJ25W5HCEuGwyEn6C MUO+1918oa2u1qsgEu8KwxCMSZY13At1XrFP1U80DhEgB3VDRemjEdqso5nCtnkn 4rnvyOL2NSl6dPrFf4IFYqYK6miyeUcGbvJXqBUzxvd4Sj1Ce2t+/vdG6tHrju+I aFvowdlxfv1k7/9nR4hYJS8+hge9+6jlgqispdNpQ80xiEmEU5LAsTkbOYMBMMTy qfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICpTCCAiqgAwIBAgIUJkYZdzHhT28oNt45UYbm1JeIIsEwCgYIKoZIzj0EAwMw gYAxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHEwZBbmthcmExGTAXBgNVBAoTEEUtVHVn cmEgRUJHIEEuUy4xHTAbBgNVBAsTFEUtVHVncmEgVHJ1c3QgQ2VudGVyMSYwJAYD VQQDEx1FLVR1Z3JhIEdsb2JhbCBSb290IENBIEVDQyB2MzAeFw0yMDAzMTgwOTQ2 NThaFw00NTAzMTIwOTQ2NThaMIGAMQswCQYDVQQGEwJUUjEPMA0GA1UEBxMGQW5r YXJhMRkwFwYDVQQKExBFLVR1Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRFLVR1Z3Jh IFRydXN0IENlbnRlcjEmMCQGA1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBDQSBF Q0MgdjMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASOmCm/xxAeJ9urA8woLNheSBkQ KczLWYHMjLiSF4mDKpL2w6QdTGLVn9agRtwcvHbB40fQWxPa56WzZkjnIZpKT4YK fWzqTTKACrJ6CZtpS5iB4i7sAnCWH/31Rs7K3IKjYzBhMA8GA1UdEwEB/wQFMAMB Af8wHwYDVR0jBBgwFoAU/4Ixcj75xGZsrTie0bBRiKWQzPUwHQYDVR0OBBYEFP+C MXI++cRmbK04ntGwUYilkMz1MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNp ADBmAjEA5gVYaWHlLcoNy/EZCL3W/VGSGn5jVASQkZo1kTmZ+gepZpO6yGjUij/6 7W4WAie3AjEA3VoXK3YdZUKWpqxdinlW2Iob35reX8dQj7FbcQwm32pAAOwzkSFx vmjkI6TZraE3 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIF8zCCA9ugAwIBAgIUDU3FzRYilZYIfrgLfxUGNPt5EDQwDQYJKoZIhvcNAQEL BQAwgYAxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHEwZBbmthcmExGTAXBgNVBAoTEEUt VHVncmEgRUJHIEEuUy4xHTAbBgNVBAsTFEUtVHVncmEgVHJ1c3QgQ2VudGVyMSYw JAYDVQQDEx1FLVR1Z3JhIEdsb2JhbCBSb290IENBIFJTQSB2MzAeFw0yMDAzMTgw OTA3MTdaFw00NTAzMTIwOTA3MTdaMIGAMQswCQYDVQQGEwJUUjEPMA0GA1UEBxMG QW5rYXJhMRkwFwYDVQQKExBFLVR1Z3JhIEVCRyBBLlMuMR0wGwYDVQQLExRFLVR1 Z3JhIFRydXN0IENlbnRlcjEmMCQGA1UEAxMdRS1UdWdyYSBHbG9iYWwgUm9vdCBD QSBSU0EgdjMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCiZvCJt3J7 7gnJY9LTQ91ew6aEOErxjYG7FL1H6EAX8z3DeEVypi6Q3po61CBxyryfHUuXCscx uj7X/iWpKo429NEvx7epXTPcMHD4QGxLsqYxYdE0PD0xesevxKenhOGXpOhL9hd8 7jwH7eKKV9y2+/hDJVDqJ4GohryPUkqWOmAalrv9c/SF/YP9f4RtNGx/ardLAQO/ rWm31zLZ9Vdq6YaCPqVmMbMWPcLzJmAy01IesGykNz709a/r4d+ABs8qQedmCeFL l+d3vSFtKbZnwy1+7dZ5ZdHPOrbRsV5WYVB6Ws5OUDGAA5hH5+QYfERaxqSzO8bG wzrwbMOLyKSRBfP12baqBqG3q+Sx6iEUXIOk/P+2UNOMEiaZdnDpwA+mdPy70Bt4 znKS4iicvObpCdg604nmvi533wEKb5b25Y08TVJ2Glbhc34XrD2tbKNSEhhw5oBO M/J+JjKsBY04pOZ2PJ8QaQ5tndLBeSBrW88zjdGUdjXnXVXHt6woq0bM5zshtQoK 5EpZ3IE1S0SVEgpnpaH/WwAH0sDM+T/8nzPyAPiMbIedBi3x7+PmBvrFZhNb/FAH nnGGstpvdDDPk1Po3CLW3iAfYY2jLqN4MpBs3KwytQXk9TwzDdbgh3cXTJ2w2Amo DVf3RIXwyAS+XF1a4xeOVGNpf0l0ZAWMowIDAQABo2MwYTAPBgNVHRMBAf8EBTAD AQH/MB8GA1UdIwQYMBaAFLK0ruYt9ybVqnUtdkvAG1Mh0EjvMB0GA1UdDgQWBBSy tK7mLfcm1ap1LXZLwBtTIdBI7zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEL BQADggIBAImocn+M684uGMQQgC0QDP/7FM0E4BQ8Tpr7nym/Ip5XuYJzEmMmtcyQ 6dIqKe6cLcwsmb5FJ+Sxce3kOJUxQfJ9emN438o2Fi+CiJ+8EUdPdk3ILY7r3y18 Tjvarvbj2l0Upq7ohUSdBm6O++96SmotKygY/r+QLHUWnw/qln0F7psTpURs+APQ 3SPh/QMSEgj0GDSz4DcLdxEBSL9htLX4GdnLTeqjjO/98Aa1bZL0SmFQhO3sSdPk vmjmLuMxC1QLGpLWgti2omU8ZgT5Vdps+9u1FGZNlIM7zR6mK7L+d0CGq+ffCsn9 9t2HVhjYsCxVYJb6CH5SkPVLpi6HfMsg2wY+oF0Dd32iPBMbKaITVaA9FCKvb7jQ mhty3QUBjYZgv6Rn7rWlDdF/5horYmbDB7rnoEgcOMPpRfunf/ztAmgayncSd6YA VSgU7NbHEqIbZULpkejLPoeJVF3Zr52XnGnnCv8PWniLYypMfUeUP95L6VPQMPHF 9p5J3zugkaOj/s1YzOrfr28oO6Bpm4/srK4rVJ2bBLFHIK+WEj5jlB0E5y67hscM moi/dkfv97ALl2bSRM9gUgfh1SxKOidhd8rXj+eHDjD/DLsE4mHDosiXYY60MGo8 bcIHX0pzLz/5FooBZu+6kcpSV3uu1OYP3Qt6f4ueJiDPO++BcYNZ -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIE5zCCA8+gAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCQ0Ex EDAOBgNVBAgTB09udGFyaW8xEDAOBgNVBAcTB1Rvcm9udG8xHTAbBgNVBAoTFEVj aG93b3J4IENvcnBvcmF0aW9uMR8wHQYDVQQLExZDZXJ0aWZpY2F0aW9uIFNlcnZp Y2VzMRowGAYDVQQDExFFY2hvd29yeCBSb290IENBMjAeFw0wNTEwMDYxMDQ5MTNa Fw0zMDEwMDcxMDQ5MTNaMIGNMQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJp bzEQMA4GA1UEBxMHVG9yb250bzEdMBsGA1UEChMURWNob3dvcnggQ29ycG9yYXRp b24xHzAdBgNVBAsTFkNlcnRpZmljYXRpb24gU2VydmljZXMxGjAYBgNVBAMTEUVj aG93b3J4IFJvb3QgQ0EyMIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEA utU/5BkV15UBf+s+JQruKQxr77s3rjp/RpOtmhHILIiO5gsEWP8MMrfrVEiidjI6 Qh6ans0KAWc2Dw0/j4qKAQzOSyAZgjcdypNTBZ7muv212DA2Pu41rXqwMrlBrVi/ KTghfdLlNRu6JrC5y8HarrnRFSKF1Thbzz921kLDRoCi+FVs5eVuK5LvIfkhNAqA byrTgO3T9zfZgk8upmEkANPDL1+8y7dGPB/d6lk0I5mv8PESKX02TlvwgRSIiTHR k8++iOPLBWlGp7ZfqTEXkPUZhgrQQvxcrwCUo6mk8TqgxCDP5FgPoHFiPLef5szP ZLBJDWp7GLyE1PmkQI6WiwIBA6OCAVAwggFMMA8GA1UdEwEB/wQFMAMBAf8wCwYD VR0PBAQDAgEGMB0GA1UdDgQWBBQ74YEboKs/OyGC1eISrq5QqxSlEzCBugYDVR0j BIGyMIGvgBQ74YEboKs/OyGC1eISrq5QqxSlE6GBk6SBkDCBjTELMAkGA1UEBhMC Q0ExEDAOBgNVBAgTB09udGFyaW8xEDAOBgNVBAcTB1Rvcm9udG8xHTAbBgNVBAoT FEVjaG93b3J4IENvcnBvcmF0aW9uMR8wHQYDVQQLExZDZXJ0aWZpY2F0aW9uIFNl cnZpY2VzMRowGAYDVQQDExFFY2hvd29yeCBSb290IENBMoIBADBQBgNVHSAESTBH MEUGCysGAQQB+REKAQMBMDYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuZWNob3dv cnguY29tL2NhL3Jvb3QyL2Nwcy5wZGYwDQYJKoZIhvcNAQEFBQADggEBAG+nrPi/ 0RpfEzrj02C6JGPUar4nbjIhcY6N7DWNeqBoUulBSIH/PYGNHYx7/lnJefiixPGE 7TQ5xPgElxb9bK8zoAApO7U33OubqZ7M7DlHnFeCoOoIAZnG1kuwKwD5CXKB2a74 HzcqNnFW0IsBFCYqrVh/rQgJOzDA8POGbH0DeD0xjwBBooAolkKT+7ZItJF1Pb56 QpDL9G+16F7GkmnKlAIYT3QTS3yFGYChnJcd+6txUPhKi9sSOOmAIaKHnkH9Scz+ A2cSi4A3wUYXVatuVNHpRb2lygfH3SuCX9MU8Ure3zBlSU1LALtMqI4JmcQmQpIq zIzvO2jHyu9PQqo= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFUTCCAzmgAwIBAgIIAPtxJlitmeUwDQYJKoZIhvcNAQELBQAwNjEWMBQGA1UE AwwNQ0FFRElDT00gUm9vdDEPMA0GA1UECgwGRURJQ09NMQswCQYDVQQGEwJFUzAe Fw0xNDA1MjExMTA2MzVaFw0zNDA1MjExMDIwMDBaMDYxFjAUBgNVBAMMDUNBRURJ Q09NIFJvb3QxDzANBgNVBAoMBkVESUNPTTELMAkGA1UEBhMCRVMwggIiMA0GCSqG SIb3DQEBAQUAA4ICDwAwggIKAoICAQDbgMroSXTH0zgu8cUjYvw2jC8efjkL6Qb0 VZulmCmU7YZHMoPzxZJ6BdcpAj4Wwyh/NWQpenm7oeIeYRSN5wDQ3KJUZYrfablx R384OBZGp2kxETVM4Sp//21PlT3jXUhNGVMIWmsh1RIwaZeQry3B9X9BX0k2j024 HhqVX9oPb1wVNcQRvF+Fm72tO1Veu9/Ou69cmWDdH2kaSUgh+QkKz3Kn8PLe5XgZ vhLdzYd5Qc4vRdcLkRARBB4SnfI4A18Waa6gCtrA+eugDRgPeV6RneQfFJw0ExkC RLpRw+55smAUo6+8SC0oOGgBQ2TKDoaDYtCKGaYn8St7SykhW5rMaEIQyEtPDyOy iHzEXG4XcMV3r5XAJaQiCtN8+dhyyNAtvafo0i2LTKFuCvy0QDO7mmv8pOrJ/uA0 iEPMxrw/ddKlqa/6l7k+t85UoE3AXS7BKNhjVHK4rFr1OvsgYQY69KArOKvMgwxJ 1G4+bQ8+cy825vNPs8AA0UVJW4z2o5gdhH+ZCsPqCjzD0yR4SGf1GzsOHQ5DsQR1 waA5dov22QKlHeGeWwe7NldKIU35iWm0bA/Xr6AVJJnn+NdTlOwSv6Sl1+3ujjV3 d9ymfyBUktZj1nKeTSq2j3PzGaHEsB/mNKMLAD6XSSdhqqoEQTM4tVBRzDYV2x// vcpIg0inswIDAQABo2MwYTAdBgNVHQ4EFgQUFM0qWXhjq2EZ6Lg9oeBawHXn+csw DwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBQUzSpZeGOrYRnouD2h4FrAdef5 yzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAD0JGQC2kQJs7A73 4eJisL8zDf1VEvQImvcrLa73nEfYHwYBE7WO57KCCz2EWUPUB9grXBB6JCzKjejV ozmcMczr4Drh1b/Px4d7YP9HOdejRNYIJlvPWlTsiNOOD3k8yKNPpsKOJ/DeEq5e Ga3nIlaKWDLg+QbQqSq0NZsMhiZRAJRHUPylxCVh+VjwRXAuSXZ/EdZvtfkpBeEN w05YH68d7DfQSvkGBoHT26CWuA6RMHnmUN+IuAupXNQH9MmozH2Pk2MJZAAFKmhm Q7uiu/6VrvnEpQqIYkh4JXwqPxFkptMiIEedMtby48ikYXTngsJEuqDRXV+88UQO g08cUIXE6eds/Oa4VeGiGoC3kESnhCKXRyLeqzg3z7XyHD5CcLt1tmUoa8t/gjWq 9vMgeChzB5YwcKUqcVyheaQWuUY9XrQASYWJ0w7fga5YjVjW4cVEeC4cILuiR5e/ dhQ7qSiPnwt10qE87SvHjpCheqKZMGL8hR01czvztVkiG80IsQyddWrbhTsOh58y T5IAAQFMSWiCgEFs+f1xvYv0eApgo56xUh3AiuOexb8rGWqYp7HeFVCfqpQlj6mA gqdyuklkCSdhK268IygzXZ5u8Lm9IDKM3aALmbu0hAQkdSmW96elF7hRBet0rVF5 lvy7+98JLQiSRM7A0rMYxxQivyHx -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICKzCCAbGgAwIBAgIKe3G2gla4EnycqDAKBggqhkjOPQQDAzBaMQswCQYDVQQG EwJVUzETMBEGA1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMx IDAeBgNVBAMTF2VtU2lnbiBFQ0MgUm9vdCBDQSAtIEMzMB4XDTE4MDIxODE4MzAw MFoXDTQzMDIxODE4MzAwMFowWjELMAkGA1UEBhMCVVMxEzARBgNVBAsTCmVtU2ln biBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMSAwHgYDVQQDExdlbVNpZ24gRUND IFJvb3QgQ0EgLSBDMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABP2lYa57JhAd6bci MK4G9IGzsUJxlTm801Ljr6/58pc1kjZGDoeVjbk5Wum739D+yAdBPLtVb4Ojavti sIGJAnB9SMVK4+kiVCJNk7tCDK93nCOmfddhEc5lx/h//vXyqaNCMEAwHQYDVR0O BBYEFPtaSNCAIEDyqOkAB2kZd6fmw/TPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB Af8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMQC02C8Cif22TGK6Q04ThHK1rt0c 3ta13FaPWEBaLd4gTCKDypOofu4SQMfWh0/434UCMBwUZOR8loMRnLDRWmFLpg9J 0wD8ofzkpf9/rdcw0Md3f76BB1UwUCAU9Vc4CqgxUQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQswCQYDVQQG EwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNo bm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0g RzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBrMQswCQYDVQQGEwJJ TjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9s b2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMw djAQBgcqhkjOPQIBBgUrgQQAIgNiAAQjpQy4LRL1KPOxst3iAhKAnjlfSU2fySU0 WXTsuwYc58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyzdc6LBtCGI79G1Y4PPwT01xyS fvalY8L1X44uT6EYGQIrMgqCZH0Wk9GjQjBAMB0GA1UdDgQWBBR8XQKEE9TMipuB zhccLikenEhjQjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggq hkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+DCBeQyh+KTOgNG3qxrdWB CUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7jHvrZQnD +JbNR6iC8hZVdyR+EhCVBCyj -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDczCCAlugAwIBAgILAK7PALrEzzL4Q7IwDQYJKoZIhvcNAQELBQAwVjELMAkG A1UEBhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEg SW5jMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEMxMB4XDTE4MDIxODE4MzAw MFoXDTQzMDIxODE4MzAwMFowVjELMAkGA1UEBhMCVVMxEzARBgNVBAsTCmVtU2ln biBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQDExNlbVNpZ24gUm9v dCBDQSAtIEMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+upufGZ BczYKCFK83M0UYRWEPWgTywS4/oTmifQz/l5GnRfHXk5/Fv4cI7gklL35CX5VIPZ HdPIWoU/Xse2B+4+wM6ar6xWQio5JXDWv7V7Nq2s9nPczdcdioOl+yuQFTdrHCZH 3DspVpNqs8FqOp099cGXOFgFixwR4+S0uF2FHYP+eF8LRWgYSKVGczQ7/g/IdrvH GPMF0Ybzhe3nudkyrVWIzqa2kbBPrH4VI5b2P/AgNBbeCsbEBEV5f6f9vtKppa+c xSMq9zwhbL2vj07FOrLzNBL834AaSaTUqZX3noleoomslMuoaJuvimUnzYnu3Yy1 aylwQ6BpC+S5DwIDAQABo0IwQDAdBgNVHQ4EFgQU/qHgcB4qAzlSWkK+XJGFehiq TbUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL BQADggEBAMJKVvoVIXsoounlHfv4LcQ5lkFMOycsxGwYFYDGrK9HWS8mC+M2sO87 /kOXSTKZEhVb3xEp/6tT+LvBeA+snFOvV71ojD1pM/CjoCNjO2RnIkSt1XHLVip4 kqNPEjE2NuLe/gDEo2APJ62gsIq1NnpSob0n9CAnYuhNlCQT5AoE6TyrLshDCUrG YQTlSTR+08TI9Q/Aqum6VF7zYytPT1DU/rl7mYw9wC68AivTxEDkigcxHpvOJpkT +xHqmiIMERnHXhuBUDDIlhJu58tBf5E7oke3VIAb3ADMmpDqw8NQBmIMMMAVSKeo WXzhriKi4gp6D/piq1JM4fHfyr6DDUI= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFcjCCA1qgAwIBAgIKLwq3aw3LSq8nWDANBgkqhkiG9w0BAQwFADBWMQswCQYD VQQGEwJVUzETMBEGA1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJ bmMxHDAaBgNVBAMTE2VtU2lnbiBSb290IENBIC0gQzIwHhcNMTgwMjE4MTgzMDAw WhcNNDMwMjE4MTgzMDAwWjBWMQswCQYDVQQGEwJVUzETMBEGA1UECxMKZW1TaWdu IFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMxHDAaBgNVBAMTE2VtU2lnbiBSb290 IENBIC0gQzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCMfX1lA+Tb mh9YInmRgOW97IVx4LUJf2DRZfs837Jrml+py64aVnYgWO4t6C78fgjfS7jX+c4T inIzEquWcI+zi0fd4Sc8NDf7JONp27VWX0qwUYqzLDRCt+s7zpLcfx1ky0zVIJj6 L06uPyK3kIr9+YAsrVj+39utm6e2MBQsRNstSI3fCQYAGvoQTQ8fULauTqNWaYAk NYFe6HUHHQPp2u1Ua00odMXiD5oRFxLcDnGAcE1I/9E9mLCdkggXijYUmico7+Xw ZeFoPhva6eIJ5p03Lt3Du5W3EcHR0cJmmY1pyeA36JaXKWRNM9IRjYMVNCcp4jhB 2tIYiZ+LVk8bwQ9/1c23txmv3u97taZlV22NF4ttS1qq3J+MOp0oGULBzpKfRx0q GVqbPukQNGAjOLIN8KDNQNzbR1iAl2d8H+MSoicBo4Aid8TjLWcNv48oCWL53ZrF BMTDjaIA6frG1t4IpbnHadA7qCJJe2qpJN6n2eQKAUn6UiQDHPsSqNBlcUhQ4Y/0 Y0mU5rghm2OB9rXQS1Fb1JRCfJMNnJIm5AUB2+2RWzq5Tgz7SbSho8NsZk0UbQnF xciqQ9uoVTAsK14Sk9oG8Q3zfsM08cdPoRb0WlIZklR6mKD7L8nH/zfGu8PIJv94 GGB9RZ9U4A69r3ePmy8MvrzfNxHKtH6svwIDAQABo0IwQDAdBgNVHQ4EFgQUs/eK pNYPiABZ6FEXT9V+7IYigZ0wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB Af8wDQYJKoZIhvcNAQEMBQADggIBADQlpiWM0cv2nZ0H5jVsBq0x2q62Q0LwqATs CFvyub7gxNCytRuoA8stmPOEu/lg8Igxj4FIjoyhIrWUVxyiLU7No4P+WjEUOwUT xIpkEOtvGUQ9fiOlcGHtIZDNBlZq7WpktXAxeV55RPPsor26p2FNAMRFfZQh0sLX hKgk8iulSSggqx8ezgPye63FaiYEi4c/dzRj3HOCnsZiwZZU02df5YpNFjxSwZvE 41cjGpsrpWMfQFI2s53RbeXp47lSAxYE4NzjBFMe+EwFuEveBCJBEAH5rvYu3pi2 orsJ424TqWEQV1tCsCkQz+Yq/Okal7yHAkKDeOXcP7oN4A+TdXc2pdqxuVCnBO0R mWz2JpGSSeJjiTk/OPwRsPNWtwG/KXL04o2ta3jiPpJuICVtWDAc9R3auBEgJl5r ShRmBdszG0LmzsHuZPCFSYC15RBDCOBsa8bDRJ8pBFU2Wi/CVXCACEuavgoveA4F a5bt38o0PWxsBP+MpocCdVtDMqzQhxy9IohKuXWAGresoIvKDg3xFk6rBOrjfVwJ elwi/xAisojHPJVQv9W1zVIoHp+EQg/4MQC21NbIX2RoioB+V3hK439b/w7deU8x 2M8cl1OG0nPfbnARl5GPM7vJgi470jto4SeMg6HMAW3Egb56tQcNLwI9U8mZnNvR gUMrkAgL -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDlDCCAnygAwIBAgIKMfXkYgxsWO3W2DANBgkqhkiG9w0BAQsFADBnMQswCQYD VQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBU ZWNobm9sb2dpZXMgTGltaXRlZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBH MTAeFw0xODAyMTgxODMwMDBaFw00MzAyMTgxODMwMDBaMGcxCzAJBgNVBAYTAklO MRMwEQYDVQQLEwplbVNpZ24gUEtJMSUwIwYDVQQKExxlTXVkaHJhIFRlY2hub2xv Z2llcyBMaW1pdGVkMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEcxMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0u76WaK7p1b1TST0Bsew+eeuGQz f2N4aLTNLnF115sgxk0pvLZoYIr3IZpWNVrzdr3YzZr/k1ZLpVkGoZM0Kd0WNHVO 8oG0x5ZOrRkVUkr+PHB1cM2vK6sVmjM8qrOLqs1D/fXqcP/tzxE7lM5OMhbTI0Aq d7OvPAEsbO2ZLIvZTmmYsvePQbAyeGHWDV/D+qJAkh1cF+ZwPjXnorfCYuKrpDhM tTk1b+oDafo6VGiFbdbyL0NVHpENDtjVaqSW0RM8LHhQ6DqS0hdW5TUaQBw+jSzt Od9C4INBdN+jzcKGYEho42kLVACL5HZpIQ15TjQIXhTCzLG3rdd8cIrHhQIDAQAB o0IwQDAdBgNVHQ4EFgQU++8Nhp6w492pufEhF38+/PB3KxowDgYDVR0PAQH/BAQD AgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFn/8oz1h31x PaOfG1vR2vjTnGs2vZupYeveFix0PZ7mddrXuqe8QhfnPZHr5X3dPpzxz5KsbEjM wiI/aTvFthUvozXGaCocV685743QNcMYDHsAVhzNixl03r4PEuDQqqE/AjSxcM6d GNYIAwlG7mDgfrbESQRRfXBgvKqy/3lyeqYdPV8q+Mri/Tm3R7nrft8EI6/6nAYH 6ftjk4BAtcZsCjEozgyfz7MjNYBBjWzEN3uBL4ChQEKF6dk4jeihU80Bv2noWgby RQuQ+q7hv53yrlc8pa6yVvSLZUDp/TGBLPQ5Cdjua6e0ph0VpZj3AYHYhX3zUVxx iN66zB+Afko= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFlTCCA32gAwIBAgILAIZNvw/jXtd9jtgwDQYJKoZIhvcNAQEMBQAwZzELMAkG A1UEBhMCSU4xEzARBgNVBAsTCmVtU2lnbiBQS0kxJTAjBgNVBAoTHGVNdWRocmEg VGVjaG5vbG9naWVzIExpbWl0ZWQxHDAaBgNVBAMTE2VtU2lnbiBSb290IENBIC0g RzIwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBnMQswCQYDVQQGEwJJ TjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9s b2dpZXMgTGltaXRlZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBHMjCCAiIw DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMNwGIWW2kHfHK+sXTNwxF07K+IV ySTuyFM2r1v002wUfcdT+zs5OM5QbMYFFnedXQI6gCFLsjKrcaej48Zt37OyEb3i aPs7CsP4kAyTwzKH9aZe6gXYHrJq40/ZVMNcQVI2PcIp40B/SAN2gUZ+ZaUtIOvV jEx26/ebNaXRIsthlkOG/caB+QRwDw1tl7338Zlv0M2oTBUy4B3e7dGP5pgXH71M jqHPCoNo+xv9f0NTBT+hUDa8h8wUtcGQq9CDeJTpjWcD2bP2AMdVG6oVpMAUeUzo cCyglvtFdUMjggxBbw4qhau1HXPG8Ot9hwL7ZMi8tkTzrvUIxxb8G9LF/7kKeCE7 tGZaVzDTnXuifl3msR4ErHsQ4P7lVu2AIjIAhrAXoedDidb7pMcf7TABdrYUT1Jo G/AiK+J9jO6GTjeADD4LMDSBZhHMuBK/PJ/g0kGBt+/C1L+/HURzQhJkMlRnM6Rv XoCtfKopSlns5trZmTi971Wjbn88QXP61lGpBCUPwCjs7rpOYvSUJtI+lcbF+37q kIqOXYkVT3cupDSpw+H89kFtj5GKY+Xny4LxY+3IvDIRiyd6ky1DPj713DI0yqve EpsIr3A0PdwuyUI7CS1jg0NnGFT6Xxyr0xB+VDt83FJYW8v16k2pbaQ4kVxA3aXd X9dZYyVR1S59KM75AgMBAAGjQjBAMB0GA1UdDgQWBBTt7E1FYRgo57MjKBEcTaUn DV7s9DAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B AQwFAAOCAgEACFC/ilQg8KTCVBxFJW/sazomkS0kNYbEIZg4B3obqwsJ7SX98z8Z gfzBpz0nYClwwJjWbFN1R2zY8pCEot6/dgmA8Vbq0GxhwPM5YN/SZquNyRIxO3cU dlAcwf+vSezdVCf9wOzvSAF3q0a5ljvbdbNJNpfScQVp7UUd5sBsZk8jXO1KQ/go /Vf/GDPnrIFmxpAIGE3sgnO8lAv9FzUaAeuv7HWe47xN9J7+bQzF93yHuIXACPTL pQHhg2zMv5C7BAbuDHfbj1Cu294Z832yhSfBcziWGskOvl3es2EcHytbS9c9P+0z Mpka7zGC1FHrvLb/FoduH86TeZt0QjZ6pcplNzoaxDnDvzTJ6CC2Eny+qH/APFCu VUv5/wjwF+HPm8Pup2ARj9cEp92+0qcerfHacNq5hMeGZdbA/dzdUR/5z5zXdxAk nl8mcfGb0eMNSTXQmmB/i4AecNnr72uYjzlaXUGYN7Nrb6XouG0pnh0/BBtWWp0U ShIPpWEAqs7RJBj6+1ZUYXZ4ObrCw962DxhN2p19Hxw9LtuUUcLqqTPrFXYvwO4t ouj7KJnAkaTUfXGdEaFVtFig1EA30WzJY2X1vAQ7hVnniCjgaXAGqjsU6sklNM9n xDx5rFCCCEtj9Kh8UHjGK2QqgP5kwgttjOApQMaCoezMfK4KD7WpOXU= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFjzCCA3egAwIBAgIUQmFyPpsAoifTvVhx4tW0BGh0c6UwDQYJKoZIhvcNAQEM BQAwTzELMAkGA1UEBhMCQ0ExFDASBgNVBAoTC0FmZmlybVRydXN0MSowKAYDVQQD EyFBZmZpcm1UcnVzdCA0SyBUTFMgUm9vdCBDQSAtIDIwMjIwHhcNMjIxMjEzMTcw NTQ4WhcNNDcxMjA3MTcwNTQ4WjBPMQswCQYDVQQGEwJDQTEUMBIGA1UEChMLQWZm aXJtVHJ1c3QxKjAoBgNVBAMTIUFmZmlybVRydXN0IDRLIFRMUyBSb290IENBIC0g MjAyMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOCeLM4PqNjYSyri dShM9TdSj5Q8hkmSRrFWIC10lu1yv+O3km8DCboSqLvnyXl5iBFK27Kg4DCikpK7 LRliIkep3sm9MqRVKh5ZuvCcSZWiLUyftdhV1A8juQAR0r9OHE46Axi5/afbY5+i Nb1v8ejYeXq+OXWyROb/Esdy0j/3+fmeDVGebROt20mW4pwqN3FXBCcctQ+q9Giu On3XPTQDcCDSVdgPzIxop8H/ucn+Cwwl7BzUK0yPPlKMVlUPFXBVK3SXjVLEgmDd dnh5aqeNqDLR3Jvg+U4xIZVOL4V0KzblhxB8ru71xf5M8dLifm/X6IHVm7j/WAiC kVPduhR4aV2MwWqvu5W4eUxdOKkso8Nwa3+PBSNReH/5ebxnmsqsOFI4DHKKCKfF DxEX8iXlQGBXGPyqAlTqRIP2qooeDqKDCjNbfjZhWe1jlCyvjaK2+LTaHfxFIjnd MK3+G2FRaFvvl+sA/t2bHdIDMW5xu7n8VI+k1KZ5gzP9+svtx6LkEW21hIK99xLg 5d2UEDqMedvCT+v5z3AipoYN9zYe4uIUxIce7SrBUW2SEQV/u/DjDStNcmMmtsHt 5mL5qv3l/eW4c8CbyzuMA8hwUj8YRQPbDhKWTWQhtBdbucw/RB0+QcA0WQJ06O5X S5ho6JHuRE8opDVg5VEObnJ4LUDLAgMBAAGjYzBhMB0GA1UdDgQWBBQHh1r0B2hx 2WYb4mR4gDeAXN73JzAfBgNVHSMEGDAWgBQHh1r0B2hx2WYb4mR4gDeAXN73JzAP BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQwFAAOC AgEABrYlrvaurvCSPs08J2ebbvltUXf613l+kJRAFlMW3ccj9zfE5X+USAxb2Oaf eQ9ZLVaEotsRjEk9WGxYVXLmhGigrtt4khnfBSQoSyrnnh81s75TqkFGV1BxrTwK /g5r6r58GbVUm9gYLJ8k/6tM5sSxv1SRY4wYL9Un8z/kU/WOtsbMrqgoBHfsXagS P3gfFoVX9WcUZQtrust/GZKfF++uYmPSmLpzT3OSmpo/rhJfHMSJYBaDNjEUSIaZ qToC56YxH/nMXEK7ed9nEWvqvFgd8VfhpEuwXWCBMxNZYwBEKigjDSM1HHSNV4tU DUAPYgl3PHqjLWa4qdrNfY0yQQhtvfRru1thvmlst6Agvw0D2S9cUMWd0STx5ZW+ gNTzFU7df4pUiTNajQctHD3+bvaZJqakpzZ3F0HoboNdzy941ABltC1QX4moUS2C LQadi5cOEBF6bdKnDsvnyFEkEa5XvA59rCbsZqwKyIjvbqW9X1JUsaTtJfX1LN/4 RqtgQL9w7e23FrYR7Xzp3r+Wsoc8a6TbgkMTVMVoI+7pAipL2d+1oTKSwXkOGabU /k1uZRGPF90l0+wFd6dQ1fk9W5ytfGgNPjWuZkWtfgUj3ns+5cY3HPTTvlqpf3z/ YOoUsNnrqTdgrGZ2pO400feKvIELAixC8DnyChD6JstTbuE= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1 yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/ nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp 6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48 x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ +jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5 HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7 70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S 5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2 KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B 8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc 0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8 GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e KeC2uAloGRwYQw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D 0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9 ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4 4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9 KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi 94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP 9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/ eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m 0vdXcDazv/wor3ElhVsT/h5/WrQ8 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3 MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH 4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+ bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er fF6adulZkMV8gzURZVE= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFkTCCA3mgAwIBAgIUckKdj0Df5G2vvgbrtTMZTOkNbHYwDQYJKoZIhvcNAQEM BQAwUDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKTAnBgNV BAMTIEVudHJ1c3QgNEsgRVYgVExTIFJvb3QgQ0EgLSAyMDIyMB4XDTIyMTIxMzE2 MzUwOFoXDTQ3MTIwNzE2MzUwOFowUDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu dHJ1c3QsIEluYy4xKTAnBgNVBAMTIEVudHJ1c3QgNEsgRVYgVExTIFJvb3QgQ0Eg LSAyMDIyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArc84NpDxCzCd VWHdIr3YMRuSZOjlHjbIhhYduA1yBUTpcKLPzbiGD8zvZDTUPuCmYsIqB8ZGz++e OJg4u12+GlAHOeuZ/H3UgVjhqgytZeQfCn8GEHiFf4ehjzlwOp5ds3qxTrQ9+crk FJBP523qh+KJp2HmitRZviWpKcQyJMOSLvp0MRL9wVaU2bJWOAarzi8+DJeqeXHq UW1XJvknd54OqmhAl51vVfUf3FzdfyNPymZda3MRH2FQCpv6BBtpvea0iuQiV5BT vGkA6qP0R1yEv9tG1dXnUkmrsedlYHk3nt8JWfTZ+bW0zuNemgVp0KB5LI35Qz+t TTDZ13b6iPwbU7e/d5FmETyqBPb/sOKyN9AWsuPbz3IRXp778P3i5JRkd/h1VnPW f0sEsaMf42EnVo1D2yV5zMzXYtpcx3BkO790KIW2sLQiRhXe4scI4PUWW1QkE/aW +wl7+n5zPpdSHEZcGg+btLLhkFwvFHA0WW64qjIQ6AUi5uW52/DNYZxjb0wkhwWW mndPoVGIAXuUFSY4HBCqWqTAgupAqUEsTq1icMd8afOLdjNxN72VC3035TwOuHkm 3+6AUzDnl3Us/YOAMmg/UNjjRFaW9IC6jocIxhq8NbonG9U9+rhAPk5kigmENuDV mh76yxzntIJT3OEPdTaDTblB4+ccbb8CAwEAAaNjMGEwHQYDVR0OBBYEFAvdkNWP uz9cvWCgVRokgoY8QTBBMB8GA1UdIwQYMBaAFAvdkNWPuz9cvWCgVRokgoY8QTBB MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBDAUA A4ICAQASHc2/PgL+x8PLaDspC7iWQcpjEj0yBWPXbr/H9ngo9seQvBUZ6F9cJKrs CdmvQXc3xa9LxCGsU0WfX/SSTT533yPbupMwBuh7oTHnlwb5PqrVmc3PcdI/qVWb 98tl7S+yYKmzXFTIPJLjkQh+utiYOVpDtzTJaanXUbunQ1S/NurEAWbpD7L+wUKt 8l4LRU8QIKLmIWeoh2LqWUchr67wQ+vTKoVOTgzeoFxmwfjTn+z+dQfHwaj2EypP 0hD1u9hncWQ9morQO/ttzEQO5J6LNGg9aGAvQDlrD6L345Ttez7qtLqcEg7Zd87T 12+MwXxmGX8ifcVw1hzPtooI+E4D3PNscB6hfpHCOJXVRVMGh5EGSsa0Qi8fyt3a dNFseMRlL/d+1aL03WZUlq4VwWXzX+rcWjBCjjzmK4aNkTCsceJh04Zkp5DdU5R6 SZK142V26qpU26w7VB/15vwzsjDjr/nvnrRBr4gcNB4UCQXoSYhc17Xwe0rrGT/s 88h2z/T/I9k8Ibl1tqcJg1YrEsNVOzjtBnodw+hDQeOFOJuK5WIJxvQcaPS4E0nz IsEv/zMlfk47b0642z7SkeHnlOiu11d47f+e4OpoRffyU28r5ID/6H8jIoqzCWq7 QXyBqhZ/ovkRW9k5iHw7gSiK1jFa98PmVOQlE3VpNpd4MbUA2Q== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFizCCA3OgAwIBAgIUVyYoNqp1GgAMFroozIa1kP3yJbowDQYJKoZIhvcNAQEM BQAwTTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xJjAkBgNV BAMTHUVudHJ1c3QgNEsgVExTIFJvb3QgQ0EgLSAyMDIyMB4XDTIyMTIxMzE2MjY0 N1oXDTQ3MTIwNzE2MjY0N1owTTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1 c3QsIEluYy4xJjAkBgNVBAMTHUVudHJ1c3QgNEsgVExTIFJvb3QgQ0EgLSAyMDIy MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAx07VPjyi4DucCseR4zmE 7kyTXatVpDNNl0W99Anbps0z6HPBH3N56RVbpO6wBKPlJdHInr8vdEPvhcSS27Iw OlFdBC30PENpQfm4s3mG80rWHI4cV2rDEfBWdhB+tMIDpKGGAeAs2Pws4M0Sl8lU Ts6zHkntqU1U0vqHgb2ZNI7gqDkaERmzs/U98xV0k3LlMYPiDiMSSEyfaDRX5q0c /eGczYoEr1b2KnRu5XdA5+PHa1lDpVqxyFRfGJC0FYSe/EO18Yt1LeaRgzu0f39k n21QZD/Md+AeumkBmGS9BZY9yzZYoD7q4ExFrpI5HGSWUWVRMjRfbK+ZeZ2CuTjG tlSQVLxdNc/eZ9+srdn+XxlucdNh3QdA7k8AOIS5AXVKuxh4ri7pKAIl91CTTU4o 0+4G/65AnK0dt7riZVMHw0bomgwSu0mXgeMKSBVEr/vwRJh3Sk4CvK3nvbRWQjWE LN/B6V9GWRLTlPVqDOPXa1rM55WF7mGi7FrhJX/1bM3KbIIQIsPQ1ydpkn+ywsr4 kyXUROwzeKvt86oXgq7hsC8fPPsAb1pTrv0IJnnzzSdrBaMN7vNrbeEEZZ7wjZQU Ilu0DBq30/fHe/YAqScbyVkY2hyrmz4ivwDQ7MsbQcTB+ZJAa4WzHK6r86kevyh0 TJPsDdjUi2hAixW4CElkd4MCAwEAAaNjMGEwHQYDVR0OBBYEFJRA6lr/70ljAZ4J 3+A7gDNzEiBWMB8GA1UdIwQYMBaAFJRA6lr/70ljAZ4J3+A7gDNzEiBWMA8GA1Ud EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBDAUAA4ICAQA7 HrvPaB+UVKwLZsovz+Cq3oOWaQYK6rkyPs8fpFlqpZjTXi9gbv6VDm/6JRK+nNGM raTTPrgWjZHABYismegl0IoavH9neKFFp3tQSDWBHmYTWRmFZAR3XmBOXkZ0XFHR 4kviB66781J6SdhwSYNbYCdpr8J3YiMxlnyiWouuIGCx8XUk6rF+WJodRa3B6TMt hGB7dVpNffNNHB9QTkBmGz7X9CRmeUUVcT/c9+dWT8cX8t3s1Ms9WAzuSsqbiVkc /BhRrXM02woIC2NSAJ17BkaGgKdrW6odP96LsX/c/aKFcT+mEA+T+BGDJQJqeSXi UoYCIobw0s/m9oBEdEAI97cG80MJ45wtUtPQB01ZaPhhuLLtDcQnWpAiDXL6vphx tujly4ntWTMwL+ymaGNZP6bVzK/TDJ+ffn/xCbCoKN9im/Dej8UdvPjxLG52x8k+ Fna0buBS9f9huvyY+3HwBvplCgRZvOIBHejMycjogtH6A6tqeUqcShksUbsmVE+l FnMEA93cvPcpaY80HXR4K8+Ff5F2vlZb3P4v93u2mpBSYMJi3loSUWLSh7SrhaC0 6fPjF984xjazvxzIEsyZxawK5nyeJGYsDxgx61Q4b4Brv/XIOrkDN1Fu/CKEEYE6 ozlMaFgDrKHwnGDQUajax12/7YB4mpRX35SYgzG+yg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFojCCA4qgAwIBAgIUf/Go+fQ66IduLcb/XkM9su4wpkMwDQYJKoZIhvcNAQEN BQAwaTELMAkGA1UEBhMCVVMxFjAUBgNVBAoMDUVudHJ1c3QsIEluYy4xQjBABgNV BAMMOUVudHJ1c3QgQ29kZSBTaWduaW5nIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRo b3JpdHkgLSBDU0JSMTAeFw0yMTA1MDcxMzI2MzZaFw00MDEyMzAxMzI2MzZaMGkx CzAJBgNVBAYTAlVTMRYwFAYDVQQKDA1FbnRydXN0LCBJbmMuMUIwQAYDVQQDDDlF bnRydXN0IENvZGUgU2lnbmluZyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 IC0gQ1NCUjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCngY/3FEW2 YkPy2K7TJV5IT1G/xX2fUBw10dZ+YSqUGW0nRqSmGl33VFFqgCLGqGZ1TVSDyV5o G6v2W2Swra0gvVTvRmttAudFrnX2joq5Mi6LuHccUk15iF+lOhjJUCyXJy2/2gB9 Y3/vMuxGh2Pbmp/DWiE2e/mb1cqgbnIs/OHxnnBNCFYVb5Cr+0i6udfBgniFZS5/ tcnA4hS3NxFBBuKK4Kj25X62eAUBw2DtTwdBLgoTSeOQm3/dvfqsv2RR0VybtPVc 51z/O5uloBrXfQmywrf/bhy8yH3m6Sv8crMU6UpVEoScRCV1HfYq8E+lID1oJeth l3wP5bY9867DwRG8G47M4EcwXkIAhnHjWKwGymUfe5SmS1dnDH5erXhnW1XjXuvH 2OxMbobL89z4n4eqclgSD32m+PhCOTs8LOQyTUmM4OEAwjignPqEPkHcblauxhpb 9GdoBQHNG7+uh7ydU/Yu6LZr5JnexU+HWKjSZR7IH9Vybu5ZHFc7CXKd18q3kMbN e0WSkUIDTH0/yvKquMIOhvMQn0YupGaGaFpoGHApOBGAYGuKQ6NzbOOzazf/5p1n AZKG3y9I0ftQYNVc/iHTAUJj/u9wtBfAj6ju08FLXxLq/f0uDodEYOOp9MIYo+P9 zgyEIg3zp3jak/PbOM+5LzPG/wc8Xr5F0wIDAQABo0IwQDAdBgNVHQ4EFgQUgrrW PZfOn89x6JI3r/2ztWk1V88wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC AYYwDQYJKoZIhvcNAQENBQADggIBABLvOKGI4aGj1mXcR5zzvNzPrEuMPBq+K/T3 0GcXaIZNcKjyzdAxAld9qQyKO1c5nvBu9yQiBWfRwZbBvtHw+FZnC96614ibjddr CHb1WJHZtcNAUxqk8YXNPwBOP06TO3i50gdSZAyGaW3oVGVWF+gAU4SK89v7s84L VWKPzUxJBjh/UsPzHNc99zPKMq3Bqa9v6xHL7qxRv7AmmnpOI7RK9mm0QmnWoI22 jEdKOyA3t0EH7y8g2GYcaZeobDB8d0Nea74mmIMPOtbHcCoWRi0lVIZjZVdC9yNB 6VBqB0POTrXpH2jY2NYJSqjosvyQZ5LkkCbzR/rWIPuJgOJEczn3ioYzC/iqqedN 7Nxv1c8xTauOH5BA1nxcgg+uF1Jx6aznTTjtKth2eYetF6NMq7dCV78GrOXQTTDp VU/jRcrz4GohNI3HnxyjY0iS0pYHvqVHPsIqmTinjtohfFFt3Ms9B+mpvUnUXTVf W4wEUeqaWJC6G69oeLEWD5QpO4+bKo/JIPBxQkxcTasxjKvpfyZoaaClFg2BxNEF DMOHZuUHY6obTv+yB0FPpSJGUKxmAIdSbDyyO5yXoUa0W97PwmpZVQeMo6TRdzVn RgQv2Ti5Rq+6jhtyJgIvdlTvg8IvLHdwzHcQkqoDrcrM4E/pg0blszwZb3p5h7Y4 mr1CzqRi -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFpjCCA46gAwIBAgIUbHPJNrGF5QuATVvOwp+D0hpRwaMwDQYJKoZIhvcNAQEN BQAwazELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xRDBCBgNV BAMTO0VudHJ1c3QgRGlnaXRhbCBTaWduaW5nIFJvb3QgQ2VydGlmaWNhdGlvbiBB dXRob3JpdHkgLSBEU1IxMB4XDTIxMTExMjE4Mjg0N1oXDTQwMTIzMDE4Mjg0N1ow azELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xRDBCBgNVBAMT O0VudHJ1c3QgRGlnaXRhbCBTaWduaW5nIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRo b3JpdHkgLSBEU1IxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqS2C 6cK4I00zul2xjk6mWjsefTLMd9VRNwOxHEqwrNe39xjzzum6Fi64AUqED5EsHVzt KqeoDlWjwzyjIvTxgIaCLBsDDKFdkXIg9buMl3ENopcTgz5Sbta4/0GxSCzgeb9L fMLsDMdbOEZYwP6wcmJCSmWLJ/lEbO0HZVFktUoEilsUxHq9ErSUjFEAg9C0Phh7 ihJ1YM3XyM0Cr3XT3CtNx2PAy6Ticoxp2S2JA9botrxQ+ebLVnNjz/yTwYGG6Tqv +QdNRoLmVwPye8X8NNGc5j13PeNeWwXXxZIWIX9mnMyugAcyonNX5MQ+hsp/72UH rbbQbtEzaZI0SBHx5Ee3o65S2QymhHuIWBWKQRaDbu/nhdqRtzLyaybx1enpkl1w i4hqz7v1xEcpMu3FS1AlfoexFRSh0NoWGlj10EIkDO8IdDpTH5PghV6qYeVeg7i+ 2Zrb1vcMHQ5JRWbT6WDAEb1KMN0vuaZdWOkvP7EsRJlKxPtktOq3NcNwvmkhd3Bw 8IC0HbX8eT5v8mHlDHGlpvbSQH82j8EUW7ZD8aMvcB1X+ReNv6bTRloBF54kPxjS XcV9ruHPQ/oRWPaKXYUXrciJy/uE7naIAHHqxUrqdy38g6NSiQL4S+qUE4eOfU+U Kojit2ezLVkfifk5px4roxgQ7ha03SMC5sftT0cCAwEAAaNCMEAwHQYDVR0OBBYE FKZlQYHyW4cFat39ilROj5h73CO4MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ BAQDAgGGMA0GCSqGSIb3DQEBDQUAA4ICAQCi6KUmCrRRytbVPFjX33uEW1Ny8j5R xqpvLZ2H1/j9sAhmYdRYNSzJsedQCcFWoqFHBS7Oba+mk7vZPuZToldy27TqT/u2 x81nvzjcjGijtWkidwwnCqLyj3EeieMJnOjceMoZ/7NSg9GM5Hz49C511DBXKY1O gl+x4RgHMnM39GbAngPPlFDiM76sOP2NxEIlSja/judxsWm2Eh/tOHBnVJu+g6kw Md7Oum1nG5RkUaHcUbUnJ5mlFsTUHAC0c85ky8CwX8uLoZ9Zk39ZLJYMpMtIhi5P qCEaJkvxmDD9EXLlohH58EfV8s98aAQy3GOtkugHapntfbMHjSmPNPUDZo+RYq2s OudOMnsm5FTkW83BDIgPeoLnxBZZHOVy4Yh6gdhpey0cuU5xD++mToxOKAv16LVT WQv0Oifp/L+p7dbvsmndApaLGW4MnHSnn+9YIJav8WOo/zvKah0U4//xdaHWPQp8 6Fv4hSWv67uF22v0leAA6fyhN86br750PIv7UR2kBZOfCnF8Fli7fAIzBOK20QTK sEn9loiN7TPb5cHvtvLTRX9Dvr82zadlqpFiHzd/7Uvv7nMXbi8LgNW1asp98aib 0wGLtsZCwk7heIOOyen6mlJ9TQJsQZsN6QC9SFMjQ4DRRwSQ6ZxkSl1EwOIeFYBf oTM3VxKKcl+Yqg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICRjCCAcygAwIBAgIUCXVY9aFsFod7vQZP/Zzkg7pLBAswCgYIKoZIzj0EAwMw UjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKzApBgNVBAMT IkVudHJ1c3QgUDM4NCBFViBUTFMgUm9vdCBDQSAtIDIwMjIwHhcNMjIxMjEzMTY0 NjQ0WhcNNDcxMjA3MTY0NjQ0WjBSMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50 cnVzdCwgSW5jLjErMCkGA1UEAxMiRW50cnVzdCBQMzg0IEVWIFRMUyBSb290IENB IC0gMjAyMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABDA9Lap5JlZp7HjWrYPDvRrj 7lG7IDRi/7Dm/aj9tx2tPuQsgsEOf3ULhf6dAkLDh8gGRpHAwE28iGj6Y+oN6nb7 8Jvmnd9Gxw7pN5CAafrfUvYaPBqQjf8hPy8EiqrGVaNjMGEwHQYDVR0OBBYEFBNy EK6CWA/BOJu8tqZMBcqOhGi/MB8GA1UdIwQYMBaAFBNyEK6CWA/BOJu8tqZMBcqO hGi/MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMD A2gAMGUCMFBbaVZlN+Q99H3Zs4klYVAd/Md0EI6fYNeMw1KqS8H981y4QzzR+ASu J/wEgnX+zgIxAK7PZGOtz/atCBAejuAZBM9cqggIYRC5586czKu1PNH0wr1XQaRS zkEW4ECJhGxh6g== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICQTCCAcagAwIBAgIURT7vMtrtkGghjVvqDoPRZQQuDzEwCgYIKoZIzj0EAwMw TzELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAMT H0VudHJ1c3QgUDM4NCBUTFMgUm9vdCBDQSAtIDIwMjIwHhcNMjIxMjEzMTY0MTQ1 WhcNNDcxMjA3MTY0MTQ1WjBPMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVz dCwgSW5jLjEoMCYGA1UEAxMfRW50cnVzdCBQMzg0IFRMUyBSb290IENBIC0gMjAy MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABDkri9Z3clU+t6bxa+o2LnppKss+lWQ7 waujCQyHrcItGEO+j3YdUNMA3zlbImk+xMvZnxwthWrXb3x7fXFEMTr5zIAfp/Fh 3wzbRl0bxoBL9W0fnNvRErQcAhnjQ2dM1aNjMGEwHQYDVR0OBBYEFMQugHxfcJIE hkyeUssrZ8UHaoKTMB8GA1UdIwQYMBaAFMQugHxfcJIEhkyeUssrZ8UHaoKTMA8G A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2kAMGYC MQCi9moZl1pdGX5UTMsmI0vq+/vaQHKVap7BU2U6osQUxvIQETOaB1NjM5Uhaiaz 1OMCMQCeqIGt2dhSVyCgs/B6u02d4EoFNSVMdU1StuuW6iKgWTa8ECd4/QP72RW5 iFqu/zU= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3 d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq RW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy MTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD VQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0 L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g Zm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVlrVgwDQYJKoZIhvcNAQELBQAw gb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg MjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAw BgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0 MB4XDTE1MDUyNzExMTExNloXDTM3MTIyNzExNDExNlowgb4xCzAJBgNVBAYTAlVT MRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1 c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJ bmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3Qg Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0MIICIjANBgkqhkiG9w0B AQEFAAOCAg8AMIICCgKCAgEAsewsQu7i0TD/pZJH4i3DumSXbcr3DbVZwbPLqGgZ 2K+EbTBwXX7zLtJTmeH+H17ZSK9dE43b/2MzTdMAArzE+NEGCJR5WIoV3imz/f3E T+iq4qA7ec2/a0My3dl0ELn39GjUu9CH1apLiipvKgS1sqbHoHrmSKvS0VnM1n4j 5pds8ELl3FFLFUHtSUrJ3hCX1nbB76W1NhSXNdh4IjVS70O92yfbYVaCNNzLiGAM C1rlLAHGVK/XqsEQe9IFWrhAnoanw5CGAlZSCXqc0ieCU0plUmr1POeo8pyvi73T DtTUXm6Hnmo9RR3RXRv06QqsYJn7ibT/mCzPfB3pAqoEmh643IhuJbNsZvc8kPNX wbMv9W3y+8qh+CmdRouzavbmZwe+LGcKKh9asj5XxNMhIWNlUpEbsZmOeX7m640A 2Vqq6nPopIICR5b+W45UYaPrL0swsIsjdXJ8ITzI9vF01Bx7owVV7rtNOzK+mndm nqxpkCIHH2E6lr7lmk/MBTwoWdPBDFSoWWG9yHJM6Nyfh3+9nEg2XpWjDrk4JFX8 dWbrAuMINClKxuMrLzOg2qOGpRKX/YAr2hRC45K9PvJdXmd0LhyIRyk0X+IyqJwl N4y6mACXi0mWHv0liqzc2thddG5msP9E36EYxr5ILzeUePiVSj9/E15dWf10hkNj c0kCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD VR0OBBYEFJ84xFYjwznooHFs6FRM5Og6sb9nMA0GCSqGSIb3DQEBCwUAA4ICAQAS 5UKme4sPDORGpbZgQIeMJX6tuGguW8ZAdjwD+MlZ9POrYs4QjbRaZIxowLByQzTS Gwv2LFPSypBLhmb8qoMi9IsabyZIrHZ3CL/FmFz0Jomee8O5ZDIBf9PD3Vht7LGr hFV0d4QEJ1JrhkzO3bll/9bGXp+aEJlLdWr+aumXIOTkdnrG0CSqkM0gkLpHZPt/ B7NTeLUKYvJzQ85BK4FqLoUWlFPUa19yIqtRLULVAJyZv967lDtX/Zr1hstWO1uI AeV8KEsD+UmDfLJ/fOPtjqF/YFOOVZ1QNBIPt5d7bIdKROf1beyAN/BYGW5KaHbw H5Lk6rWS02FREAutp9lfx1/cH6NcjKF+m7ee01ZvZl4HliDtC3T7Zk6LERXpgUl+ b7DUUH8i119lAg2m9IUe2K4GS0qn0jFmwvjO5QimpAKWRGhXxNUzzxkvFMSUHHuk 2fCfDrGA4tGeEWSpiBE6doLlYsKA2KSD7ZPvfC+QsDJMlhVoSFLUmQjAJOgc47Ol IQ6SwJAfzyBfyjs4x7dtOvPmRLgOMWuIjnDrnBdSqEGULoe256YSxXXfW8AKbnuk 5F6G+TaU33fD6Q3AOfF5u0aOq0NZJ7cguyPpVkAh7DE9ZapD8j3fcEThuk0mEDuY n/PIjhs4ViFqUZPTkcpG2om3PVODLAgfi49T3f+sHw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFiTCCA3GgAwIBAgIUfaI/zvu+iEnDUPKlEem5a7cfjYAwDQYJKoZIhvcNAQEM BQAwTDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xJTAjBgNV BAMTHEVudHJ1c3QgU01JTUUgUm9vdCBDQSAtIDIwMjIwHhcNMjIxMjEzMTcwMDQ2 WhcNNDcxMjA3MTcwMDQ2WjBMMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVz dCwgSW5jLjElMCMGA1UEAxMcRW50cnVzdCBTTUlNRSBSb290IENBIC0gMjAyMjCC AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM2D4vnaANmo82UZVKaRFzsY fwf+W0E0hsCCeznqbGFRcftFF/qYBoIVW+AFj2E+foihER9NCXNnBgyh4/ROZSlC lLxNqWRAMYILtQf4lLXZqyBGSNtNO61Epp6EiW5SecRlftWv11H7X9KMQn5bhI1A TxA0R0tk+ImDHElLMWfw9K3rIESmWKzHcK5l1Zac8l9A/3dDtwhPUNc5zP4obAAF fG92jK3sJmdFrQCbDg1WNwEJhQClJ8bX+reX29LcO9Bfonr7t89F/IJt1Kq0FX3t z6hGogPJgtp0a4yXlU0YZpMQZX6wzmeyZk/K5/6Z5qd/yqDCzLOvkPOYheMwD1mT KOEhsaHMl/T+X/WUFuwAtWAx8a81RGV1QkzfEiSqnjnr8QqG5O2U9HjDdwc/Yf28 ff+JDZbhcRfhttN9Z+ehL6e4gQVWpqkE3y24x3hkAqkZ6MoDfsDkLuzcoOtx1qlj 6XnHt84OupwIC4iIz4L4PQnTQnhOsuYmuS8w4kqIZ94nM8UssSdhTZ/E4qxVrKdm DOwgndXeKortWaMmwF2LaN8bBt0gD0cE7GgvE7nG8ac9erzhl8fDYtal+2DLeeOA kR0TmnLsndw4LmrYtZlNv3CvoYd1r4RzJMkwDjixjo9AEUwqIatDEBOwhhPRu2lo y+A1WiGyE/avPq0u4HYpAgMBAAGjYzBhMB0GA1UdDgQWBBSUyOhGjX9TFwMFRBgQ rGXgbqKVDTAfBgNVHSMEGDAWgBSUyOhGjX9TFwMFRBgQrGXgbqKVDTAPBgNVHRMB Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQwFAAOCAgEAyuXw sK80gqIaIop7JyOxL+SlnUG8tkc6AruSTVtz1gGCTBL0Wwmq11rmmyfUytuLRQOQ 2K4cxQBae5mZrcdWKFBIjhOYgFWk2KQ2pZLzHkS93retgwg02G4SW73/vZB2ldgJ GqgCENVS7MjUIWjjg1KUo9GCLeocWYnCPy+VCAROK+hMyTos9QRxhtPLUJR2VTmD yG/CpqvkzCvDPihxDEtMVa0WeN1rXWHYJ1ryfTumYAQ0eiFjf+s0aUEjLSNPiaeQ TQqmS0uTqzfMEdVUTdwZr7URXZSHHrYPbPzPQyn1AeHjBlst2u/wmY2flvdR0ASk 9/KMS+8C36Mccs9Kwm+FAR1MqSomT8rkmf4jghfEYb9Cc5gCr6xJY8eiQXcextNn VmkSPsTF7bdaiGT8OjVsR6dvYEQ/KnsLAd3keTRgAmW8pRJT9FpjdyS3KT8uLwTj qauERTIEjauaJpwULOIYWEXVoPWOGsMxXUJq0Rx11bG7XddkS/o35+dEmp3bIZpZ FxvV6srToLs8yu0ZjqElVJcFaRblhbFc82K7IUA/uyvEfSuPMH7oAwmL2JohqJcZ NDnmhWDIF5MY7BCdKiYJJTc8V6JPCK08wjpKBS5QNJML0ZtPAF1cWylfk1AzyqIR oH3opUSCSOZ94MMBEnS+EIlgrzpzTQjVOIIbIiM= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50 cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0 aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1 U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0 jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/ jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v 1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ 4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICMTCCAbagAwIBAgIMC3MoERh0MBzvbwiEMAoGCCqGSM49BAMDMEsxCzAJBgNV BAYTAkRFMQ0wCwYDVQQKDARBdG9zMS0wKwYDVQQDDCRBdG9zIFRydXN0ZWRSb290 IFJvb3QgQ0EgRUNDIEcyIDIwMjAwHhcNMjAxMjE1MDgzOTEwWhcNNDAxMjEwMDgz OTA5WjBLMQswCQYDVQQGEwJERTENMAsGA1UECgwEQXRvczEtMCsGA1UEAwwkQXRv cyBUcnVzdGVkUm9vdCBSb290IENBIEVDQyBHMiAyMDIwMHYwEAYHKoZIzj0CAQYF K4EEACIDYgAEyFyAyk7CKB9XvzjmYSP80KlblhYWwwxeFaWQCf84KLR6HgrWUyrB u5BAdDfpgeiNL2gBNXxSLtj0WLMRHFvZhxiTkS3sndpsnm2ESPzCiQXrmBMCAWxT Hg5JY1hHsa/Co2MwYTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFFsfxHFs shufvlwfjP2ztvuzDgmHMB0GA1UdDgQWBBRbH8RxbLIbn75cH4z9s7b7sw4JhzAO BgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMDaQAwZgIxAOzgmf3d5FTByx/oPijX FVlKgspTMOzrNqW5yM6TR1bIYabhbZJTlY/241VT8N165wIxALCH1RuzYPyRjYDK ohtRSzhUy6oee9flRJUWLzxEeC4luuqQ5OxS7lfsA4TzXtsWDQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICFTCCAZugAwIBAgIQPZg7pmY9kGP3fiZXOATvADAKBggqhkjOPQQDAzBMMS4w LAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgRUNDIFRMUyAyMDIxMQ0w CwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTI2MjNaFw00MTA0 MTcwOTI2MjJaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBDQSBF Q0MgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMHYwEAYHKoZI zj0CAQYFK4EEACIDYgAEloZYKDcKZ9Cg3iQZGeHkBQcfl+3oZIK59sRxUM6KDP/X tXa7oWyTbIOiaG6l2b4siJVBzV3dscqDY4PMwL502eCdpO5KTlbgmClBk1IQ1SQ4 AjJn8ZQSb+/Xxd4u/RmAo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR2 KCXWfeBmmnoJsmo7jjPXNtNPojAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMD aAAwZQIwW5kp85wxtolrbNa9d+F851F+uDrNozZffPc8dz7kUK2o59JZDCaOMDtu CCrCp1rIAjEAmeMM56PDr9NJLkaCI2ZdyQAUEv049OGYa3cpetskz2VAv9LcjBHo 9H1/IISpQuQo -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFfzCCA2egAwIBAgIMR7opRlU+FpKXsKtAMA0GCSqGSIb3DQEBDAUAMEsxCzAJ BgNVBAYTAkRFMQ0wCwYDVQQKDARBdG9zMS0wKwYDVQQDDCRBdG9zIFRydXN0ZWRS b290IFJvb3QgQ0EgUlNBIEcyIDIwMjAwHhcNMjAxMjE1MDg0MTIzWhcNNDAxMjEw MDg0MTIyWjBLMQswCQYDVQQGEwJERTENMAsGA1UECgwEQXRvczEtMCsGA1UEAwwk QXRvcyBUcnVzdGVkUm9vdCBSb290IENBIFJTQSBHMiAyMDIwMIICIjANBgkqhkiG 9w0BAQEFAAOCAg8AMIICCgKCAgEAljGFSqoPMv554UOHnPsjt45/DVS9x2KTd+Qc NQR2owOLIu7EhN2lk25uso4JA+tRFjEXqmkVGA5ndCNe6pp9tTk+PYKpa+H+qRyw rVpNTHiDQYvP8h1impgEnGPpq2X+SB0kZQdHPrmRLumdm38aNak0sLflcDPvSnJR tge/YD8qn51U3/PXlElRA1pAqWjdEVlc+HamvFBSEO2s7JXg1INrSdoKT5mD3jKD SINnlbJ+54GFPc2C98oC7W2IXQiNuDW/KmkwmbtL0UHbRaCTmVGBkDYIqoq26I+z y+7lRg1ydfVJbOGify+87YSmN+7ewk85Tvae8MnRmzCdSW3h2v8SEIzW5Zl7BbZ9 sAnHpPiyHDmVOTP0Nc4lYnuwXyDzy234bFIUZESP08ipdgflr3GZLS0EJUh2r8Pn zEPyB7xKJCQ33fpulAlvTF4BtP5U7COWpV7dhv/pRirx6NzspT2vb6oOD7R1+j4I uSZFT2aGTLwZuOHVNe6ChMjTqxLnzXMzYnf0F8u9NHYqBc6V5Xh5S56wjfk8WDiR 6l6HOMC3Qv2qTIcjrQQgsX52Qtq7tha6V8iOE/p11QhMrziRqu+P+p9JLlR8Clax evrETi/Uo/oWitCV5Zem/8P8fA5HWPN/B3sS3Fc/LeOhTVtSTDOHmagJe2x+DvLP VkKe6wUCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBQgJfMH /adv8ZbukRBpzJrvfchoeDAdBgNVHQ4EFgQUICXzB/2nb/GW7pEQacya733IaHgw DgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBDAUAA4ICAQAkK06Y8h0X7dl2JrYw M+hpRaFRS1LYejowtuQS6r+fTOAEpPY1xv6hMPdThZKtVAVXX5LlKt42J557E0fJ anWv/PM35wz1PQFztWlR+L1Z0boL+Lq6ZCdDs3yDlYrnnhOW129KlkFJiw4grRbG 96aHW4gSiYuJyhLSVq8iASFG6auYP6eI3uTLKpp1Gfo5XgkF1wMyGrgXUQjHAEB9 9L74DFn0aXZu06RYW14mc+RCVQZeeEAP0zif7yZRcHSR8XdiAejZy+uh3zkyHbtr /XH+68+l5hT9AIATxpoASLCZBemugEj7CT9RFLW552BNTcovgSHuUgxletz1iUlM MJI0WIAyWbEN/yRhD+cKQtB7vPiOJ0c/cJ0n2bYGPaW7y16Prg5Tx5xqbztMD6NA cKiaB87UblsHotLiVLa9bzNyY61RmOGPdvFqBzgl/vZizl/bY8Jume8G3LneGRro VD190nZ12V4+MkinjPKecgz4uFi4FyOlFId1WHoAgQciOWpMlKC1otunLMGw8aOb wEz3bXDqMZ/xrn0+cyjZod/6k/CbsPDizSUgde/ifTIFyZt27su9MR75lJhLJFhW SMDeBky9pjRd7RZhY3P7GeL6W9iXddRtnmA5XpSLAizrmc5gKm4bjKdLvP025pgf ZfJ/8eOPTIBGNli2oWXLzhxEdQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFZDCCA0ygAwIBAgIQU9XP5hmTC/srBRLYwiqipDANBgkqhkiG9w0BAQwFADBM MS4wLAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgUlNBIFRMUyAyMDIx MQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTIxMTBaFw00 MTA0MTcwOTIxMDlaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBD QSBSU0EgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMIICIjAN BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtoAOxHm9BYx9sKOdTSJNy/BBl01Z 4NH+VoyX8te9j2y3I49f1cTYQcvyAh5x5en2XssIKl4w8i1mx4QbZFc4nXUtVsYv Ye+W/CBGvevUez8/fEc4BKkbqlLfEzfTFRVOvV98r61jx3ncCHvVoOX3W3WsgFWZ kmGbzSoXfduP9LVq6hdKZChmFSlsAvFr1bqjM9xaZ6cF4r9lthawEO3NUDPJcFDs GY6wx/J0W2tExn2WuZgIWWbeKQGb9Cpt0xU6kGpn8bRrZtkh68rZYnxGEFzedUln nkL5/nWpo63/dgpnQOPF943HhZpZnmKaau1Fh5hnstVKPNe0OwANwI8f4UDErmwh 3El+fsqyjW22v5MvoVw+j8rtgI5Y4dtXz4U2OLJxpAmMkokIiEjxQGMYsluMWuPD 0xeqqxmjLBvk1cbiZnrXghmmOxYsL3GHX0WelXOTwkKBIROW1527k2gV+p2kHYzy geBYBr3JtuP2iV2J+axEoctr+hbxx1A9JNr3w+SH1VbxT5Aw+kUJWdo0zuATHAR8 ANSbhqRAvNncTFd+rrcztl524WWLZt+NyteYr842mIycg5kDcPOvdO3GDjbnvezB c6eUWsuSZIKmAMFwoW4sKeFYV+xafJlrJaSQOoD0IJ2azsct+bJLKZWD6TWNp0lI pw9MGZHQ9b8Q4HECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU dEmZ0f+0emhFdcN+tNzMzjkz2ggwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB DAUAA4ICAQAjQ1MkYlxt/T7Cz1UAbMVWiLkO3TriJQ2VSpfKgInuKs1l+NsW4AmS 4BjHeJi78+xCUvuppILXTdiK/ORO/auQxDh1MoSf/7OwKwIzNsAQkG8dnK/haZPs o0UvFJ/1TCplQ3IM98P4lYsU84UgYt1UU90s3BiVaU+DR3BAM1h3Egyi61IxHkzJ qM7F78PRreBrAwA0JrRUITWXAdxfG/F851X6LWh3e9NpzNMOa7pNdkTWwhWaJuyw xfW70Xp0wmzNxbVe9kzmWy2B27O3Opee7c9GslA9hGCZcbUztVdF5kJHdWoOsAgM rr3e97sPWD2PAzHoPYJQyi9eDF20l74gNAf0xBLh7tew2VktafcxBPTy+av5EzH4 AXcOPUIjJsyacmdRIXrMPIWo6iFqO9taPKU0nprALN+AnCng33eU0aKAQv9qTFsR 0PXNor6uzFFcw9VUewyu1rkGd4Di7wcaaMxZUa1+XGdrudviB0JbuAEFWDlN5LuY o7Ey7Nmj1m+UI/87tyll5gfp77YZ6ufCOB0yiJA8EytuzO+rdwY0d4RPcuSBhPm5 dDTedk+SKlOxJTnbPP/lPqYO5Wue/9vsL3SD3460s6neFE3/MaNFcyT6lSnMEpcE oji2jbDwN/zIIX8/syQbPYtuzE2wFg2WHYMfRsCbvUOZ58SWLs5fyQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFcDCCA1igAwIBAgINAJgzyagAAAAAVlS8bjANBgkqhkiG9w0BAQsFADBDMQsw CQYDVQQGEwJIUjEdMBsGA1UEChMURmluYW5jaWpza2EgYWdlbmNpamExFTATBgNV BAMTDEZpbmEgUm9vdCBDQTAeFw0xNTExMjQxOTA3MzBaFw0zNTExMjQxOTM3MzBa MEMxCzAJBgNVBAYTAkhSMR0wGwYDVQQKExRGaW5hbmNpanNrYSBhZ2VuY2lqYTEV MBMGA1UEAxMMRmluYSBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC CgKCAgEAtHPS1mXTAu9YOvSCgtOn4Ipgsjr1sWU4pyQOIWt96aCdM6J0za6RupS1 zMaAtXHfSHHKdUunv/8m64T+uXIWyMJ+htS/r+5jNbnA5NoFT7hIniIo/1UFI2uB TrMXESwqJR/k4d9hyDzyVmnQVX2WELKoe1aQW6ZeU4tB48eHxzG9NDnsGSHZgMTo DdvaAwwA9Kq1ggYlDMXZGmKd/QpJBfwcvpNG/M6Jkf/NzF9IX9w40HVv0i2rzCIS eIgSH+DVTne8LIlNdnqIm10H2rNnmNE5znpGq8/2fVclE/qExANwrwx2DNJAJHxZ 33c3WVCxJUZOQh0IIglyVcRC6m9vZVnUTuA9o6twfOYJMFV2Yonzb9IKprNuGT2W hnpmlM3yzHrwBwizaa4b/xxxGKJE+dvWDYQQgXRJYWLXEPABpkXAtdBS9FGGPeL3 Fila+kqeJ0uORvFyPqf1pAzgCxeaIv/5fqs1jgGE1XWTf+Z1qHpk3mI6AkcaoCPE TD/Q3E4z52y7+vYYECs0MF/HM1CZAumxWUZVZaa6pIMYi83h8coY4tkg5reEhx8L VnxNMVQm8plWyKZZ1oUz8pDMKFrIbKTLpkdGxJpVOYRkjXfnCj3D0BL3dqjMHLMf WIU6xDaN7JrsDuccyZ9P+9B6BwzGBbCrjbpyXU4j2W8MXPimctECAwEAAaNjMGEw DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU/hGi bBDu3uIDuFWCTiI8huQ+a1QwHQYDVR0OBBYEFP4RomwQ7t7iA7hVgk4iPIbkPmtU MA0GCSqGSIb3DQEBCwUAA4ICAQCkgIYu56adjf+CV2Ny5xpg36uyubIBEmc4QOZA fFi8zEhxWwGXnHkcHnHSO6PY6KLiGAGlRajj9O+ru4p4/MeIffIFYJrbcMN41av4 LTOMa6L2yQPAijxm3Z3o7qdOJQ8U3/gPFi4eF6dYyNkF05iivGRCU/4kyXWqJu5u MjMIYaA2fcq7nbu1cV4GgWr/Z+6miD+2P9MXTM4EzrMLdTnRwOOcs5qiGVYoi5ak s58WSdyEICLt73JMXxCqHwkBO1XIxmyvp9Iunu2wzJFtZMPsGL46akuuAS4/ec00 HDiuuQ1hBHP3nik7p7aQOrgsIzTDuAwGUcI+IZmfPBSQyqkm9UDjIul9zgMX7P+8 0ZkuxGSPPyxZYCQ8sNvDlQiqAHWynQsgGbT3bqmjvWDwMw/iZr1H9giKkDV9RYZK yZ7Ez1/fcd7MyW45iE25Ss8DdAdZK+386+7V0tU5bXcN2NF/L353vmGYjSxScTCE vqDmsLAHCMW0dLeLsti62ADyGcf4oSIKZkSoFgh1XllESEU0NQhK8HslC6ZLUX93 zQ0zOKsAkWZMiMFOKtQ6wLSG3oSAylBvgPlNZYAJFXUtIlbltZEjne4l2BgwKHLb f8MxTo7YvkP6246aBZn999yUiad42J1r6f71JMe60ulED4NLXZ//JBif0dWE6CFJ t9sg5w== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB /wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io 2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV 09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICNDCCAbugAwIBAgIQdlP+urId2CfpaRai64G+WDAKBggqhkjOPQQDAzBcMQsw CQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEyMDAGA1UEAxMp R2xvYmFsU2lnbiBDbGllbnQgQXV0aGVudGljYXRpb24gUm9vdCBFNDUwHhcNMjAw MzE4MDAwMDAwWhcNNDUwMzE4MDAwMDAwWjBcMQswCQYDVQQGEwJCRTEZMBcGA1UE ChMQR2xvYmFsU2lnbiBudi1zYTEyMDAGA1UEAxMpR2xvYmFsU2lnbiBDbGllbnQg QXV0aGVudGljYXRpb24gUm9vdCBFNDUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATM zLQ6uxpN+J2RxHeB7RZ/AxF/uOlwhEiWQQmDYF30JJMqMh5eB/tHpIcqJNhXjFzZ qN8ReH+2RNXdr9UB2SY0X30xyMHu49a5/o+TAnCib2A7GXO1i3QKe51CF7wtPqej QjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS1 g9ZwBorGnYaCd9WpBWU2E/HGSDAKBggqhkjOPQQDAwNnADBkAjBmpdF/fTQJFg4O ++53h4FKndiAh6BkaMtftnRYrMuymOKSEoktHT2xVGj4kvGNTkoCMBRVMnt2ZnSR ayTUWpTi5WqA9np9zULzWHhjwekCe1TdHAEVncu/BBhVQCT6IvLZXg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFhDCCA2ygAwIBAgIQdlP+ufXH2+qLpHjUPj1r9jANBgkqhkiG9w0BAQwFADBc MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEyMDAGA1UE AxMpR2xvYmFsU2lnbiBDbGllbnQgQXV0aGVudGljYXRpb24gUm9vdCBSNDUwHhcN MjAwMzE4MDAwMDAwWhcNNDUwMzE4MDAwMDAwWjBcMQswCQYDVQQGEwJCRTEZMBcG A1UEChMQR2xvYmFsU2lnbiBudi1zYTEyMDAGA1UEAxMpR2xvYmFsU2lnbiBDbGll bnQgQXV0aGVudGljYXRpb24gUm9vdCBSNDUwggIiMA0GCSqGSIb3DQEBAQUAA4IC DwAwggIKAoICAQC+PrPi5LejQfhLmafaJmRr7a5Jg1F9bGDgnwvvOzrGtOhJO81t pD4a1cpj6oN3AOJavVZsfIHB8NvmWtGbfW0ilijsmuO6t122ET7kesa4Gs8FIeko N2X05Mmt5l0kL0iGPt9vFc4qsqVe3JUEkuV4JvjfXDXhv4ZTZZPLGJjj2ewyDcoK 8P9VeTgfXcyd7c4VtlifTlrgsdNJFBisCGDmz8N9Io5vJnlDcWbmR4+ENqZsAFJ2 tERfGu8ixAY2guMcVpo9UvdTBFEoINGzdC0tYjcpw2S45fqp9UCl/msU4f1zGZoh I7HnzIajHCRItWw8IX8XU+lkriUXLPa7RJ44Z+9Ju1ty0xXdNRMfVUajRkmagvXP fNHseYLOSCvdVvoZrSW4i7Zw14Kj5z2vbkGmPWDOeU9qxMkmOUS9Aa8dYXH29fE1 RiceAxngMXlscVHfw3ZlIpUe02tpvBBZGJFX4p9i6QuOtoeP4b+DzUpYshDd7uP8 DxwBYH72OGpccrl5Hd3XQ0cd7u3v/Mis+1Ihf4OGa7zu6XZ+VQt8nt5kREQUrqrn JSowNhrxJ0Pwrf6jRddHyYF2IlzOjv3qDkEjuPjE9s1ljMt2mjytaoHEUb6tlA2M F5EoASwechJUUUKk6ywPlFQsJTuTwzGGZIahbEjmvVBWzFCnashetvqFrwIDAQAB o0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU dYKqG7azjRmP/Kl5zD8CmvRPy9kwDQYJKoZIhvcNAQEMBQADggIBAAFMXi+4f3I1 vLUYMIB9N3yRb3r0PK0gVhu4qTP3/qhcVFg5VTwz0Hq5NPyNVg3uAaYnG3EvtZp3 RYcE2I9bA3IDOSQdD3iQxcb1+H/6kKkiGw1nxrZSUPSdqOmgxHV6k9qxpWrtDEfO oE6qcrTE5593kWX2awznDQdhCoevRhDV1ACrtbruRdFn5vd4n/l6wsennGwLXQ7F yz/6I9G7n+o1Asg3NUEfmt0cRLqASoDZTgmV0j6yMJI0nO2dID8TDec2vQpRDMNq V4rp2V2votwv1Za8xwjov6IV61QzYeVtzz31iZDiTY+cQL8Ug/KkNnol3njRCY2e hQevcgRUIV0n7eVCEcs61mOs79L7fWrKhIHjCjJbkMDEjZKsCEsK39dW3NtmjHJe PchOl6vLAaC2mLNXgDHvEU5AgmILem7K9SV7Wf/jvp/+/OpA6RogYKyGS6DBqUqx qtTyM/4TObvvrhf5NssQ+3e64ulbA4fxaNzHlhVZ8jhUB0//AtQ48HBooCemDmQR Kom2nr2CykmaRxG8u5h200NwxYhZ/M7nyxAhelShHb3N9+FOsxct6yTGx0pc2pgj i7Jl0l/HfPkqK6VeDVBy1a7c+0iLhWcyQIF+CvIJTXicyU1ozvrhsfzZQf7mCfEi ksRCXNTngVc4/6oai4r3z4f34t95em4E -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICIjCCAamgAwIBAgIQdlP+rhgmQ29p9RzCdxbyXjAKBggqhkjOPQQDAzBTMQsw CQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEpMCcGA1UEAxMg R2xvYmFsU2lnbiBDb2RlIFNpZ25pbmcgUm9vdCBFNDUwHhcNMjAwMzE4MDAwMDAw WhcNNDUwMzE4MDAwMDAwWjBTMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFs U2lnbiBudi1zYTEpMCcGA1UEAxMgR2xvYmFsU2lnbiBDb2RlIFNpZ25pbmcgUm9v dCBFNDUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAR2GW0DtfWEI6syai5h3YQlL+/o eSeJg8ODdfO2eGoIbaKtISoCkAbsmkCceoaRuViFyCiaLgv34nap37K9qcPpKRl5 CLJQ0MLFnQphDONdNwZKXP6EvcCAhPpLVSPg4j6jQjBAMA4GA1UdDwEB/wQEAwIB hjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSnn93TVM3b+Gy/JmwO5Ndbb4DM QjAKBggqhkjOPQQDAwNnADBkAjBsjFa2xTeuLZAreO2xHkYI0sNKKO94GQiOJDRG T4dxYV+pEUpvMqsc0VJ7qjrq5ZoCMFUrdy/O+D+baEra16hLRQ1+smv2bNqxFeK8 SBl3i1fBXRTXQQDMJlLQILgZT5bnmg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFcjCCA1qgAwIBAgIQdlP+rHVGSJP15ddKSDpO+DANBgkqhkiG9w0BAQwFADBT MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEpMCcGA1UE AxMgR2xvYmFsU2lnbiBDb2RlIFNpZ25pbmcgUm9vdCBSNDUwHhcNMjAwMzE4MDAw MDAwWhcNNDUwMzE4MDAwMDAwWjBTMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xv YmFsU2lnbiBudi1zYTEpMCcGA1UEAxMgR2xvYmFsU2lnbiBDb2RlIFNpZ25pbmcg Um9vdCBSNDUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2LcUw3Xro q5A9A3KwOkuZFmGy5f+lZx03HOV+7JODqoT1o0ObmEWKuGNXXZsAiAQl6fhokkuC 2EvJSgPzqH9qj4phJ72hRND99T8iwqNPkY2zBbIogpFd+1mIBQuXBsKY+CynMyTu UDpBzPCgsHsdTdKoWDiW6d/5G5G7ixAs0sdDHaIJdKGAr3vmMwoMWWuOvPSrWpd7 f65V+4TwgP6ETNfiur3EdaFvvWEQdESymAfidKv/aNxsJj7pH+XgBIetMNMMjQN8 VbgWcFwkeCAl62dniKu6TjSYa3AR3jjK1L6hwJzh3x4CAdg74WdDhLbP/HS3L4Sj v7oJNz1nbLFFXBlhq0GD9awd63cNRkdzzr+9lZXtnSuIEP76WOinV+Gzz6ha6Qcl mxLEnoByPZPcjJTfO0TmJoD80sMD8IwM0kXWLuePmJ7mBO5Cbmd+QhZxYucE+WDG ZKG2nIEhTivGbWiUhsaZdHNnMXqR8tSMeW58prt+Rm9NxYUSK8+aIkQIqIU3zgdh VwYXEiTAxDFzoZg1V0d+EDpF2S2kUZCYqaAHN8RlGqocaxZ396eX7D8ZMJlvMfvq QLLn0sT6ydDwUHZ0WfqNbRcyvvjpfgP054d1mtRKkSyFAxMCK0KA8olqNs/ITKDO nvjLja0Wp9Pe1ZsYp8aSOvGCY/EuDiRk3wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC AYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUHwC/RoAK/Hg5t6W0Q9lWULvO ljswDQYJKoZIhvcNAQEMBQADggIBAF4runSXNERfdkgoQIST7gFu6aGz1oAl5nvk vAmRPQ/8dq3X1DAgu49g0JHWHPKc73gaK5QyAsEkllJSAtDz0fzymzlumeEfjkNB fZoeW8ldmoT8JuaH83RyJq2kG9k9O2pSoDwJHi8ee7MztEXH96yxr5NgrXauuLIV eOuDauv/20arJOXuAvqQH1nAL13Wt12kXBC3clP4QU7M+ngaJUrK/oViQ2HDtDeq gdL01joPvY1ZfjBH3itr5yFQM1/UZ5vUuGefPCeZA/+FQ45zEsogzehh1bFm3BfW OW0P288jN6GCiU4caz/WoM2qB50+Qiaq1wzu+ke/GlJ+0XWB08mKYhdtT4igIaAm Pq9t2WIwH+mYKK5ujdWOTHJmk4CNKuNVx2BnkEJWXCJRD7PcTjnuTd3ZHXgQVDtu 0JdvA7UesiNzxhKymmTQ/JWFJKj/36Gw3JFArt8JM6u53ZK38cyRdDtp62eXG5C/ 58egb3G7V7+3j1rtekBqFs2AhC0v4QLUJJRDsxX8DCsb/XFv/Mu8dRc6XoPSybMv G9WcjX9U/n5+5Fajh6ed4VlSlEGPbVu+hpWa/xp23UDSUUpwtB8zYyN3P+wnHlnk CIftNIJKDz/+oB3B9WdzRYZ49Kop6SeHxhnbxhMUwzlJh02gl+BlE/Wdd1bp2rNY xzrywM2C -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICLDCCAbGgAwIBAgIQdlP+sK9LdZCiGuSi1fJ2tTAKBggqhkjOPQQDAzBXMQsw CQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEtMCsGA1UEAxMk R2xvYmFsU2lnbiBEb2N1bWVudCBTaWduaW5nIFJvb3QgRTQ1MB4XDTIwMDMxODAw MDAwMFoXDTQ1MDMxODAwMDAwMFowVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEds b2JhbFNpZ24gbnYtc2ExLTArBgNVBAMTJEdsb2JhbFNpZ24gRG9jdW1lbnQgU2ln bmluZyBSb290IEU0NTB2MBAGByqGSM49AgEGBSuBBAAiA2IABIblQ9C7AGVe1koK Y4WeRQ+GIzJQVUljapzO96/0fiD5gDJbbrDv8sekLPtqWZAGdrcXjA51RDqAfMjc Aj3yzqGes0tyy8aM/cLJqoyuM1zqeUvcachWpDwoQXB0jmoaSKNCMEAwDgYDVR0P AQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGGZArQQ/xA823ra bDpwJANg8eeOMAoGCCqGSM49BAMDA2kAMGYCMQCP9ck/sU7z99GdtLoPPQqXJxCT 8lB8IonajNTKqWMkJiqLY4JjVMc08NGeehgLp+oCMQCxNY9K8vsmBsHTDY9i0bDE oF3pk9ZhxOGhuVyo9fFnXqIpN8JLxmdy/oyQ+SSAd7c= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFejCCA2KgAwIBAgIQdlP+sEyg1XHyFLOOLH8XQTANBgkqhkiG9w0BAQwFADBX MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEtMCsGA1UE AxMkR2xvYmFsU2lnbiBEb2N1bWVudCBTaWduaW5nIFJvb3QgUjQ1MB4XDTIwMDMx ODAwMDAwMFoXDTQ1MDMxODAwMDAwMFowVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoT EEdsb2JhbFNpZ24gbnYtc2ExLTArBgNVBAMTJEdsb2JhbFNpZ24gRG9jdW1lbnQg U2lnbmluZyBSb290IFI0NTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB AKPQGKqmJaBoxSoYFVYt/dBLfaEecm4xsZ0STDc8LAzKutUukiBLkultAJxEbzgX 7xlg8skghJR6OwgNa0hl/NAeJPXU3NpHUphO342nitTllKh8siw4i+XSLZwAGTM3 irhsZWIblOjjm6R1ay2AGh0b5i+n7HHq6wQPsanAk1JhIC29UptoWDRLa0tbPm1y 1jjYlUGTTnn9T9W1/MiApVkIN+iyet62eQxB4PFg1i7y5KFN2BOrz45kW3zc5jEp Hg2Qtjjo0PY6TTDHePklFWfhz3/3k5B/3kD6aYt9oENfRfnCS5d/UWEuC2LOYNoN X3bMlJwd2IXs70V+vuoq0D8UjWkgfgxW/epp9KlEweatJ/9Ycah9LzufHn/ZcgXo kSSAGtQheY4uWvr5j7AQKDCNquDyk9s9cVGrs553LgaAN4oLTg+YejcboM1JpUEQ hMOfUG0vKI4u88+2x1SBbiychxEN7eP1hIsr/hSQu0ooVDRMZ/viKnN2JpFfx9o/ Np/aJy8nDcDHOf7b4/k2aYKAvfXB8aAz7od2H4gJft3oQbS+DxCkBuXt4Qh7JfdH B7wqJQ8xOpGoqhMzkK8Op2DWgn1nTTQW4We7eeuCMEa0APhZuw78sxCRRSPY8TFC BLFgZ6hjg7KsP5/3GBiETFGFZpoqHNLbKbmbG0Ma6jPtAgMBAAGjQjBAMA4GA1Ud DwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQHQVdLz+EcFlPV veuDbMyLKSGEvzANBgkqhkiG9w0BAQwFAAOCAgEAJJwyIaZykDsC3f64SqaO8Dew W/8uP7Enbtl+nvSPX36/u4OFcMSKj0ZdxgpRKQLIxqBD/cICE/I6IZLdRpXDdLg8 VyIBhGhns1Beem4spPSj9QsM+VoNR4VFGk+bTNGokfOJqj5JqvWEsRe0S+ZeaRT9 RBsK/yDOCP70ZXKtxSJc3PKljMXcHWzb95anN2oaMLxrWTDjDUjxuGS5F5XG5J+D prLujbvhniXMwFaoAQeRa6Qu6hPr2/FJb+U7OpYn/kRQ4Qw0qxgQwaZwieJSyB2/ YtY0guX+x5gAYRCAdyd8rF1yQrgiD3Ig9wpH0FUGVU/vZG2z/DrgoVZPZ8lFVMQT IfurtfoxGlsGaU463x4gvCB/sCt0MtaodrM6PgseIETeh6b3UgsLjxT4MQOq6hHJ 2ZVGwIS72OsrLwpQxDgjf2+zv8Mnt/VMhwFzSQflwIyt7MeBQo/bXWsO2yHystfX kieXNu3GS19zR7kMuA3cSUtFsr8xjuFVhCfpWBoxwg4m01/Ri70gXXHfl2Hd35XJ 4Msv20ScC3QKfRuKtE+MKJZM6CnLilxY8bg9bsLd2myyB6mr6NHR0niwPtPFaY13 54Rk+LFW8fsZ0Yhmbz0bZcglRTwfdDseHDjr8aMsUsG/6CH0Lo4yg58V6vQNo5RH Rn7JhIJYRobXTF+4bZk= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD QSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6SFkc 8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8ke hOvRnkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYI KoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg 515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnO xwy8p2Fp8fc74SrL+SvzZpA3 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp 1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE 38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK 6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH WD9f -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEg MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2Jh bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQx MjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjET MBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCAiIwDQYJ KoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQssgrRI xutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1k ZguSgMpE3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxD aNc9PIrFsmbVkJq3MQbFvuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJw LnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqMPKq0pPbzlUoSB239jLKJz9CgYXfIWHSw 1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+azayOeSsJDa38O+2HBNX k7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05OWgtH8wY2 SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/h bguyCLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4n WUx2OVvq+aWh2IMP0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpY rZxCRXluDocZXFSxZba/jJvcE+kNb7gu3GduyYsRtYQUigAZcIN5kZeR1Bonvzce MgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD AQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNVHSMEGDAWgBSu bAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGt Ixg93eFyRJa0lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr61 55wsTLxDKZmOMNOsIeDjHfrYBzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLj vUYAGm0CuiVdjaExUd1URhxN25mW7xocBFymFe944Hn+Xds+qkxV/ZoVqW/hpvvf cDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr3TsTjxKM4kEaSHpz oHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB10jZp nOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfs pA9MRf/TuTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+v JJUEeKgDu+6B5dpffItKoZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R 8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+tJDfLRVpOoERIyNiwmcUVhAn21klJwGW4 5hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYx CzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQD ExNHbG9iYWxTaWduIFJvb3QgRTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAw MDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2Ex HDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA IgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkBjtjq R+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGdd yXqBPCCjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud DgQWBBQxCpCPtsad0kRLgLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ 7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZkvLtoURMMA/cVi4RguYv/Uo7njLwcAjA8 +RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+CAezNIm8BZ/3Hobui3A= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUA MEYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYD VQQDExNHbG9iYWxTaWduIFJvb3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMy MDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYt c2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB AQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08EsCVeJ OaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQG vGIFAha/r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud 316HCkD7rRlr+/fKYIje2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo 0q3v84RLHIf8E6M6cqJaESvWJ3En7YEtbWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSE y132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvjK8Cd+RTyG/FWaha/LIWF zXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD412lPFzYE +cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCN I/onccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzs x2sZy/N78CsHpdlseVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqa ByFrgY/bxFn63iLABJzjqls2k+g9vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC 4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV HQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEMBQADggIBAHx4 7PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg JuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti 2kM3S+LGteWygxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIk pnnpHs6i58FZFZ8d4kuaPp92CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRF FRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZmOUdkLG5NrmJ7v2B0GbhWrJKsFjLt rWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qqJZ4d16GLuc1CLgSk ZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwyeqiv5 u+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP 4vkYxboznxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6 N3ec592kD3ZDZopD8p/7DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3 vouXsXgxT7PntgMTzlSdriVZzH81Xwj3QEUxeCp6 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICITCCAaegAwIBAgIQdlP+qicdlUZd1vGe5biQCjAKBggqhkjOPQQDAzBSMQsw CQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEoMCYGA1UEAxMf R2xvYmFsU2lnbiBTZWN1cmUgTWFpbCBSb290IEU0NTAeFw0yMDAzMTgwMDAwMDBa Fw00NTAzMTgwMDAwMDBaMFIxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxT aWduIG52LXNhMSgwJgYDVQQDEx9HbG9iYWxTaWduIFNlY3VyZSBNYWlsIFJvb3Qg RTQ1MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE+XmLgUc3iZY/RUlQfxomC5Myfi7A wKcImsNuj5s+CyLsN1O3b4qwvCc3S22pRjvZH/+loUS7LXO/nkEHXFObUQg6Wrtv OMcWkXjCShNpHYLfWi8AiJaiLhx0+Z1+ZjeKo0IwQDAOBgNVHQ8BAf8EBAMCAYYw DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU3xNei1/CQAL9VreUTLYe1aaxFJYw CgYIKoZIzj0EAwMDaAAwZQIwE7C+13EgPuSrnM42En1fTB8qtWlFM1/TLVqy5IjH 3go2QjJ5naZruuH5RCp7isMSAjEAoGYcToedh8ntmUwbCu4tYMM3xx3NtXKw2cbv vPL/P/BS3QjnqmR5w+RpV5EvpMt8 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFcDCCA1igAwIBAgIQdlP+qExQq5+NMrUdA49X3DANBgkqhkiG9w0BAQwFADBS MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEoMCYGA1UE AxMfR2xvYmFsU2lnbiBTZWN1cmUgTWFpbCBSb290IFI0NTAeFw0yMDAzMTgwMDAw MDBaFw00NTAzMTgwMDAwMDBaMFIxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i YWxTaWduIG52LXNhMSgwJgYDVQQDEx9HbG9iYWxTaWduIFNlY3VyZSBNYWlsIFJv b3QgUjQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3HnMbQb5bbvg VgRsf+B1zC0FSehL3FTsW3eVcr9/Yp2FqYokUF9T5dt0b6QpWxMqCa2axS/C93Y7 oUVGqkPmJP4rsG8ycBlGWnkmL/w9fV9ky1fMYWGo2ZVu45Wgbn9HEhjW7wPJ+4r6 mr2CFalVd0sRT1nga8Nx8wzYVNWBaD4TuRUuh4o8RCc2YiRu+CwFcjBhvUKRI8Sd JafZVJoUozGtgHkMp2NsmKOsV0czH2WW4dDSNdr5cfehpiW1QV3fPmDY0fafpfK4 zBOqj/mybuGDLZPdPoUa3eixXCYBy0mF/PzS1H+FYoZ0+cvsNSKiDDCPO6t561by +kLz7fkfRYlAKa3qknTqUv1WtCvaou11wm6rzlKQS/be8EmPmkjUiBltRebMjLnd ZGBgAkD4uc+8WOs9hbnGCtOcB2aPxxg5I0bhPB6jL1Bhkgs9K2zxo0c4V5GrDY/G nU0E0iZSXOWl/SotFioBaeepfeE2t7Eqxdmxjb25i87Mi6E+C0jNUJU0xNgIWdhr JvS+9dQiFwBXya6bBDAznwv731aiyW5Udtqxl2InWQ8RiiIbZJY/qPG3JEqNPFN8 bYN2PbImSHP1RBYBLQkqjhaWUNBzBl27IkiCTApGWj+A/1zy8pqsLAjg1urwEjiB T6YQ7UarzBacC89kppkChURnRq39TecCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgGG MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFKCTFShu7o8IsjXGnmJ5dKexDit7 MA0GCSqGSIb3DQEBDAUAA4ICAQBFCvjRXKxigdAE17b/V1GJCwzL3iRlN/urnu1m 9OoMGWmJuBmxMFa02fb3vsaul8tF9hGMOjBkTMGfWcBGQggGR2QXeOCVBwbWjKKs qdk/03tWT/zEhyjftisWI8CfH1vj1kReIk8jBIw1FrV5B4ZcL5fi9ghkptzbqIrj pHt3DdEpkyggtFOjS05f3sH2dSP8Hzx4T3AxeC+iNVRxBKzIxG3D9pGx/s3uRG6B 9kDFPioBv6tMsQM/DRHkD9Ik4yKIm59fRz1RSeAJN34XITF2t2dxSChLJdcQ6J9h WRbFPjJOHwzOo8wP5McRByIvOAjdW5frQmxZmpruetCd38XbCUMuCqoZPWvoajB6 V+a/s2o5qY/j8U9laLa9nyiPoRZaCVA6Mi4dL0QRQqYA5jGY/y2hD+akYFbPedey Ttew+m4MVyPHzh+lsUxtGUmeDn9wj3E/WCifdd1h4Dq3Obbul9Q1UfuLSWDIPGau l+6NJllXu3jwelAwCbBgqp9O3Mk+HjrcYpMzsDpUdG8sMUXRaxEyamh29j32ahNe JJjn6h2az3iCB2D3TRDTgZpFjZ6vm9yAx0OylWikww7oCkcVv1Qz3AHn1aYec9h6 sr8vreNVMJ7fDkG84BH1oQyoIuHjAKNOcHyS4wTRekKKdZBZ45vRTKJkvXN5m2/y s8H2PA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFcjCCA1qgAwIBAgIQdlP+uT3Z5+kmMqzWCr6sODANBgkqhkiG9w0BAQwFADBT MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEpMCcGA1UE AxMgR2xvYmFsU2lnbiBUaW1lc3RhbXBpbmcgUm9vdCBSNDUwHhcNMjAwMzE4MDAw MDAwWhcNNDUwMzE4MDAwMDAwWjBTMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xv YmFsU2lnbiBudi1zYTEpMCcGA1UEAxMgR2xvYmFsU2lnbiBUaW1lc3RhbXBpbmcg Um9vdCBSNDUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6dDPsJ9wS OCEbxdNhKNZavE/fi8yRhEMkV7xkIbw7HB89T4ytB7fzxdcC6REUgpqqtJRyO3EN Gu9oa4V5jq9m6liYDbrBfHnS/82zbzFF0AV0BAByaid+uDc/Oojtl4P1qzVND59Z O/Uv31nFfKUydmCWyO3u+AR+GVFyqL9EQXq8ex47AJu8uuCWv5D+jZvDcosAEvgg OmA498HMhYr7h3kuoSsg5sughZEjtsQoB1Qo3uwQMU+K8s0UHx7dVRzqKDFM+SFq qM3zlmf6AUGbzQ8LaH+73vFD6hflsNxwIrNpNll0a8bliSp85QuBXas/j7jRdnLz fKKp4pdBv8yMRf5hyfZsBwsABOgVI0+CKi3278P6ETZIodH9ejk6NF2jLA6bd1Ag NEDdsQMxrV/pYodzlgNh95Sw2VxsT+cUxeHxew0jnM1wjB1q3kotiyq720IUBQeq +xTcMdP2H2zLvmhmRHBNbRf5cesFc46RknXraFwe9kRhGCli3RdmiOwouklv2z53 /rkxH3UcGKKmR73Y7kiFO/2z4g8/KpjGmvqCb7GlpYYdWjr6pGx0D3dSYWp/hyne OZuL7rNFYDAklxUSKoUwkyaslqYt6HBtC6kyrSybKAp2QvJVYVGYlN7t9sUXbzwV ELAOrbDexRb0ZdHML1pWCM+ZxPBVkcIseQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC AYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQURrIcd+F7FfClOaFw3tHELupt st4wDQYJKoZIhvcNAQEMBQADggIBABZ8CmdKAzyTKj4cT0ZVsJqeiOHrU/1MVXmE +Wy2n6kKtomrVAcUFkpJWvS4LoYUxH4ZifmHiLzsstKVjOAM+fKUZqaYVxuh39Fx fYy1+HEC3RO2vvqwMcMsZ+saGA4aTdwszzFcYSipneNqLK5QSw460Gn7ijRE335L jhqQCdox2sovpff0Nyw1DRpizTx7PFZ3ZZVclHNwn2EvaWQjHUx5B8IXfDrtqm1x AxRiRcy3PlTYUXFC6juSQqUvVIGjsAxWWFa75JjuZscR+ahFF+JlKore4qjOxS32 9c6t8OMKCd1Te2ypbIZ+od42NQAPX4D9RbtxZkPURCzQuwFOmZ4+TeFeVh8FeoId ssstpTO5OeXEt9pC4b3QlEKA+hiUO5NDqMiUOm1+nfxPoMLT5aWqECZvBiJb4AHi Sr8Z5USesK2rGdLN60fEYoHs8MJ6jUz9wiW3vCxwjqqtUvQUPKp4HQTTydUlgqda y4x8H1cCO4cbyNf5VBodyhpLJ7HiSu/nmkAUT6U8n9WjvpQ1nMLXPyjupBcrQ71k p9ev6VPnp3cexRIbMeJLxn+eHO6jOpRQXaZQBlJeRQMrtADgwe3YDcGuu0kJgYJa QkOvmWO4FNE8i93V8FTtcmfC9so+NYSHgA1SlVBB1rINGUAvthNN97Fg1HbFVzlu WqJeCnnc -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h /t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf ReYNnyicsbkqWletNw+vHX/bvZ8= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH /PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu 9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo 2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI 4uJEvlz36hz1 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf 8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN +lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA 1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1 HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0 HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3 4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg 8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1 mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs ewv4n4Q= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFWjCCA0KgAwIBAgIQbkepxUtHDA3sM9CJuRz04TANBgkqhkiG9w0BAQwFADBH MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIy MDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNl cnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEB AQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaM f/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vX mX7wCl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7 zUjwTcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0P fyblqAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtc vfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4 Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUsp zBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOO Rc92wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYW k70paDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+ DVrNVjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgF lQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV HQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBADiW Cu49tJYeX++dnAsznyvgyv3SjgofQXSlfKqE1OXyHuY3UjKcC9FhHb8owbZEKTV1 d5iyfNm9dKyKaOOpMQkpAWBz40d8U6iQSifvS9efk+eCNs6aaAyC58/UEBZvXw6Z XPYfcX3v73svfuo21pdwCxXu11xWajOl40k4DLh9+42FpLFZXvRq4d2h9mREruZR gyFmxhE+885H7pwoHyXa/6xmld01D1zvICxi/ZG6qcz8WpyTgYMpl0p8WnK0OdC3 d8t5/Wk6kjftbjhlRn7pYL15iJdfOBL07q9bgsiG1eGZbYwE8na6SfZu6W0eX6Dv J4J2QPim01hcDyxC2kLGe4g0x8HYRZvBPsVhHdljUEn2NIVq4BjFbkerQUIpm/Zg DdIx02OYI5NaAIFItO/Nis3Jz5nu2Z6qNuFoS3FJFDYoOj0dzpqPJeaAcWErtXvM +SUWgeExX6GjfhaknBZqlxi9dnKlC54dNuYvoS++cJEPqOba+MSSQGwlfnuzCdyy F62ARPBopY+Udf90WuioAnwMCeKpSwughQtiue+hMZL77/ZRBIls6Kl0obsXs7X9 SQ98POyDGCBDTtWTurQ0sR8WNh8M5mQ5Fkzc4P4dyKliPUDqysU0ArSuiYgzNdws E3PYJ/HQcu51OyLemGhmW/HGY0dVHLqlCFF1pkgl -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFWjCCA0KgAwIBAgIQbkepxlqz5yDFMJo/aFLybzANBgkqhkiG9w0BAQwFADBH MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIy MDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNl cnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEB AQUAA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3Lv CvptnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3Kg GjSY6Dlo7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9Bu XvAuMC6C/Pq8tBcKSOWIm8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOd re7kRXuJVfeKH2JShBKzwkCX44ofR5GmdFrS+LFjKBC4swm4VndAoiaYecb+3yXu PuWgf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7MkogwTZq9TwtImoS1 mKPV+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJGr61K 8YzodDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqj x5RWIr9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsR nTKaG73VululycslaVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0 kzCqgc7dGtxRcw1PcOnlthYhGXmy5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9Ok twIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV HQ4EFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQADggIBALZp 8KZ3/p7uC4Gt4cCpx/k1HUCCq+YEtN/L9x0Pg/B+E02NjO7jMyLDOfxA325BS0JT vhaI8dI4XsRomRyYUpOM52jtG2pzegVATX9lO9ZY8c6DR2Dj/5epnGB3GFW1fgiT z9D2PGcDFWEJ+YF59exTpJ/JjwGLc8R3dtyDovUMSRqodt6Sm2T4syzFJ9MHwAiA pJiS4wGWAqoC7o87xdFtCjMwc3i5T1QWvwsHoaRc5svJXISPD+AVdyx+Jn7axEvb pxZ3B7DNdehyQtaVhJ2Gg/LkkM0JR9SLA3DaWsYDQvTtN6LwG1BUSw7YhN4ZKJmB R64JGz9I0cNv4rBgF/XuIwKl2gBbbZCr7qLpGzvpx0QnRY5rn/WkhLx3+WuXrD5R RaIRpsyF7gpo8j5QOHokYh4XIDdtak23CZvJ/KRY9bb7nE4Yu5UC56GtmwfuNmsk 0jmGwZODUNKBRqhfYlcsu2xkiAhu7xNUX90txGdj08+JN7+dIPT7eoOboB6BAFDC 5AwiWVIQ7UNWhwD4FFKnHYuTjKJNRn8nxnGbJN7k2oaLDX5rIMHAnuFl2GqjpuiF izoHCBy69Y9Vmhh1fuXsgWbRIXOhNUQLgD1bnF5vKheW0YMjiGZt5obicDIvUiLn yOd/xCxgXS/Dr55FBcOEArf9LAhST4Ldo/DUhgkC -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICDDCCAZGgAwIBAgIQbkepx2ypcyRAiQ8DVd2NHTAKBggqhkjOPQQDAzBHMQsw CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU MBIGA1UEAxMLR1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjOPQIBBgUrgQQA IgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout 736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2A DDL24CejQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud DgQWBBTB8Sa6oC2uhYHP0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEAgFuk fCPAlaUs3L6JbyO5o91lAFJekazInXJ0glMLfalAvWhgxeG4VDvBNhcl2MG9AjEA njWSdIUlUfUk7GRSJFClH9voy8l27OyCbvWFGFPouOOaKaqW04MjyaR7YbPMAuhd -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICCjCCAZGgAwIBAgIQbkepyIuUtui7OyrYorLBmTAKBggqhkjOPQQDAzBHMQsw CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU MBIGA1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQA IgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzu hXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/l xKvRHYqjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud DgQWBBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNnADBkAjBqUFJ0 CMRw3J5QdCHojXohw0+WbhXRIjVhLfoIN+4Zba3bssx9BzT1YBkstTTZbyACMANx sbqjYAuG7ZoIapVon+Kz4ZNkfF6Tpt95LY2F45TPI11xzPKwTdb+mciUqXWi4w== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEgDCCA2igAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlzELMAkGA1UEBhMCQlIx EzARBgNVBAoTCklDUC1CcmFzaWwxPTA7BgNVBAsTNEluc3RpdHV0byBOYWNpb25h bCBkZSBUZWNub2xvZ2lhIGRhIEluZm9ybWFjYW8gLSBJVEkxNDAyBgNVBAMTK0F1 dG9yaWRhZGUgQ2VydGlmaWNhZG9yYSBSYWl6IEJyYXNpbGVpcmEgdjEwHhcNMDgw NzI5MTkxNzEwWhcNMjEwNzI5MTkxNzEwWjCBlzELMAkGA1UEBhMCQlIxEzARBgNV BAoTCklDUC1CcmFzaWwxPTA7BgNVBAsTNEluc3RpdHV0byBOYWNpb25hbCBkZSBU ZWNub2xvZ2lhIGRhIEluZm9ybWFjYW8gLSBJVEkxNDAyBgNVBAMTK0F1dG9yaWRh ZGUgQ2VydGlmaWNhZG9yYSBSYWl6IEJyYXNpbGVpcmEgdjEwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDOHOi+kzTOybHkVO4J9uykCIWgP8aKxnAwp4CM 7T4BVAeMGSM7n7vHtIsgseL3QRYtXodmurAH3W/RPzzayFkznRWwn5LIVlRYijon ojQem3i1t83lm+nALhKecHgH+o7yTMD45XJ8HqmpYANXJkfbg3bDzsgSu9H/766z Yn2aoOS8bn0BLjRg3IfgX38FcFwwFSzCdaM/UANmI2Ys53R3eNtmF9/5Hw2CaI91 h/fpMXpTT89YYrtAojTPwHCEUJcV2iBL6ftMQq0raI6j2a0FYv4IdMTowcyFE86t KDBQ3d7AgcFJsF4uJjjpYwQzd7WAds0qf/I8rF2TQjn0onNFAgMBAAGjgdQwgdEw TgYDVR0gBEcwRTBDBgVgTAEBADA6MDgGCCsGAQUFBwIBFixodHRwOi8vYWNyYWl6 LmljcGJyYXNpbC5nb3YuYnIvRFBDYWNyYWl6LnBkZjA/BgNVHR8EODA2MDSgMqAw hi5odHRwOi8vYWNyYWl6LmljcGJyYXNpbC5nb3YuYnIvTENSYWNyYWl6djEuY3Js MB0GA1UdDgQWBBRCsixcdAEHvpv/VTM77im7XZG/BjAPBgNVHRMBAf8EBTADAQH/ MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAWWyKdukZcVeD/qf0 eg+egdDPBxwMI+kkDVHLM+gqCcN6/w6jgIZgwXCX4MAKVd2kZUyPp0ewV7fzq8TD GeOY7A2wG1GRydkJ1ulqs+cMsLKSh/uOTRXsEhQZeAxi6hQ5GArFVdtThdx7KPoV caPKdCWCD2cnNNeuUhMC+8XvmoAlpVKeOQ7tOvR4B1/VKHoKSvXQw2f3jFgXbwoA oyYQtGAiOkpIpdrgqYTeQ9ufQ6c/KARHki/352R1IdJPgc6qPmQO4w6tVZp+lJs0 wdCuaU4eo9mzh1facMJafYfN+b833u1WNfe3Ig5Pkrg/CN+cnphe8m+5+pss+M1F 2HKyIA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGrDCCBJSgAwIBAgIJANLVi0S/gZNCMA0GCSqGSIb3DQEBDQUAMIGYMQswCQYD VQQGEwJCUjETMBEGA1UECgwKSUNQLUJyYXNpbDE9MDsGA1UECww0SW5zdGl0dXRv IE5hY2lvbmFsIGRlIFRlY25vbG9naWEgZGEgSW5mb3JtYWNhbyAtIElUSTE1MDMG A1UEAwwsQXV0b3JpZGFkZSBDZXJ0aWZpY2Fkb3JhIFJhaXogQnJhc2lsZWlyYSB2 MTAwHhcNMTkwNzAxMTkxNTU5WhcNMzIwNzAxMTIwMDU5WjCBmDELMAkGA1UEBhMC QlIxEzARBgNVBAoMCklDUC1CcmFzaWwxPTA7BgNVBAsMNEluc3RpdHV0byBOYWNp b25hbCBkZSBUZWNub2xvZ2lhIGRhIEluZm9ybWFjYW8gLSBJVEkxNTAzBgNVBAMM LEF1dG9yaWRhZGUgQ2VydGlmaWNhZG9yYSBSYWl6IEJyYXNpbGVpcmEgdjEwMIIC IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAk3AxKl1ZtP0pNyjChqO7qNkn +/sClZeqiV/Kd7KnnbkDbI2y3VWcUG7feCE/deIxot6GH6JXncRG794UZl+4doD0 D0/cEwBd4DvrDSZm0RT40xhmYYOTxZDJxv+coTHdmsT5aNmSkktfjzYX4HQHh/7M em+kTOpT/3E4K6B7KVs9HkOT7nXx5yU1qYbVWqI0qpJM9mOTSFx8C9HiKcHvLCvt 1ioXKPAmFuHPkayOcXP2MXeb+VRNjWKU4E+L2t5uZPKVx1M/9i1DztlLb4K8OfYg GaPDUSF1sxnoGk5qZHLleO6KjCpmuQepmgsBvxi2YNO7X2YUwQQx1AXNSolgtkAR 5gt+1WzxhbFUhItQqlhqxgWHefLmiT5T/Ctz/P2v+zSO4efkkIzsi1iwD+ypZvM2 lnIvB24RcSN6jzmCahLPX4CwjwIK6JsSoMVxIhpZHCguUP4LXqP8IWUZ6WgS/4zB 7B9E0EICl2rM1PRy+6ulv+ZOW256e8a0pijUB+hXM1msUq9L92476FAAX8va3sP7 +Uut94+bGHmubcTLImWUPrxNT7QyrvE3FyHicfiHioeFL2oV4cXTLZrEq2wS8R4P KPdSzNn5Z9e2uMEGYQaSNO+OwvVycpIhOBOqrm12wJ9ZhWKtM5UOo34/o37r5ZBI TYXAGbhqQDB9mWXwH+0CAwEAAaOB9jCB8zBOBgNVHSAERzBFMEMGBWBMAQEAMDow OAYIKwYBBQUHAgEWLGh0dHA6Ly9hY3JhaXouaWNwYnJhc2lsLmdvdi5ici9EUENh Y3JhaXoucGRmMEAGA1UdHwQ5MDcwNaAzoDGGL2h0dHA6Ly9hY3JhaXouaWNwYnJh c2lsLmdvdi5ici9MQ1JhY3JhaXp2MTAuY3JsMB8GA1UdIwQYMBaAFHTzfv/8n1N6 8Xzrqz6kptoYukVjMB0GA1UdDgQWBBR0837//J9TevF866s+pKbaGLpFYzAPBgNV HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQ0FAAOCAgEA eCNhBSuy/Ih/T+1VOtAJju85SrtoE3vET1qXASpmjQllDHG/ph7VFNRAkC+gha+B CbjoA5oJ/8wwl+Qdp1KGz6nXXFTLx3osU+kjm0srmBf9nyXHPqvFyvBeB0A7sYb7 TmII9GKD20oCxsdkccR/oE/JuTaNnGq0GYZ2aDb5v62uLi21Y6P9UBiTxZqQ4ojW ET6kXNjlK238jpXv17FR8Sg3VusCvX7Q8eJkavvHHZDeWck2fSA+ycAc2JeL2Z0B MSxGWpH32WM9J8+6XqCJUXHiWEV0zCE8wDYiYC+047pTxQI/gB/FcU7jvylh98DJ kQPHd/Tp6Og3ynlDA9n9uBbxYHVRZs9vsZ/7xTFaxRe+zk8dhgKgZ/3RrcMFB570 2t8LFbyuUE/kQVY6rZ0QJ9qMWQ7VPLRwRhiMeU3k8WDJb/tBbOXHBqldTbWyQ+mp MEDWhbrzE/IED82wAuO23Tb05cYk2xC7+Izef8fSc3XdJDuPSbcDpWukzyCDtSEH isLiGEtIbYRiPsF3czlQPsnIEVoTTCWxHCH1zYR6zScSv18Qh69qVe2J40K5jZoP GEOhq/oKhVJQAdvAFW5Odp7mF3Tk9nivjjsctJSxY26LFiV5GRV+07SSse4ti0aO jO5PLg5SWjfcOtBG2rz02EIvQAmLcb0kGBtfdj0lW/w= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGoTCCBImgAwIBAgIBATANBgkqhkiG9w0BAQ0FADCBlzELMAkGA1UEBhMCQlIx EzARBgNVBAoMCklDUC1CcmFzaWwxPTA7BgNVBAsMNEluc3RpdHV0byBOYWNpb25h bCBkZSBUZWNub2xvZ2lhIGRhIEluZm9ybWFjYW8gLSBJVEkxNDAyBgNVBAMMK0F1 dG9yaWRhZGUgQ2VydGlmaWNhZG9yYSBSYWl6IEJyYXNpbGVpcmEgdjUwHhcNMTYw MzAyMTMwMTM4WhcNMjkwMzAyMjM1OTM4WjCBlzELMAkGA1UEBhMCQlIxEzARBgNV BAoMCklDUC1CcmFzaWwxPTA7BgNVBAsMNEluc3RpdHV0byBOYWNpb25hbCBkZSBU ZWNub2xvZ2lhIGRhIEluZm9ybWFjYW8gLSBJVEkxNDAyBgNVBAMMK0F1dG9yaWRh ZGUgQ2VydGlmaWNhZG9yYSBSYWl6IEJyYXNpbGVpcmEgdjUwggIiMA0GCSqGSIb3 DQEBAQUAA4ICDwAwggIKAoICAQD3LXgabUWsF+gUXw/6YODeF2XkqEyfk3VehdsI x+3/ERgdjCS/ouxYR0Epi2hdoMUVJDNf3XQfjAWXJyCoTneHYAl2McMdvoqtLB2i leQlJiis0fTtYTJayee9BAIdIrCor1Lc0vozXCpDtq5nTwhjIocaZtcuFsdrkl+n bfYxl5m7vjTkTMS6j8ffjmFzbNPDlJuV3Vy7AzapPVJrMl6UHPXCHMYMzl0KxR/4 7S5XGgmLYkYt8bNCHA3fg07y+Gtvgu+SNhMPwWKIgwhYw+9vErOnavRhOimYo4M2 AwNpNK0OKLI7Im5V094jFp4Ty+mlmfQH00k8nkSUEN+1TGGkhv16c2hukbx9iCfb mk7im2hGKjQA8eH64VPYoS2qdKbPbd3xDDHN2croYKpy2U2oQTVBSf9hC3o6fKo3 zp0U3dNiw7ZgWKS9UwP31Q0gwgB1orZgLuF+LIppHYwxcTG/AovNWa4sTPukMiX2 L+p7uIHExTZJJU4YoDacQh/mfbPIz3261He4YFmQ35sfw3eKHQSOLyiVfev/n0l/ r308PijEd+d+Hz5RmqIzS8jYXZIeJxym4mEjE1fKpeP56Ea52LlIJ8ZqsJ3xzHWu 3WkAVz4hMqrX6BPMGW2IxOuEUQyIaCBg1lI6QLiPMHvo2/J7gu4YfqRcH6i27W3H yzamEQIDAQABo4H1MIHyME4GA1UdIARHMEUwQwYFYEwBAQAwOjA4BggrBgEFBQcC ARYsaHR0cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJyL0RQQ2FjcmFpei5wZGYw PwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJy L0xDUmFjcmFpenY1LmNybDAfBgNVHSMEGDAWgBRpqL512cTvbOcTReRhbuVo+LZA XjAdBgNVHQ4EFgQUaai+ddnE72znE0XkYW7laPi2QF4wDwYDVR0TAQH/BAUwAwEB /zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQADggIBABRt2/JiWapef7o/ plhR4PxymlMIp/JeZ5F0BZ1XafmYpl5g6pRokFrIRMFXLyEhlgo51I05InyCc9Td 6UXjlsOASTc/LRavyjB/8NcQjlRYDh6xf7OdP05mFcT/0+6bYRtNgsnUbr10pfsK /UzyUvQWbumGS57hCZrAZOyd9MzukiF/azAa6JfoZk2nDkEudKOY8tRyTpMmDzN5 fufPSC3v7tSJUqTqo5z7roN/FmckRzGAYyz5XulbOc5/UsAT/tk+KP/clbbqd/hh evmmdJclLr9qWZZcOgzuFU2YsgProtVu0fFNXGr6KK9fu44pOHajmMsTXK3X7r/P wh19kFRow5F3RQMUZC6Re0YLfXh+ypnUSCzA+uL4JPtHIGyvkbWiulkustpOKUSV wBPzvA2sQUOvqdbAR7C8jcHYFJMuK2HZFji7pxcWWab/NKsFcJ3sluDjmhizpQax bYTfAVXu3q8yd0su/BHHhBpteyHvYyyz0Eb9LUysR2cMtWvfPU6vnoPgYvOGO1Cz iyGEsgKULkCH4o2Vgl1gQuKWO4V68rFW8a/jvq28sbY+y/Ao0I5ohpnBcQOAawiF bz6yJtObajYMuztDDP8oY656EuuJXBJhuKAJPI/7WDtgfV8ffOh/iQGQATVMtgDN 0gv8bn5NdUX8UMNX1sHhU3H1UpoW -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGoTCCBImgAwIBAgIBATANBgkqhkiG9w0BAQ0FADCBlzELMAkGA1UEBhMCQlIx EzARBgNVBAoTCklDUC1CcmFzaWwxPTA7BgNVBAsTNEluc3RpdHV0byBOYWNpb25h bCBkZSBUZWNub2xvZ2lhIGRhIEluZm9ybWFjYW8gLSBJVEkxNDAyBgNVBAMTK0F1 dG9yaWRhZGUgQ2VydGlmaWNhZG9yYSBSYWl6IEJyYXNpbGVpcmEgdjIwHhcNMTAw NjIxMTkwNDU3WhcNMjMwNjIxMTkwNDU3WjCBlzELMAkGA1UEBhMCQlIxEzARBgNV BAoTCklDUC1CcmFzaWwxPTA7BgNVBAsTNEluc3RpdHV0byBOYWNpb25hbCBkZSBU ZWNub2xvZ2lhIGRhIEluZm9ybWFjYW8gLSBJVEkxNDAyBgNVBAMTK0F1dG9yaWRh ZGUgQ2VydGlmaWNhZG9yYSBSYWl6IEJyYXNpbGVpcmEgdjIwggIiMA0GCSqGSIb3 DQEBAQUAA4ICDwAwggIKAoICAQC6RqQO3edA8rWgfFKVV0X8bYTzhgHJhQOtmKvS 8l4Fmcm7b2Jn/XdEuQMHPNIbAGLUcCxCg3lmq5lWroG8akm983QPYrfrWwdmlEIk nUasmkIYMPAkqFFB6quV8agrAnhptSknXpwuc8b+I6Xjps79bBtrAFTrAK1POkw8 5wqIW9pemgtW5LVUOB3yCpNkTsNBklMgKs/8dG7U2zM4YuT+jkxYHPePKk3/xZLZ CVK9z3AAnWmaM2qIh0UhmRZRDTTfgr20aah8fNTd0/IVXEvFWBDqhRnLNiJYKnIM mpbeys8IUWG/tAUpBiuGkP7pTcMEBUfLz3bZf3Gmh3sVQOQzgHgHHaTyjptAO8ly UN9pvvAslh+QtdWudONltIwa6Wob+3JcxYJU6uBTB8TMEun33tcv1EgvRz8mYQSx Epoza7WGSxMr0IadR+1p+/yEEmb4VuUOimx2xGsaesKgWhLRI4lYAXwIWNoVjhXZ fn03tqRF9QOFzEf6i3lFuGZiM9MmSt4c6dR/5m0muTx9zQ8oCikPm91jq7mmRxqE 14WkA2UGBEtSjYM0Qn8xjhEu5rNnlUB+l3pAAPkRbIM4WK0DM1umxMHFsKwNqQbw pmkBNLbp+JRITz6mdQnsSsU74MlesDL/n2lZzzwwbw3OJ1fsWhto/+xPb3gyPnnF tF2VfwIDAQABo4H1MIHyME4GA1UdIARHMEUwQwYFYEwBAQAwOjA4BggrBgEFBQcC ARYsaHR0cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJyL0RQQ2FjcmFpei5wZGYw PwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJy L0xDUmFjcmFpenYyLmNybDAfBgNVHSMEGDAWgBQMOSA6twEfy9cofUGgx/pKrTIk vjAdBgNVHQ4EFgQUDDkgOrcBH8vXKH1BoMf6Sq0yJL4wDwYDVR0TAQH/BAUwAwEB /zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQADggIBAFmaFGkYbX0pQ3B9 dpth33eOGnbkqdbLdqQWDEyUEsaQ0YEDxa0G2S1EvLIJdgmAOWcAGDRtBgrmtRBZ SLp1YPw/jh0YVXArnkuVrImrCncke2HEx5EmjkYTUTe2jCcK0w3wmisig4OzvYM1 rZs8vHiDKTVhNvgRcTMgVGNTRQHYE1qEO9dmEyS3xEbFIthzJO4cExeWyCXoGx7P 34VQbTzq91CeG5fep2vb1nPSz3xQwLCM5VMSeoY5rDVbZ8fq1PvRwl3qDpdzmK4p v+Q68wQ2UCzt3h7bhegdhAnu86aDM1tvR3lPSLX8uCYTq6qz9GER+0Vn8x0+bv4q SyZEGp+xouA82uDkBTp4rPuooU2/XSx3KZDNEx3vBijYtxTzW8jJnqd+MRKKeGLE 0QW8BgJjBCsNid3kXFsygETUQuwq8/JAhzHVPuIKMgwUjdVybQvm/Y3kqPMFjXUX d5sKufqQkplliDJnQwWOLQsVuzXxYejZZ3ftFuXoAS1rND+Og7P36g9KHj41hJ2M gDQ/qZXow63EzZ7KFBYsGZ7kNou5uaNCJQc+w+XVaE+gZhyms7ZzHJAaP0C5GlZC cIf/by0PEf0e//eFMBUO4xcx7ieVzMnpmR6Xx21bB7UFaj3yRd+6gnkkcC6bgh9m qaVtJ8z2KqLRX4Vv4EadqtKlTlUO -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIC3zCCAmWgAwIBAgIPAXlAp7XafZAcqUvyWq6uMAoGCCqGSM49BAMDMIGgMQsw CQYDVQQGEwJGSTEnMCUGA1UECgweRGlnaS0gamEgdmFlc3RvdGlldG92aXJhc3Rv IENBMSkwJwYDVQQLDCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBTZXJ2aWNlczEZ MBcGA1UECwwQVmFybWVubmVwYWx2ZWx1dDEiMCAGA1UEAwwZRFZWIEdvdi4gUm9v dCBDQSAtIEczIEVDQzAeFw0yMTA1MDYwNzUxMzBaFw00MjA1MDUwNzUxMzBaMIGg MQswCQYDVQQGEwJGSTEnMCUGA1UECgweRGlnaS0gamEgdmFlc3RvdGlldG92aXJh c3RvIENBMSkwJwYDVQQLDCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBTZXJ2aWNl czEZMBcGA1UECwwQVmFybWVubmVwYWx2ZWx1dDEiMCAGA1UEAwwZRFZWIEdvdi4g Um9vdCBDQSAtIEczIEVDQzB2MBAGByqGSM49AgEGBSuBBAAiA2IABLMtyj+KrpIk CpLKBebiaw19zy+Jq6daVfcGpmBeoy6vSG3dDsQzKsqrVJl6iIrPsy8TKNbd67Oo 1lnK58UaDtyNiqywa21Rhu+USvrovkvtVnHwHepLtfVjWRK4r4mxMKNjMGEwHwYD VR0jBBgwFoAUuXaAw4P4zyLahevOFE5VrF5aCpAwHQYDVR0OBBYEFLl2gMOD+M8i 2oXrzhROVaxeWgqQMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MAoG CCqGSM49BAMDA2gAMGUCMQC8Je7hVl91ZuhAIdRyRaVfO3f6zscgVg55aKWxvvDi 9SWBDI+iaMJdyWpFP3Y5rSQCMESDaOZhMhOxhfJt1Ty1/oewEzbMV/ceO9lqU+Qa 6kD7LbtdrQvuAQBDR0h5dfi+cw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGLjCCBBagAwIBAgIPAXlAy/Sa/sZmScnweQXbMA0GCSqGSIb3DQEBDQUAMIGg MQswCQYDVQQGEwJGSTEnMCUGA1UECgweRGlnaS0gamEgdmFlc3RvdGlldG92aXJh c3RvIENBMSkwJwYDVQQLDCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBTZXJ2aWNl czEZMBcGA1UECwwQVmFybWVubmVwYWx2ZWx1dDEiMCAGA1UEAwwZRFZWIEdvdi4g Um9vdCBDQSAtIEczIFJTQTAeFw0yMTA1MDYwODMwNDJaFw00MjA1MDUwODMwNDJa MIGgMQswCQYDVQQGEwJGSTEnMCUGA1UECgweRGlnaS0gamEgdmFlc3RvdGlldG92 aXJhc3RvIENBMSkwJwYDVQQLDCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBTZXJ2 aWNlczEZMBcGA1UECwwQVmFybWVubmVwYWx2ZWx1dDEiMCAGA1UEAwwZRFZWIEdv di4gUm9vdCBDQSAtIEczIFJTQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC ggIBAMGfAoCBLYmEYWZLGzujBOFRmh0gCIoWYKTzPEzqG5A8YSks/x5KKd9EL6dn lefEd5KGC1qtPiVnjrz4wvArn7GVkF0RXKeTXkkxi1ISrf6wHufhMWPEJXTirDnl CVY2OmL4CGppcUFK4I+7ePZ4690SafSeSDuHxwTq/zuIX39E3CxFNNpq7DaEBHsf TAEaqWIfnHcD1JvZiLxG0evNUR8q7T1NBgcRv8FzNjLpwRqC3kNGrYKW7uCoqT5u ufIrC2Tz0ZNNe47wxRZ7zRMEhZ+z1e9t1xO5L34b3Reba4TUnPJme3WS15FCAx7p qfm2EAPm3SYvRu+iRTNTnZe+VXuuIoWEYuY4IQkVoyUHV2KN1z3zDNxkKiaDagcv wwlfS/PwTtjqNl9mNZ3iLfg7oOzTCyWCWM+/AgMY43C6ZLqqK4YPOve66FWf5uj7 cpSuuSKZ7aFYyncHulXreai6c5ZDgKzTmOFzXlZ3lK5BF1kVbIBLz1qwQd4LrMYW LcfjOdjFrDnOP5rft9ZPfr6Kn8IpFk8FygDJKImMkRkaBc11Wwo3J+AiUlgtWDq0 YvMJP7zM4GM9eunx7aC8/On54SevRUvSRDR6oBZIcjOpXSdPFdpNjh2eVrFkV5Co +dxI7WYFQPRUG9aB4nrRczYHjDvz2tqDW18MeHaj/Z0VJd6HAgMBAAGjYzBhMB8G A1UdIwQYMBaAFFsB4M9e0MSAtVCKgTiHg5K/FQyMMB0GA1UdDgQWBBRbAeDPXtDE gLVQioE4h4OSvxUMjDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAN BgkqhkiG9w0BAQ0FAAOCAgEAldGmfB3UMtPLvUDBxMtz4//L92s3hwBlUdJLZwaH RYE/z+W6yz1yxnRWtTFOOqEUMGR68ai6BrL0LaS3ZNpdP/JPnHnJKzJ62ehvyaHH Tu4oTP9l/B3LLQESmMNEwzTDF6o6X0TQwR/Sw2SSDD6B9M+Ijuj34JkzAVuuyc2w BPp5TRS1Fikl1tzsCK7SdGeq2b57lIycB+DnFuD89E/GGcwvJhIVmHs6aGD30RrA PDHUjUl1rsI+Lo6u6FxXpZhKx5pf/BQ0VL4W5WfmQm/n/Xt3RZgZSmt+YXGMGOTr raoil55YWJgXTed2H0DRjiQNv9QXL5VgxT3XKh1jr4nr9HzmtXlQ6AFVBVXqLEWM Xs3Go/J5a4WTDflTS1taZwfMRd2MuD1SSqHYk3AItR4i91XAZo0BxIuiG86GFQuy IYoAOo/GJTyO3EVt5WBKq9rrL3ZzHHoRTXa5V5dQO6gICYK8+q2bnmhRCl5CU3LZ 2bU/QZJ5PSgXpaIGkNmlnuq15jX4vAig6N0UnsLzXOYAlL6+Rl3a0MFKKIBgnP5K 5e2LYKmRpVYG8WMoj223ehWMfI7QPOUs5JXusNpZqE1Yr4Cz5DRLNE/1b1hsPOZ9 fMF6uEV6XRflSpMbVGQI8MGsnVWUbyJCAEZlkcglGekXrfhckLqohDuU6nO83BAj V+M= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEGjCCAwKgAwIBAgIDAYagMA0GCSqGSIb3DQEBBQUAMIGjMQswCQYDVQQGEwJG STEQMA4GA1UECBMHRmlubGFuZDEhMB8GA1UEChMYVmFlc3RvcmVraXN0ZXJpa2Vz a3VzIENBMSkwJwYDVQQLEyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBTZXJ2aWNl czEZMBcGA1UECxMQVmFybWVubmVwYWx2ZWx1dDEZMBcGA1UEAxMQVlJLIEdvdi4g Um9vdCBDQTAeFw0wMjEyMTgxMzUzMDBaFw0yMzEyMTgxMzUxMDhaMIGjMQswCQYD VQQGEwJGSTEQMA4GA1UECBMHRmlubGFuZDEhMB8GA1UEChMYVmFlc3RvcmVraXN0 ZXJpa2Vza3VzIENBMSkwJwYDVQQLEyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBT ZXJ2aWNlczEZMBcGA1UECxMQVmFybWVubmVwYWx2ZWx1dDEZMBcGA1UEAxMQVlJL IEdvdi4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALCF FdrIAzfQo0Y3bBseljDCWoUSZyPyu5/nioFgJ/gTqTy894aqqvTzJSm0/nWuHoGG igWyHWWyOOi0zCia+xc28ZPVec7Bg4shT8MNrUHfeJ1I4x9CRPw8bSEga60ihCRC jxdNwlAfZM0tOSJWiP2yY51U2kJpwMhP1xjiPshphJQ9LIDGfM6911Mf64i5psu7 hVfvV3ZdDIvTXhJBnyHAOfQmbQj6OLOhd7HuFtjQaNq0mKWgZUZKa41+qk1guPjI DfxxPu45h4G02fhukO4/DmHXHSto5i7hQkQmeCxY8n0Wf2HASSQqiYe2XS8pGfim 545SnkFLWg6quMJmQlMCAwEAAaNVMFMwDwYDVR0TAQH/BAUwAwEB/zARBglghkgB hvhCAQEEBAMCAAcwDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBTb6eGb0tEkC/yr 46Bn6q6cS3f0sDANBgkqhkiG9w0BAQUFAAOCAQEArX1ID1QRnljurw2bEi8hpM2b uoRH5sklVSPj3xhYKizbXvfNVPVRJHtiZ+GxH0mvNNDrsczZog1Sf0JLiGCXzyVy t08pLWKfT6HAVVdWDsRol5EfnGTCKTIB6dTI2riBmCguGMcs/OubUpbf9MiQGS0j 8/G7cdqehSO9Gu8u5Hp5t8OdhkktY7ktdM9lDzJmid87Ie4pbzlj2RXBbvbfgD5Q eBmK3QOjFKU3p7UsfLYRh+cF8ry23tT/l4EohP7+bEaFEEGfTXWMB9SZZ291im/k UJL2mdUQuMSpe/cXjUu/15WfCdxEDx4yw8DP03kN5Mc7h/CQNIghYkmSBAQfvA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGDjCCA/agAwIBAgIDAw1AMA0GCSqGSIb3DQEBDQUAMIGWMQswCQYDVQQGEwJG STEhMB8GA1UECgwYVmFlc3RvcmVraXN0ZXJpa2Vza3VzIENBMSkwJwYDVQQLDCBD ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBTZXJ2aWNlczEZMBcGA1UECwwQVmFybWVu bmVwYWx2ZWx1dDEeMBwGA1UEAwwVVlJLIEdvdi4gUm9vdCBDQSAtIEcyMB4XDTE3 MTIxNDA4NTAzMVoXDTM4MTIxMzA4NTAzMVowgZYxCzAJBgNVBAYTAkZJMSEwHwYD VQQKDBhWYWVzdG9yZWtpc3RlcmlrZXNrdXMgQ0ExKTAnBgNVBAsMIENlcnRpZmlj YXRpb24gQXV0aG9yaXR5IFNlcnZpY2VzMRkwFwYDVQQLDBBWYXJtZW5uZXBhbHZl bHV0MR4wHAYDVQQDDBVWUksgR292LiBSb290IENBIC0gRzIwggIiMA0GCSqGSIb3 DQEBAQUAA4ICDwAwggIKAoICAQC/1gBKiQ4vIztyf3MgZaBfFsV7XlwG+WZzIIL1 YpYXlFH+mzXo8g5ffyGVHGLA5PmCeFzvVcDH/A1587ZMgjYKsEv8LWGmC4i4T7kF rgbMCdN7Sg1oiRNFAKOdXOZ+pR7nBi/wa0WkotSbh8qYZWDrWsyileyTW0qldn1f ddItlUd6abFziKxlJHkgf4iGRWQS6BTHOJCXHPFB97jgN/+2tcwxWswo/4SoU1ZY ct1jwDtHHYxWQ95UxwjMP3rowgPKNLyFlefD0SDS9Eor8envfXpbtQRgUgR4nejn KUNuOwEA2CrMBiYCaoQ/8wiqPhT99/eOuYAwQqUFfM3zoYQieBFBCdWMgAtOWI2Y 1HM9FfdtmT3khPNHPC9rmRSEITucVmVS9Y+rDaljgsw5UrHqp1njo8APeT7olT5G rLnduFeF9pf/nrMI5jdW3vymMziNvw1rlqaL6XBKt2dEqIkukOaXi+5vnKxzRftp OP1W+AXroxHMyPLyxLD41xn4BuaWYH3U5Lbz1JsZX98xg8644HWWKW08L+hZwEqf uuz6k/aRby0kFJIrvq2dCFg14WEqE9/Y0HzxVvNrdC3E4+6AYSyrCl1VSUthr5VO sbdS1pnT7yTQHAZImhvCF5yy5ov9LXKxlzwYSVFWfFXkEr5QiR1pKBlIw9oigang 4AWqvQIDAQABo2MwYTAfBgNVHSMEGDAWgBTRpwgWB57pvU7T1yBTllkGJ9eITTAd BgNVHQ4EFgQU0acIFgee6b1O09cgU5ZZBifXiE0wDgYDVR0PAQH/BAQDAgEGMA8G A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBAC1Qj8Fm74llE8N41MzM Wpdv7I9gVN5zZLcN6OE7pazPhbaWOUxEpDtZNwyAQBYzcnRI4IQloxstDQDhM2DC wV92D7OiS3DFJkDNEPpY9IFTj67cJ0iFlaaizkpCGb+VNSBk30JqZnUNVltLdZY1 U4McUKDlx5Sdy9ayPZNKy5SQcchvb2GbbvHQiOvEbz6DNEBUmEf9TMzKHI2D4DFt MDWz3yTEjTbdwNT8WYaso/BQvhhKQHhXoI3cDZK1yZZspzldPryuK9pxVj3RJ1Sq tAZ82MA8bcWd8jxVvvFhDtgc0ah9b9izF0K31RJlJs77lIXGbG1a5W58gD07m84v o/i98pIiXG4NeggKPlzd0//2F9YlZ8H7hnxUV2pzUr0HpUkF2RGLlUby3GIGiqyB BFfJuFRGGInEaB8VHpUCWKrEYZ8uD0TbTAGCaJX7Mf/QwgROfUex95nN5Q7CjBcS RJaCPZGYGpe2Z0Fw0o680WIgdoAS7Q65+Z8miUzXT2upbqXB+rsEE11mR46JqCqx 9l8XFtz9WRJuJ23dvej9xxF98vVWz6p+0P8TIoVi+UfqaO0Pk9hYYcrPdeMUZSfg En8jHtbtDz69AVvmFCYjXeAER3QlrMGVM6gzYCmdnYZj9dC9LxYRJtOZKY+Clnpc r/xS7vOO+Qq8VUHSmfQbp31m -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFzzCCA7egAwIBAgIUaKX9ptAcXj/P5PmZ33psbzmpf/wwDQYJKoZIhvcNAQEL BQAwbzELMAkGA1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJ SG9uZyBLb25nMRYwFAYDVQQKEw1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25n a29uZyBQb3N0IFJvb3QgQ0EgMjAeFw0xNTA5MDUwMjM0MzZaFw00MDA5MDUwMjM0 MzZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtvbmcxEjAQBgNVBAcT CUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMXSG9u Z2tvbmcgUG9zdCBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK AoICAQDicuzwRxAiw0TKBXlbWdg6KyQhJOqviPh9WgVlwxhIAQTBfloDNXlKw8Fi W9JegvcM+7n+0iEdXIe8JuPEpnuZU5cE2N8SSj5lRefOG2WpcDmWFmKBzOngG4K7 7ajgQmvpuskbS0j9nUYSQOUo00xH+mKIZ4QNV0wPcamFf1blFuijQrpHtt3o42r3 Cmnl8xTjXFXdh/9+PFxN+ckbDptO7n6s7E3ToiO3iJt5oIpjRx50V73Hrv2Urh1K RcPH9qVTB9Vp+HPlZje2pTB3qsy68AnFKFeD8KIZ8n5FtGzrSSK6jjojHB2Jso9p RBMoumJVEYKOWX58TbqHt+4z3s3ZwvGULVM7pNAWVA8RIQp+WMOugsHE1SV3D3bb DV73YjO1p/zKHvOGilOI3cIyHz523p+PDIpKUC3IUFEGBUFXm6R20BzGbhZIJs8y R1kWk0tK1J+6fu0f8wV3Q8ctYvFg1Ywo8f4WI4LPWmufbmn81KhJV/c+kglEwl0o vSpUM4ianpdNLK+9C31KO1NEvcLBLdU0zwKgFAlRSorCqgARbprRHdc82fHBftgZ UBLEkSthBW37Mo+HrHrAlbaNB/Uo7r1oi+/+TQZDzRcloP7iVCa05fiQ+w3Yogwx c5RNe/tSFKtlUQoD2vJmA5LffEWXG049exBRp+mDjbk/tJLRHwIDAQABo2MwYTAP BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBxjAfBgNVHSMEGDAWgBRhteBC 3ravpyDq9iTIp52FoFhT2DAdBgNVHQ4EFgQUYbXgQt62r6cg6vYkyKedhaBYU9gw DQYJKoZIhvcNAQELBQADggIBAHqni9ztZvbdyRDfUPHRkDI9j9qRssdTrnH5p+zE aOIO+o4aXyqS44PR/Nry5XrIrKQXLea43ewqF1GidWkoObpYPx9Qs+3DGbcW9cao Wj2g0Hc/UQdFrG+flMu/bC4PiQmSNBk57XqyWWWwdu0nRh1Dz9Q2vGiKm9Tbwis/ zl1UmcoiwXmEmP+6QVi/RUmZuwkblo5YTPrISEKUG4nJ+VJmy51txA3pvF831boI Yf/VS4xj6P734NwZE+lSaraBLBhkbN7YMFf/ixnHv7dyXlauw/YZ0v2u6balMbgy Tsm8OhspH4lhsPvH+4gGKcNWpk1iEPCrUbdk9CRTkIM6p66pEQLgglQjvQS+NLTO 2ao+VJpIAoshGBL4mOCqqvmrriu/tWuDnyLQWFgFFqfdx5Ppe4Qo4tXuqDX5zM62 8CdQUTOHMtRkcojYNUC3rZvuWhSpfoCYPV3Rd3TK+JGG10Lp3KDvMCWfyDpgaA8t UfjxlrBF9ICotJGHKUMpkTmDNWJtuOn8+P6aTihkfg2QaQPyq00+TtGOJwNEl2Da eIpljRZ1/A4scpt4imdisa4sRgWQEThX13YpI6jAfQnfh6vaWx96EzOBsvf+HO/C nmVf5Bnpcq/INRy++9P43eTYwzlO2UNgq3U2VxvLBVrYQ/w3JVcaPbVW6/Lv2yYw saDu -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQEL BQAwbzELMAkGA1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJ SG9uZyBLb25nMRYwFAYDVQQKEw1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25n a29uZyBQb3N0IFJvb3QgQ0EgMzAeFw0xNzA2MDMwMjI5NDZaFw00MjA2MDMwMjI5 NDZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtvbmcxEjAQBgNVBAcT CUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMXSG9u Z2tvbmcgUG9zdCBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK AoICAQCziNfqzg8gTr7m1gNt7ln8wlffKWihgw4+aMdoWJwcYEuJQwy51BWy7sFO dem1p+/l6TWZ5Mwc50tfjTMwIDNT2aa71T4Tjukfh0mtUC1Qyhi+AViiE3CWu4mI VoBc+L0sPOFMV4i707mV78vH9toxdCim5lSJ9UExyuUmGs2C4HDaOym71QP1mbpV 9WTRYA6ziUm4ii8F0oRFKHyPaFASePwLtVPLwpgchKOesL4jpNrcyCse2m5FHomY 2vkALgbpDDtw1VAliJnLzXNg99X/NWfFobxeq81KuEXryGgeDQ0URhLj0mRiikKY vLTGCAj4/ahMZJx2Ab0vqWwzD9g/KLg8aQFChn5pwckGyuV6RmXpwtZQQS4/t+Tt bNe/JgERohYpSms0BpDsE9K2+2p20jzt8NYt3eEV7KObLyzJPivkaTv/ciWxNoZb x39ri1UbSsUgYT2uy1DhCDq+sI9jQVMwCFk8mB13umOResoQUGC/8Ne8lYePl8X+ l2oBlKN8W4UdKjk60FSh0Tlxnf0h+bV78OLgAo9uliQlLKAeLKjEiafv7ZkGL7YK TE/bosw3Gq9HhS2KX8Q0NEwA/RiTZxPRN+ZItIsGxVd7GYYKecsAyVKvQv83j+Gj Hno9UKtjBucVtT+2RTeUN7F+8kjDf8V1/peNRY8apxpyKBpADwIDAQABo2MwYTAP BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQXnc0e i9Y5K3DTXNSguB+wAPzFYTAdBgNVHQ4EFgQUF53NHovWOStw01zUoLgfsAD8xWEw DQYJKoZIhvcNAQELBQADggIBAFbVe27mIgHSQpsY1Q7XZiNc4/6gx5LS6ZStS6LG 7BJ8dNVI0lkUmcDrudHr9EgwW62nV3OZqdPlt9EuWSRY3GguLmLYauRwCy0gUCCk MpXRAJi70/33MvJJrsZ64Ee+bs7Lo3I6LWldy8joRTnU+kLBEUx3XZL7av9YROXr gZ6voJmtvqkBZss4HTzfQx/0TW60uhdG/H39h4F5ag0zD/ov+BS5gLNdTaqX4fnk GMX41TiMJjz98iji7lpJiCzfeT2OnpA8vUFKOt1b9pq0zj8lMH8yfaIDlNDceqFS 3m6TjRgm/VWsvY+b0s+v54Ysyx8Jb6NvqYTUc79NoXQbTiNg8swOqn+knEwlqLJm Ozj/2ZQw9nKEvmhVEA/GcywWaZMH/rFF7buiVWqw2rVKAiUnhde3t4ZEFolsgCs+ l6mc1X5VTMbeRRAc6uk7nwNT7u56AQIWeNTowr5GdogTPyK7SBIdUgC0An4hGh6c JfTzPV4e0hz5sy229zdcxsshTrD3mUcYhcErulWuBurQB7Lcq9CClnXO0lD+mefP L5/ndtFhKvshuzHQqp9HpLIiyhY6UFfEW0NnxWViA0kB60PZ2Pierc+xYw5F9KBa LJstxabArahH9CdMOA0uG0k7UvToiIMrVCjU8jVStDKDYmlkDJGcn5fqdBb9HxEG mpv0 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDIzCCAgugAwIBAgICJ60wDQYJKoZIhvcNAQELBQAwOjELMAkGA1UEBhMCSU4x EjAQBgNVBAoTCUluZGlhIFBLSTEXMBUGA1UEAxMOQ0NBIEluZGlhIDIwMTQwHhcN MTQwMzA1MTAxMDQ5WhcNMjQwMzA1MTAxMDQ5WjA6MQswCQYDVQQGEwJJTjESMBAG A1UEChMJSW5kaWEgUEtJMRcwFQYDVQQDEw5DQ0EgSW5kaWEgMjAxNDCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAN7IUL2K/yINrn+sglna9CkJ1AVrbJYB vsylsCF3vhStQC9kb7t4FwX7s+6AAMSakL5GUDJxVVNhMqf/2paerAzFACVNR1Ai MLsG7ima4pCDhFn7t9052BQRbLBCPg4wekx6j+QULQFeW9ViLV7hjkEhKffeuoc3 YaDmkkPSmA2mz6QKbUWYUu4PqQPRCrkiDH0ikdqR9eyYhWyuI7Gm/pc0atYnp1sr u3rtLCaLS0ST/N/ELDEUUY2wgxglgoqEEdMhSSBL1CzaA8Ck9PErpnqC7VL+sbSy AKeJ9n56FttQzkwYjdOHMrgJRZaPb2i5VoVo1ZFkQF3ZKfiJ25VH5+8CAwEAAaMz MDEwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIQrjFz22zV+EwCwYDVR0PBAQD AgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAdAUjv0myKyt8GC1niIZplrlksOWIR6yXL g4BhFj4ziULxsGK4Jj0sIJGCkNJeHl+Ng9UlU5EI+r89DRdrGBTF/I+g3RHcViPt One9xEgWRMRYtWD7QZe5FvoSSGkW9aV6D4iGLPBQML6FDUkQzW9CYDCFgGC2+awR Mx61dQVXiFv3Nbkqa1Pejcel8NMAmxjfm5nZMd3Ft13hy3fNF6UzsOnBtMbyZWhS 8Koj2KFfSUGX+M/DS1TG2ZujwKKXCuKq7+67m0WF6zohoHJbqjkmKX34zkuFnoXa Xco9NkOi0RBvLCiqR2lKfzLM7B69bje+z0EqnRNo5+s8PWSdy+xt -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDKzCCAhOgAwIBAgICJ7UwDQYJKoZIhvcNAQELBQAwPjELMAkGA1UEBhMCSU4x EjAQBgNVBAoTCUluZGlhIFBLSTEbMBkGA1UEAxMSQ0NBIEluZGlhIDIwMTUgU1BM MB4XDTE1MDEyOTExMzY0M1oXDTI1MDEyOTExMzY0M1owPjELMAkGA1UEBhMCSU4x EjAQBgNVBAoTCUluZGlhIFBLSTEbMBkGA1UEAxMSQ0NBIEluZGlhIDIwMTUgU1BM MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9c2iT03QQ6RP2sgX/w6 fjtaXS/DDIdTPBiiyGFzDQgOVh7SbmClV2Xc/s9Qhg9aTqtiiwTKVu/h0Z6udK2q +j9BWNFVcHA+RckbgHP8CIjki3KoCrUpV7CtCpFBGpxfUH2sFxolWyHwlSvn3zes NPMHsPEdwRPvey46xalhkLJ4X1RQPLNaVWO2yxCjb/sN9Lbv5gjeohC/dpd/6tmW 0dTDcwJxtKmwrKwfFyClR0bWRAI4mb7LFHj+5l/Ef91v6apHFJAR2B2AwBXUjKCZ 4xkOCg/MGgic1FMHAOAfSb+CgkzPm9hu09QRABJsD31gZ0qMUNvyL+C5eYeDw1zC OQIDAQABozMwMTAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhMEXCqj90fBzAL BgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAC28jBXKNO1MKCK74VMlSzqX qe0moqSrTfsKEm7nNeZnDhiBYjalzMLfGuVoAYFOs5nURxUSnXbpoaYTHbD/fbtX 4+9Zm8g7UGnGYzqsoMHlkOhkKVxIQWk3rDu73eNVxteSDZWDsChXwqOplqfK3kwe mv8+pS4nXttmZyeF76uKXHN8iM1HZvCdg8yEj+Ip9B9Bb7f1IQ31lFZR4/z/E1i3 nwPuKZ/SAbBinpS9GYZaQ/pqiYGw6lwYh8qAlfvtAb8RGt+VFK4u4q/NkZC6syfD bxDY2Q60pXRsgbdfGcz+J06zRZhYGJxXxJJyEs+ngjnV4RCXCoYwRYVjqGtNmvw= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFNDCCAxygAwIBAgIQdiQz69smdlqFYM0KqC/hFzANBgkqhkiG9w0BAQsFADA6 MQswCQYDVQQGEwJJTjESMBAGA1UEChMJSW5kaWEgUEtJMRcwFQYDVQQDEw5DQ0Eg SW5kaWEgMjAyMjAeFw0yMjAyMDIxMjA0MzdaFw00MjAyMDIxMjA0MzdaMDoxCzAJ BgNVBAYTAklOMRIwEAYDVQQKEwlJbmRpYSBQS0kxFzAVBgNVBAMTDkNDQSBJbmRp YSAyMDIyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv3EBudWC8HY0 oSwtJZCqpjQTGpEewl3EdDqUORV0qoFp78mdR/vuATXI83G7nF9RLvmNjgQgKr/b Mx6gPO4Y57bMjAsgwEzleFclZka/sqc68iN5rS3huhrCX6MEINLyDOQ71MRA7GJC aNL6E3j1438eTu011mlikeZYBdkhvfpAVjCw90w8wcWDmqx66Y561T/RiXyz2uEh BBZAD43gV58eXStOeOTwAzEZYMrmp232GfmQKabYRfdIRus1avyuGea2nICEsRHE 8M2tdzwpGP7oIy2qHBFJJ+3AwmwQA4DjmDkJtCD+58awohQavRNhqjsGD+ZifG3V R4i6WrKv8OWqZzcZj3g3Elr5+fRMlz1GSqkWPBw1Ev8KWTHazSUKF7OMxm3XzyXx Qnw7fZF9GOVtx3adpfRPqYGgtbOP34EVkz4wsHvNMrvUrYcKymdOrnkTjlX26fIH UJpKGYkLk9q0jhMNKs4Rn8lj4pJ7YF33/ND4bjpV0ex1EAQz0iZvT37OnxNiuAZ/ +4Djf075UuNX2ecWnadOrN1r8NAParZIwUoSUnWhU8TqAWWRqzFURHUZuOMQcA0g eg4c9zqtBoUPgtQksbIAEsEXmDuRpwSIFjEkK11f5Eemfmfdg37KyIjQ67TRTmBA +kT9Q5JIm/e7m1ILg/HKckgLUOCnAMsCAwEAAaM2MDQwDwYDVR0TAQH/BAUwAwEB /zARBgNVHQ4ECgQITjtINlziX30wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB CwUAA4ICAQCdbE8d1c1DysKtrtYlApYIXTlY3N2XHNQ6gKoaVWsKa1TJ/ovrT+FV 3bmQLet3aSoEG6pTe/vLZSg8WiF7cn7WuF4XlQS3yA2Uu8/cg/S4owqhQJp6K/Xg 6UoSBad9Kog1H8deOfV8Nmb8a89zB4Yf8/AepId+Lr/3I6O7iub+PUT2QBXnksa+ cf0yf+49GhyMCILZvctNSQd4Vxr9EgRvBARTrAgNQ9sEOJ6myOz4iTFR7T2pIFP8 Cp15e8jEVI1q4IuHu3XlwJNk9f5k3gbwrzoy9P5rP8voQU3u9wh62JZa9U63b+u/ Ur1tsKb5Lx0YUedtHvpIiIRurEPxumW0twjrx8TrAcXRrViSL7dsXAoYC0dXo154 EE8jBAzgIIur7tJizxgXDEn4i2pu8Yd615YML9ii5BooEJ2j6fQ0nzyPRmx1Egw2 Fjlgzzceai4TUOcaCKab86yyu5MZIp+BiPR840nw5MggbRgYH2nFRBA70toVm4VF lbZs3reGmaICm4ST6R395OxYS1iYBm5kXm9tLb4pkIhUxrkgyuiwE+DsWceBjHAY aXnCgUGKtiG9tfBMUw3fChoPb9L1yKdNof3zXDdTloMqEpO4BFrmjco8kt1v0LUQ PhNZmQP4nqd4Hqx2384nPmWDXbQ+eePyxRteYGY0hJeDLVpyeYG8VQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDXTCCAkWgAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJLUjEc MBoGA1UECgwTR292ZXJubWVudCBvZiBLb3JlYTENMAsGA1UECwwER1BLSTEUMBIG A1UEAwwLR1BLSVJvb3RDQTEwHhcNMTEwODAzMDY1MjMwWhcNMzEwODAzMDY1MjMw WjBQMQswCQYDVQQGEwJLUjEcMBoGA1UECgwTR292ZXJubWVudCBvZiBLb3JlYTEN MAsGA1UECwwER1BLSTEUMBIGA1UEAwwLR1BLSVJvb3RDQTEwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCh/m8EBbDJhGQyN2+g5dTlsgjtaRKqhgj3gkYK BgtuXsXkaTVxbf99AvbN3QE8+WCIaPJUd0091UGmLzaBVyW4ct+iUNrX/FXyzjaf bNbbl1nfHhaZhkiOTVQhmY5zuj96evEtJMevnxe6iRADOPWnqp+CxT2IzcSFkQCq 7L2qn8hU2/LpXUvnAYglJZi8t6Ef+r03P1r8dA5OzZ8yV3qhD1R1wsNQtCzMgwcE rFRZhFZYuxpfmS5y0fZW0seeTjcdxHiR3whYI5U6AI7DjdWIrT9Cd9ByV4aevkBh qkePPIYGmUPXnnqCkdHdnzkMH0WP9TBhD2jTXZKdcFtTyEJrAgMBAAGjQjBAMB0G A1UdDgQWBBR4A+sMjKbTVXWkh7Tr0ZpmD0xzizAOBgNVHQ8BAf8EBAMCAQYwDwYD VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEARGJWATwo81x7UEQugNbi cL8IWXoV51SZVH3kz49fNUjVoq1n2yzfaMddlblbflDNObp/68DxTlSXCeqFHkgi /WvyVHERRECXnF0WeeelI+Q8XdF3IJZLT3u5Ss0VAB2loCuC+4hBWSRQu2WZu2Yk s9eBN0x6NmtopRmnf2d6VrcFA+WOgUeTjXiDkG52IaPw0w1uTfmRw5epky5idyY2 bfJ1JeVUINMJnOWpgLkOH3xxakoD8F1Fbi6C3t7MmKupojUq/toUDms6zTk3DIkc wd7PALNWL5U8TxNLoroTHSf/lzaOv3o9KDRa0FQo58bPI7MdbRWE4F3mS/ZIrnv7 jQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFfDCCA2SgAwIBAgIUBEnvw+saJCNaCMHdO3BiwRZ0iPIwDQYJKoZIhvcNAQEL BQAwVjELMAkGA1UEBhMCS1IxLDAqBgNVBAoMI01pbmlzdHJ5IG9mIHRoZSBJbnRl cmlvciBhbmQgU2FmZXR5MRkwFwYDVQQDDBBNT0lTIFNTTCBSb290IENBMB4XDTIz MDIyMjA2MzgyN1oXDTQzMDIyMjAxMDAwMFowVjELMAkGA1UEBhMCS1IxLDAqBgNV BAoMI01pbmlzdHJ5IG9mIHRoZSBJbnRlcmlvciBhbmQgU2FmZXR5MRkwFwYDVQQD DBBNT0lTIFNTTCBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC AgEAvw7zZpfUhl4Hf+vF5pULvDlzXBR9ONKfVjgYp/qo4A+JIcQssQP5TYCvhGGw TmWgvCbaSeuliWukieRKA8AhOiZSODwZsgG1kDuX2CVxfUAjkUg0xINTzDnnLQ6J IH36/dkUWX4s+09/oIvR4cmi4UrtgCrWj+dkG9C8RgfnRFK7kdXdQnU6DOZzp4nt q4ChFsVwWKao6sA20c2ysNmif971OmzqkdKqt8TJH1+EomXVMCBdJz9MWqYeSKFX rWBq4b45wbBNAaKApTuQwel0FmZExsx0F1y2VsP0hWfGrXZOsElxcdcwjYGuvir7 HITiDvR+hCek3qcZl1G+DYKhHbGnBJq+nTjkQ2sLdmESGPaUpqkNgBEgJqym1jRR Wt7LxEz6bpILu1PSUFtXUnThS5ALWpRhhU5FtD/8rfKiBiEgqxIzBAPNXF1/Cd/p 1WvduiNaJU+Dixgg+B2DB0isE3ooLTwwO9Gzaw3RP0j1Y+hpy7xttjhSHvdctanT 5/gMX99urCrx57rADP1+WIH+LmtYmBaZviq5hd4ynfbfULEIlw0osMXn5wWQkbS9 G4ZfQS/D54YxzcMpAxJXj4QIpRGlZhcR5hABo91qeCeqFXLCKuKyBqtHQaYUXmjn y11mptP42dqn8/6GdDgAMG7KXwV29hNAtO8Y4MiToegbBFcCAwEAAaNCMEAwHQYD VR0OBBYEFDdaCfvOJOHnZ8e+B2jM3CgfhDENMA4GA1UdDwEB/wQEAwIBBjAPBgNV HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQB4Nn8yCcRzfmvJlUPchRWD v68tbkWNPQL7acXYQB554bhrVSvVwFAXFY6Jrwz5gRacxAcdhvU3eqk1H6diIOLB mJf4mvqZLVfrft/02S9P+3AERGASYGgeHbPNc8Sq2Je5q0KNHwzgOoGCxSNmvvhc +m6VG/y8n2f3riyTMWCtMwkhVIOlQl4Z6z2xn/isDfR0X3LTCAa3Kxd7YHwstzZh H0CNZG+O8bmz5XLWdr0N8iZcZqtrhJOV0rXMT46xajKT6S6jSxb+aBPQs5nbriyN VNnCFBBeZUAMqvfF98MRso4MXa1S6uC6ylCnz3xBXa3yI5sXv7EsA/eOYaM2p9OX cVha9V3eVC4zsvMJQI/Z1q82hNLGOtnvdSWg7M9KgdN9Ahr279Fhx4hiBwD86MUr cwxgPi+ZQt0UkjK50UkRK5XOSEqPjyxyrx8fGx6T9TDMJGnFZPAtrthQvfhmIZpu bLG2GswFOYwU3Ne9odorAku5wCgt0pCAlXmUoKchXfvNGA8u0zMPOCp3LM2UA3bb JKcpNVPwVG0PYlEyOq6Vf8yRbbZS1vVGhhiQdhnspfa2YepMOix5xiMRGSvq0GQQ fE5LbB4iUDbwcU0eYf9KStnvg3KVdr4dpMn6w3RWtXg+iui3q516vB+Jg+HpWgWr OEv8p1O+EtEMkB8Ag3EI5Q== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFnjCCA4agAwIBAgIQTwAboSS9y4hIvr0/K2LHxTANBgkqhkiG9w0BAQsFADBg MQswCQYDVQQGEwJMVDENMAsGA1UECxMEUkNTQzEsMCoGA1UEChMjVkkgUmVnaXN0 cnUgY2VudHJhcy0gaS5rLiAxMjQxMTAyNDYxFDASBgNVBAMTC1JDU0MgUm9vdENB MB4XDTE3MDUyMzA4MzY1MVoXDTQ0MDUyMzA4MzY1MVowYDELMAkGA1UEBhMCTFQx DTALBgNVBAsTBFJDU0MxLDAqBgNVBAoTI1ZJIFJlZ2lzdHJ1IGNlbnRyYXMtIGku ay4gMTI0MTEwMjQ2MRQwEgYDVQQDEwtSQ1NDIFJvb3RDQTCCAiIwDQYJKoZIhvcN AQEBBQADggIPADCCAgoCggIBAM5qqkgKQ5dZxvKs9h3uEtp+Nojn80ib+bhuQ627 1xFC1h6daAja6riieuV9PTLPlIDuvz7mTqmeHcdJPycG/Bnvt9iPGZLBQjibTUDL hgG/rZE5jIsfo6tuaKGz03rZbCgDdFtJB8hAoVattUFLJaW5U3OBRmFVBOAns6tQ 5B8IsuXzkn6shRzbnfpnejD/7i/yMbODkIKlGerLyu1B6YBirzDQhRw1rSJZGFXW FDiAm5qvigQIxu2Jtb8IFn+xbVsY2TqIxBkXNOJKRcNKoQWJd4TP7CQ/IfBNwrvS cwtLq4v3WpBfTBalqE/I6b5yDrzNuAwszoC6BfbkSceebzxQTjoURVSqcChkZHJD GlbFyTNeee94i8OU7yU75TvLU9uzbPueBUL/eTrztTn/zj5jGvsX6708joU4F+QE mtpT4pk5NayYfYWDtaOLCek5+H89kDHDFn7cr78p9EN5pcT9X1vS9ctW89sW1xqs 8+Zg/VHTPIxVKBEA1UTOzNGdLeMGasJZy3Qu4oNYZFaf/g4ALU0l8FKLWN5meu/A VD9T3xFtZ7LJLrjCqRacxDSHSe9D+bEQw9gumzDbQyrJj0oDEIN3zjPWFnHOIrAW CMmXs9Up0E0OLEKtLv3X13W+MfrYXye1a70AMM5ynLtAEiCgFkWvLWLGlxldQzhP tPrBAgMBAAGjVDBSMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0G A1UdDgQWBBQaJgFPI/EPoA/cVSE73pO7zP4uHjAQBgkrBgEEAYI3FQEEAwIBADAN BgkqhkiG9w0BAQsFAAOCAgEAqBjnjcUJZw9bjWfX/BKRdS+SRkdTZ161zl+xfw8i d4ygK0447bqkbNi6WGfA+7mVIHQIYTYkfiWp7kknSuHRmxVKiskrgoQusG+b4rDQ wZbXNDWW3FRfjamDQnEJKFG1Kb2hO7K6fXHPwh+I4BpUjeMRRDKnkPADw/i+crZb 4LS8v2s2k46hAaxZUUnIniyIk0Jw1x3nisXDSChpxeXFIdvI72tiFD0vbFP3sRUy PIAUQxbguTkW3YwQ2zltgLL/fpfPTJlbahkYsOdJxH9aBu+J+IgBOLXp1iCXO37G FJUFstj7Zyr47+ojEaft6gfqvWiPs4Msi3O69hvhai50yjkppiH1V3h4WyY/8dA2 uvA2Xr6/0rKnT13x1EqNd1fAGHDHphYnuOyC2qPoZPWchUaRoKC1FvuOZRxN9oHb cppDzJkaepfSazafUu91aCxCRohZRNZPkhsFuY8LmtBx0k6hG6yBHAERiRPOLtif VeAe/ngUw0GnTvG7HQi+dQt1bP12z5xlTTceIks1cpj08R/aPxJGRRATeVQzH4pt 83si5mc8M3696NOKDQuYC73N9LC+kcIh6wAoThKAktwrowAmwpvbyV36F2cduAat ZmFSHJpJWYvbDlShWOKNNzShe43FvNqKqNJYcLFi9rBcwBJ3snaGfy+o1B3RfKfi mvA= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFbjCCA1agAwIBAgIPQupbClERJnzYJ3S3339xMA0GCSqGSIb3DQEBBQUAMDMx CzAJBgNVBAYTAlBUMQ0wCwYDVQQKDARTQ0VFMRUwEwYDVQQDDAxFQ1JhaXpFc3Rh ZG8wHhcNMDYwNjIzMTM0MTI3WhcNMzAwNjIzMTM0MTI3WjAzMQswCQYDVQQGEwJQ VDENMAsGA1UECgwEU0NFRTEVMBMGA1UEAwwMRUNSYWl6RXN0YWRvMIICIjANBgkq hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2++iQ27Iqf1u19+sopKEochZoAyaU/7v rswZDXKKpMIzI+/nBnLqbUs6QVIPyUgOLee6ZO6iOkxjXGYpi9+piMW96PH3jkv8 ATxEEjkqcKLA28Wi31/HS8ao3D1hfEpYwUQyk95wmaEjJlY/o+HqXzBG2Hj1MKOW CYmwPfGGkwW2EmoYjfClZDsrh2RePReOC27mmMyXODggjHBaaSu9ZY3NN1lcbNFy dFkGTsi3Add3v/BIhqizGl1B1DcXERBfSm6NdcUDQH0hrgDw2/yfbDpmpN/3yt+A ZlrZ2H8UoiYZ9K4LIeDKPgXdFth+WdqhsGnDnTQT+mVJOYfudi+NvTwnGQNOrQ4L KyzGLnETNSlX6XDcG1HqzZfxlY2yhvomBi+AGpXxmDvu9uWGpc4bAeX06TPKD1VE X2iKLMdbZijdlkuDnV4dfhjV/rJg+5pRaMOWjB9oS1BSCzbmMSfk1ykMG9obL+EE U7jUeUmwO4FeCIgid+IpwK5yqqu0clK9bLv1unjZnLggbzCNSp0y+fQB5mJ5mEJA BXpvHCo/tfvfzRhAjuUQxDlbVvE8VwWr0jlNP/iLI8druUCx4v7/sxwKaR+bjA+0 H+AK3kj9jV+PmfUBdgU2XY7cM45RbhHiQf3Mt40qXz6S5fKx4KQj4qK3xo0YmylK 0UZ/9GQgGN0CAwEAAaN/MH0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC AQYwHQYDVR0OBBYEFHF/Nd71d3FtHRKc4ZCkuvCpg4+AMDsGA1UdIAQ0MDIwMAYE VR0gADAoMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LmVjZWUuZ292LnB0L2RwYzAN BgkqhkiG9w0BAQUFAAOCAgEAjK2ccqW1Z3ZnOIfpOoz+nVk1vpDxAwCgWNiY0b/8 /PNQ3LRl1dq68IwufA3mCZFfTaP2XXicWF1qcJSjr9svAMkDQGvfUQMWGYwrvJk2 9sCtkhgTjKftHdLfA5AF7LCTmJv3TVoT+Oeb9zZ23nwm+BE4T0lOs3MfXydb4Z4y HvbAmBvZICxclo2GyQtF15Ktir3qV6KjVrYgPOyyxzl+sID+vVErKrTDcmnD+Ucu bv+ch+3cdcsQiOC0zi4OUx0L6G4eQkzQvjl4dckU3ieRc6rsaoDw8BeWYk++BMvi p+VdD5NFy1lIJhPe3bH1CtoWsagdj35YG7fVCd6Ia86EPqi+UmLK0qGhx8s8FuB2 VjA/5g9rBnf+ZJ1aanN87t4h6ZpJlze2hH+ikT5F+9daBsWHNdy6SEyGAQhHNrY4 UJURmXPRN0kK+kJPLxBU00GQ+sjcuxHcDcx9fJvcDpFxhk248hWaKzgXEaHynqhs nOPOruLmS4vyigY7B3cCEe6D6p1mhsrwYqnVV4OkFfFFFP4adX+lD9xSdFl1Cvj7 VUGpXI0xRN3NlE4z0RtBqtvXoTzwxUhtRUE1tXmD5vlN8VY4179AIvsggOMcwllG B2MCYQA7m1C7Q8Ow6QqauHb0R2FVZHBPN9mcEaMTsuHdQEK7mNegBovmaFdLDjho f7o= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIExTCCA62gAwIBAgIESbY1GDANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJT QTEyMDAGA1UECgwpTmF0aW9uYWwgQ2VudGVyIGZvciBEaWdpdGFsIENlcnRpZmlj YXRpb24xHzAdBgNVBAsMFlNhdWRpIE5hdGlvbmFsIFJvb3QgQ0EwHhcNMTIwNDI5 MDY1NTIwWhcNMjkxMTI5MDcyNTIwWjBiMQswCQYDVQQGEwJTQTEyMDAGA1UECgwp TmF0aW9uYWwgQ2VudGVyIGZvciBEaWdpdGFsIENlcnRpZmljYXRpb24xHzAdBgNV BAsMFlNhdWRpIE5hdGlvbmFsIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDj5CziDK+WOay1n4cRF/Ojv4FFDfMaDLoy4kzop4bbXNK52zVK Ls1+cYIk+twf8uS8zrfG4sreKWjP7yRbv6YVz57jaUuUufz7nNhjpblp383u3Mhc wKD+KRWTvz2Gg1W1lhy9p3DatwXkOZO/pXnk9ZNGGPLbDecqd2YMgCdKPjzdT5A1 xmuBqj1vCaWMLiFXC7AKkOqhHvpYDUmnzyuyqMA46RPalFhAki/lOL22iSZzhIGN 60pZNDB4KuqLFkjBN5J1mI0KSi5/2xKO1ik5MCvuvYC2KOlXcBSCfYST/gk1vGD1 GHVQlBQkWkwYlxNCogT8mb2oWpvRZ7McG/KfAgMBAAGjggGBMIIBfTAOBgNVHQ8B Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAzBggrBgEFBQcBAQQnMCUwIwYIKwYB BQUHMAGGF2h0dHA6Ly9vY3NwLm5jZGMuZ292LnNhMIHkBgNVHR8Egdwwgdkwgaag gaOggaCGKWh0dHA6Ly93ZWIubmNkYy5nb3Yuc2EvY3JsL25yY2FwYXJ0YTEuY3Js pHMwcTELMAkGA1UEBhMCU0ExMjAwBgNVBAoMKU5hdGlvbmFsIENlbnRlciBmb3Ig RGlnaXRhbCBDZXJ0aWZpY2F0aW9uMR8wHQYDVQQLDBZTYXVkaSBOYXRpb25hbCBS b290IENBMQ0wCwYDVQQDDARDUkwxMC6gLKAqhihodHRwOi8vd2ViLm5jZGMuZ292 LnNhL2NybC9ucmNhY29tYjEuY3JsMB8GA1UdIwQYMBaAFPyZmEEX4/M9Hv23cqm/ oxbkKumqMB0GA1UdDgQWBBT8mZhBF+PzPR79t3Kpv6MW5CrpqjANBgkqhkiG9w0B AQsFAAOCAQEALpUOix3h+/qcQm1Ai7/f7DMESwUOXCI2H6QClDh1/AhZm52FvznN m86ATFaGmU1zZvW2Asm0JEiPC2Pzjn8xgZt8WXeRtSMIeXptPsXVD0eCsO+XLic0 uYfR1AV8Xz0hN6R/yavRmJD3S5EYrsTpI4nou2DGS88L2PcrfSWM4DZk5KuqeD02 +qL0SZIDtRnu13JgsP7JB2q4YAWZP31WBHBI3TPGSOkB88LqRXGaQ1r9vhkzM4ne PFjJEodWE2EmHpEQQ3y8Hgw+0Fp8SX523G4BHUuSqdlm5Xod9LiLYC7slSz/TWTI 7CUAD9jzEqpL1/PSBmXeLdniE6YHskWu6g== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEWDCCA0CgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBzjELMAkGA1UEBhMCWkEx FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTEWMBQGA1UEBxMNU29tZXJzZXQgV2VzdDEq MCgGA1UEChMhU291dGggQWZyaWNhbiBQb3N0IE9mZmljZSBMaW1pdGVkMRowGAYD VQQLExFTQVBPIFRydXN0IENlbnRyZTEdMBsGA1UEAxMUU0FQTyBDbGFzcyAyIFJv b3QgQ0ExKTAnBgkqhkiG9w0BCQEWGnBraWFkbWluQHRydXN0Y2VudHJlLmNvLnph MB4XDTEwMDkxNTAwMDAwMFoXDTMwMDkxNDAwMDAwMFowgc4xCzAJBgNVBAYTAlpB MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxFjAUBgNVBAcTDVNvbWVyc2V0IFdlc3Qx KjAoBgNVBAoTIVNvdXRoIEFmcmljYW4gUG9zdCBPZmZpY2UgTGltaXRlZDEaMBgG A1UECxMRU0FQTyBUcnVzdCBDZW50cmUxHTAbBgNVBAMTFFNBUE8gQ2xhc3MgMiBS b290IENBMSkwJwYJKoZIhvcNAQkBFhpwa2lhZG1pbkB0cnVzdGNlbnRyZS5jby56 YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALd8aXxg9Wwm9KocF39d 1BFL5/Pa53On+qRCSWg/2qVAXAZoX07Mvb6BOCQtzCagRG0DyyPgu96FU0uUX197 qsgal/7XI5PtsGq92PwAPrOSBOBLvk87mKed7c1j8IHnbJjUbGBVAOW5POY0lV3g /XGH6f+B7uV3bxj/88l8pZXdgtwU2aLhvs0nc7tFWz90sWJ4ZhAiLPVo8xeIFjua Gx37FK4NuvKQVaLVMNYrlTLHOW57ZdJ3OM5uVqXZI6s4sjtRhcAdG7cRLwVpR9gC ypKo4TPehQib7ZDV2CGZcb+29XPvZwiYZNLyKnpLIRbhH1hh3pFHHyGfH/6MI4aD GCcCAwEAAaM/MD0wDgYDVR0PAQH/BAQDAgEGMAwGA1UdEwQFMAMBAf8wHQYDVR0O BBYEFKudI5P9HzNKMi2qJFryLWSpAZpBMA0GCSqGSIb3DQEBBQUAA4IBAQBWUlG5 DwLh9i6csTFapvjOvO4ChBUJ8ShSX+fhLL3beQp6v+tintWGRynudDDsTHW1HuOq M++t4WpMvzcBvlWDTKlS2DeYUG9o3UdBtywwyG5MByzG00m5tVzSy8zUNsYHDRhP P2MAxOy2iPsBZGOt0fd3fGRUKxI9NBWF8KC6eSlfmJtC6q7BqJ8TiYpt6bg4yWHt YOz3KlgFm6FgeIMX4X5f6P144GtWKoZ2rlvCXutF5DC4Me1ksV0uwD2ADccnE9N2 4ob73NuACoHh/Qj5C8QxtGNb54wz5Qa2Umqz1+lr4zJ4MmaUTt2Nd23TJChbVGF3 Amd1lEtXS+ZsxTlv -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGWDCCBECgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBzjELMAkGA1UEBhMCWkEx FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTEWMBQGA1UEBxMNU29tZXJzZXQgV2VzdDEq MCgGA1UEChMhU291dGggQWZyaWNhbiBQb3N0IE9mZmljZSBMaW1pdGVkMRowGAYD VQQLExFTQVBPIFRydXN0IENlbnRyZTEdMBsGA1UEAxMUU0FQTyBDbGFzcyAzIFJv b3QgQ0ExKTAnBgkqhkiG9w0BCQEWGnBraWFkbWluQHRydXN0Y2VudHJlLmNvLnph MB4XDTEwMDkxNTAwMDAwMFoXDTMwMDkxNDAwMDAwMFowgc4xCzAJBgNVBAYTAlpB MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxFjAUBgNVBAcTDVNvbWVyc2V0IFdlc3Qx KjAoBgNVBAoTIVNvdXRoIEFmcmljYW4gUG9zdCBPZmZpY2UgTGltaXRlZDEaMBgG A1UECxMRU0FQTyBUcnVzdCBDZW50cmUxHTAbBgNVBAMTFFNBUE8gQ2xhc3MgMyBS b290IENBMSkwJwYJKoZIhvcNAQkBFhpwa2lhZG1pbkB0cnVzdGNlbnRyZS5jby56 YTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMp4Gge89vu0t4m80BlW OCpZnQfqGvn4+GhnXo/vyvf1aonmo5V/qdspJBw10DiWbD5WJP9eYlGQLofonMfa vDPxnqFvC44KJPT4TZCmss1eEdPCl0z1X0AdJiRNjQkQC/+7IBuTJhkMQz/pjrwx NxBukcpIglZGx7y5Op5GgWbP2ehcEM85nmXDnsVa9EvMRJlmhvRyG6NTSequR80y DXDmoKB2B53/WO/kPJHAteTcuAEM0/6zQqA7YQLUN1vXTEWV0nVd9W4wX1dRi7L/ fsiLnKqjQTcMEJGopoVcucePBVGy0HjS4ktJ6dQapzusqjPmmioDQJhvdFITMZTR EsG0yzD5/0S4kltS1jDZM9F14xmlFhW3VFfxVlDOTr4DOy/stjDuFGBeX3o19E5k BxHqpQdmG26T4rBPXtbgROCz3K7vuP2os+zs5TmIRLShuxRgZI/WkpPL88xQ3ekH yGdn+fCHhJGyAGLpv0oVdMW/BEwFRl0Ky+XqYQDhb0GxNI6mAKJ8pqWm+mxMQ+Wo Jpo0mB6HmOdMeNGPnwVVXYpLyc+gC30GkJwYkrLEstfjRdlrc8OXOb8pHgYJVUC6 vNpIdUPt/kR+PSzmYpED/T2J7370XSSPpQsrsz56KSi8uz+/63eFBCaLlLKQ9euN T6JEIlConCpESAB4GaudCJYVAgMBAAGjPzA9MA4GA1UdDwEB/wQEAwIBBjAMBgNV HRMEBTADAQH/MB0GA1UdDgQWBBRhs3lSnUqVklGOgiRw045AyMVm0DANBgkqhkiG 9w0BAQUFAAOCAgEAf8azJIRQN/nEsMUwPBbpUA16urQ70iPl6Yl4auXjGwUekRzO BpeNZhYHRO+BuQh+o8c5NLi/mm2NsMEgQi4N9wsGA09uy7y3sC8ZcY2OrwpNWDGL RJkqKGaFx4AmZrBHwjmy+k8+Vb3ciSdLczME/ntHkMkFwC0z+LcIgilBQ/0mU+b6 HzdWjU8Xutj9OoRw2D7wM67EBUhUobnVIT/qPsepMUf3m65KYpjRZyBl3nnhsTIe a9/7gGtHXDnHDgiqx6PuKek04pv5dbgm64idtDkRLnD9UQQyuw95hFAhRXwv5Nn/ JTgGI6tOsQ7cOzEKrdpLAGlrLuLDDMkFAUVm4aWJYRxkmY0LmJCzfmY7C9ir6HUO 2X+abn3JgyfJvOg0OMJahzJyBwz+1ZTR8MB48oCoRvVrmuzi2RaOivqE9tFSyZyy IVZgQ6YQ939Jv74H01BkbQK6KlUsz9nCbq98C0jQ8eGnwq10j4bk7ar6XIN9Quh9 Bx0HVcwraTK5d4JoxnfyImmmyQpdh5nlcZ59LxMe0vT9CXknWCsKh4Eq+2ojLUsk hXQWRxgPCcX+qUgk46zQaT1fU5gyvezgUcFTSrH2O/A0SPWa3tzR4OO9JbNE6Dpz yXnQrNHt4gAKX6EdZllKc2jUBXIzOKdrr5HbDceMQOiekIjJ+/4k14Gs894= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGWDCCBECgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBzjELMAkGA1UEBhMCWkEx FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTEWMBQGA1UEBxMNU29tZXJzZXQgV2VzdDEq MCgGA1UEChMhU291dGggQWZyaWNhbiBQb3N0IE9mZmljZSBMaW1pdGVkMRowGAYD VQQLExFTQVBPIFRydXN0IENlbnRyZTEdMBsGA1UEAxMUU0FQTyBDbGFzcyA0IFJv b3QgQ0ExKTAnBgkqhkiG9w0BCQEWGnBraWFkbWluQHRydXN0Y2VudHJlLmNvLnph MB4XDTEwMDkxNTAwMDAwMFoXDTMwMDkxNDAwMDAwMFowgc4xCzAJBgNVBAYTAlpB MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxFjAUBgNVBAcTDVNvbWVyc2V0IFdlc3Qx KjAoBgNVBAoTIVNvdXRoIEFmcmljYW4gUG9zdCBPZmZpY2UgTGltaXRlZDEaMBgG A1UECxMRU0FQTyBUcnVzdCBDZW50cmUxHTAbBgNVBAMTFFNBUE8gQ2xhc3MgNCBS b290IENBMSkwJwYJKoZIhvcNAQkBFhpwa2lhZG1pbkB0cnVzdGNlbnRyZS5jby56 YTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANvc7UiaoKOf4BGO2ciS dTpVwVEiygt6pDUNxeZXLYPwKm8iODcxbXyFJKIGL0OCPUUwQCUc7lhHQebwngAe +PQvEbuSsphFLdMfgMl2FBPDzEDmres5YPzPyN8q/YwSUe/PDGTGV+gjUV3nZlLq Zr2Tf516KPEZcG6EnzBHt7A5axMs60tNLq8/v/0CE0o55z4zxRCRUb4PR51NUvws 8+MTogCC4RQMzdKes/Lggdq+mZJT432Zd0Ph4UgpgZ7WBVc6cdw+mK1YcG9Gu34y A+KDm1lX9/izzVQW7LatoRwaktHUKZ6PzbPofVDxwoKsur20dVag9UVdGH0sjPF7 QcyGsZqESwoqXZuW4c36qxYnQeeVNabLiqeW86XMUfktfR5D+9xttbk4vQX7WPou 0+xeZC2vWAFKfCJG00HLPeSWXklDOLuJ6/ScaTkSA1yEu+WMHurgZrvAv4z+ngpN PWg/QHbWMqnqRbhqB1KOzVHxXShjDNNZOPzJ/YLJRSC85ujMogzLe2Q5SUZF9XMc apcg6yFC97QgUrdK/XW8yw8MZxFXH/cw8auQzF08lgVi08pVAUtGxYCHHHLQc1Qh 6tejnNOuf9RT2Sj8V97lP1JKu8gmJEdTHHO6z8a0MM1eccdWvEk4JebFEAl42dQd XM1u7duRXKFTFFaqjSeppo4bAgMBAAGjPzA9MA4GA1UdDwEB/wQEAwIBBjAMBgNV HRMEBTADAQH/MB0GA1UdDgQWBBQWhC37G+e0HmiY00IgGm5+T5FXAjANBgkqhkiG 9w0BAQUFAAOCAgEAe+MNYzpkIG3M/Cy46dar29erJilHogxW7XXMlZlSNssg+xE0 F0JOdQWw2OS4sIQvmBm5+9A5bHIGGMlcinp0CDdIaf0ioV3F13gT8ChCQcPJwzkJ B9Sh+DciaeTfMlVvwny5k/GyN3XMrtIzlow29wHt42TpC2hbEKoBNpl8z5qUXf0a WWGiZRV9nhdk1J9TmAH9cVfQXUARFj8/RNKvyfwIMn12+NVD6Nw2aAfDTsOWl1fG fTZe23Ct/q7UiJ21pGDWo2K+fPk0Hvy79EpyxYMeRmjDDpeDGD3TDgoRNXxplcWr KvXIORBNDIkwKYlJG0SXkfTqZSEbPwpDcoIcbRFd4CJFX2FMoqb636NGuuGBYGwy tPzk3DYF5DP36493SaqNCu9IiuZBl347q0OH8ghgC2/XWWb9K7svzjNPcuC217NT V4nwO7xu4hC/cz5ij6UI6VNnwU7BLkJDp7Kk+RaLQu7cNH9Is5DbJOLI5FM1U5zq N4XPv5gGNUcm165t3YSpY1gmQfV1Mi5hnk+TUlL2WiPrwaBzJiUiQpGRkYBP/4jO XnPnlsLtCRL3dpapeWKQSYGDnwwyMuJbyt1INKyHjnGVrkzkfHgdp1HDvRH6AtGV iXMIRiKJaQDPT4DBTVuUxMqZUZgvDb19VGTUCtonWac3u1YM0AaicrkSuVs= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UE AwwJQUNDVlJBSVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQsw CQYDVQQGEwJFUzAeFw0xMTA1MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQ BgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwHUEtJQUNDVjENMAsGA1UECgwEQUND VjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCb qau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gMjmoY HtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWo G2ioPej0RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpA lHPrzg5XPAOBOp0KoVdDaaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhr IA8wKFSVf+DuzgpmndFALW4ir50awQUZ0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/ 0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDGWuzndN9wrqODJerWx5eH k6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs78yM2x/47 4KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMO m3WR5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpa cXpkatcnYGMN285J9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPl uUsXQA+xtrn13k/c4LOsOxFwYIRKQ26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYI KwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRwOi8vd3d3LmFjY3YuZXMvZmls ZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEuY3J0MB8GCCsG AQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeT VfZW6oHlNsyMHj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIG CCsGAQUFBwICMIIBFB6CARAAQQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUA cgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBhAO0AegAgAGQAZQAgAGwAYQAgAEEA QwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUAYwBuAG8AbABvAGcA 7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBjAHQA cgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAA QwBQAFMAIABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUA czAwBggrBgEFBQcCARYkaHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2Mu aHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRt aW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2MV9kZXIuY3JsMA4GA1Ud DwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZIhvcNAQEF BQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdp D70ER9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gU JyCpZET/LtZ1qmxNYEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+m AM/EKXMRNt6GGT6d7hmKG9Ww7Y49nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepD vV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJTS+xJlsndQAJxGJ3KQhfnlms tn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3sCPdK6jT2iWH 7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szA h1xA2syVP1XgNce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xF d3+YJ5oyXSrjhO7FmGYvliAd3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2H pPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3pEfbRD0tVNEYqi4Y7 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFvzCCA6egAwIBAgIQANKFcP2up9ZfEYQVxjG1yzANBgkqhkiG9w0BAQUFADBd MQswCQYDVQQGEwJFUzEoMCYGA1UECgwfRElSRUNDSU9OIEdFTkVSQUwgREUgTEEg UE9MSUNJQTENMAsGA1UECwwERE5JRTEVMBMGA1UEAwwMQUMgUkFJWiBETklFMB4X DTA2MDIxNjEwMzcyNVoXDTM2MDIwODIyNTk1OVowXTELMAkGA1UEBhMCRVMxKDAm BgNVBAoMH0RJUkVDQ0lPTiBHRU5FUkFMIERFIExBIFBPTElDSUExDTALBgNVBAsM BEROSUUxFTATBgNVBAMMDEFDIFJBSVogRE5JRTCCAiIwDQYJKoZIhvcNAQEBBQAD ggIPADCCAgoCggIBAIAArQzDoyAHo2P/9zSgze5qVAgXXbEBFafmuV+Kcf8Mwh3q N/Pek3/WBU2EstXXHAz0xJFwQA5ayJikgOgNM8AH87f1rKE4esBmVCT8UswwKvLD xKEsdr/BwL+C8ZvwaHoTQMiXvBwlBwgKt5bvzClU4OZlLeqyLrEJaRJOMNXY+LwA gC9Nkw/NLlcbM7ufME7Epct5p/viNBi2IJ4bn12nyTqtRWSzGM4REpxtHlVFKISc V2dN+cvii49YCdQ5/8g20jjiDGV/FQ59wQfdqSLfkQDEbHE0dNw56upPRGl/WNtY ClJxK+ypHVB0M/kpavr+mfTnzEVFbcpaJaIS487XOAU58BoJ9XZZzmJvejQNLNG8 BBLsPVPI+tACy849IbXF4DkzZc85U8mbRvmdM/NZgAhBvm9LoPpKzqR2HIXir68U nWWs93+X5DNJpq++zis38S7BcwWcnGBMnTANl1SegWK75+Av9xQHFKl3kenckZWO 04iQM0dvccMUafqmLQEeG+rTLuJ/C9zP5yLw8UGjAZLlgNO+qWKoVYgLNDTs3CEV qu/WIl6J9VGSEypvgBbZsQ3ZLvgQuML+UkUznB04fNwVaTRzv6AsuxF7lM34Ny1v Pe+DWsYem3RJj9nCjb4WdlDIWtElFvb2zIycWjCeZb7QmkiT1/poDXUxh/n3AgMB AAGjezB5MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQW BBSORfSfc8X/LxsF2wFHYBsDioG3ujA3BgNVHSAEMDAuMCwGBFUdIAAwJDAiBggr BgEFBQcCARYWaHR0cDovL3d3dy5kbmllLmVzL2RwYzANBgkqhkiG9w0BAQUFAAOC AgEAdeVzyVFRL4sZoIfp/642Nqb8QR/jHtdxYBnGb5oCML1ica1z/pEtTuQmQESp rngmIzFp3Jpzlh5JUQvg78G4Q+9xnO5Bt8VQHzKEniKG8fcfj9mtK07alyiXu5aa Gvix2XoE81SZEhmWFYBnOf8CX3r8VUJQWua5ov+4qGIeFM3ZP76jZUjFO9c3zg36 KJDav/njUUclfUrTZ02HqmK8Xux6gER8958KvWVXlMryEWbWUn/kOnB1BM07l9Q2 cvdRVr809dJB4bTaqEP+axJJErRdzyJClowIIyaMshBOXapT7gEvdeW5ohEzxNdq /fgOym6C2ee7WSNOtfkRHS9rI/V7ESDqQRKQMkbbMTupwVtzaDpGG4z+l7dWuWGZ zE7wg/o38d4cnRxxiwOTw8Rzgi6omB1kopqM91QITc/qgcv1WwmZY691jJb4eTXV 3OtBgXk4hF5v8W9idtuRzlqFYDkdW+IqL0Ml28J6JNMVsKLxjKB9a0gJE/+iTGaK 7HBSCVOMMMy41bok3DCZPqFet9+BrOw3vk6bJ1jefqGbVH8Gti/kMlD95xC7qM3a GBvUY2Y96lFxOfScPt9a9NrHTCbti7UhujR5AnNhENqYMahgy34Hp9C3BUOJW82F JtmwUa/3jFKqEqdY35KbZ/Kd8ub0aTH0Fufed1se3ZoFAa0= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsx CzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJ WiBGTk1ULVJDTTAeFw0wODEwMjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJ BgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBG Tk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALpxgHpMhm5/ yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcfqQgf BBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAz WHFctPVrbtQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxF tBDXaEAUwED653cXeuYLj2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z 374jNUUeAlz+taibmSXaXvMiwzn15Cou08YfxGyqxRxqAQVKL9LFwag0Jl1mpdIC IfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mwWsXmo8RZZUc1g16p6DUL mbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnTtOmlcYF7 wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peS MKGJ47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2 ZSysV4999AeU14ECll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMet UqIJ5G+GR4of6ygnXYMgrwTJbFaai0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUw AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPd9xf3E6Jobd2Sn9R2gzL+H YJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3 LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1 RXxlDPiyN8+sD8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYM LVN0V2Ue1bLdI4E7pWYjJ2cJj+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf 77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrTQfv6MooqtyuGC2mDOL7Nii4LcK2N JpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW+YJF1DngoABd15jm fZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7Ixjp 6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp 1txyM/1d8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B 9kiABdcPUXmsEKvU7ANm5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wok RqEIr9baRRmW1FMdW4R58MD3R++Lj8UGrp1MYp3/RgT408m2ECVAdf4WqslKYIYv uu8wd+RU4riEmViAqhOLUTpPSPaLtrM= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICbjCCAfOgAwIBAgIQYvYybOXE42hcG2LdnC6dlTAKBggqhkjOPQQDAzB4MQsw CQYDVQQGEwJFUzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNlcmVzMRgw FgYDVQRhDA9WQVRFUy1RMjgyNjAwNEoxLDAqBgNVBAMMI0FDIFJBSVogRk5NVC1S Q00gU0VSVklET1JFUyBTRUdVUk9TMB4XDTE4MTIyMDA5MzczM1oXDTQzMTIyMDA5 MzczM1oweDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQtUkNNMQ4wDAYDVQQL DAVDZXJlczEYMBYGA1UEYQwPVkFURVMtUTI4MjYwMDRKMSwwKgYDVQQDDCNBQyBS QUlaIEZOTVQtUkNNIFNFUlZJRE9SRVMgU0VHVVJPUzB2MBAGByqGSM49AgEGBSuB BAAiA2IABPa6V1PIyqvfNkpSIeSX0oNnnvBlUdBeh8dHsVnyV0ebAAKTRBdp20LH sbI6GA60XYyzZl2hNPk2LEnb80b8s0RpRBNm/dfF/a82Tc4DTQdxz69qBdKiQ1oK Um8BA06Oi6NCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD VR0OBBYEFAG5L++/EYZg8k/QQW6rcx/n0m5JMAoGCCqGSM49BAMDA2kAMGYCMQCu SuMrQMN0EfKVrRYj3k4MGuZdpSRea0R7/DjiT8ucRRcRTBQnJlU5dUoDzBOQn5IC MQD6SmxgiHPz7riYYqnOK8LZiqZwMR2vsJRM60/G49HzYqc8/5MuB1xJAWdpEgJy v+c= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIC+TCCAmKgAwIBAgIENvEbGTANBgkqhkiG9w0BAQUFADA2MQswCQYDVQQGEwJF UzENMAsGA1UEChMERk5NVDEYMBYGA1UECxMPRk5NVCBDbGFzZSAyIENBMB4XDTk5 MDMxODE0NTYxOVoXDTE5MDMxODE1MjYxOVowNjELMAkGA1UEBhMCRVMxDTALBgNV BAoTBEZOTVQxGDAWBgNVBAsTD0ZOTVQgQ2xhc2UgMiBDQTCBnTANBgkqhkiG9w0B AQEFAAOBiwAwgYcCgYEAmD+tGTaTPT7+dkIU/TVv8fqtInpY40bQXcZa+WItjzFe /rQw/lB0rNadHeBixkndFBJ9cQusBsE/1waH4JCJ1uXjA7LyJ7GfM8iqazZKo8Q/ eUGdiUYvKz5j1DhWkaodsQ1CdU3zh07jD03MtGy/YhOH6tCbjrbi/xn0lAnVlmEC AQOjggEUMIIBEDARBglghkgBhvhCAQEEBAMCAAcwWAYDVR0fBFEwTzBNoEugSaRH MEUxCzAJBgNVBAYTAkVTMQ0wCwYDVQQKEwRGTk1UMRgwFgYDVQQLEw9GTk1UIENs YXNlIDIgQ0ExDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5OTAzMTgxNDU2 MTlagQ8yMDE5MDMxODE0NTYxOVowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFECa dkSXdAfErBTLHo1POkV8MNdhMB0GA1UdDgQWBBRAmnZEl3QHxKwUyx6NTzpFfDDX YTAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG SIb3DQEBBQUAA4GBAGFMoHxZY1tm+O5lE85DgEe5sjXJyITHa3NgReSdN531jiW5 +aqqyuP4Q5wvoIkFsUUylCoeA41dpt7PV5Xa3yZgX8vflR64zgjY+IrJT6lodZPj LwVMZGACokIeb4ZoZVUO2ENv8pExPqNHPCgFr0W2nSJMJntLfVsV+RlG3whd -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIJSTCCBzGgAwIBAgIGBQtBXoJ7MA0GCSqGSIb3DQEBBQUAMIHiMRYwFAYDVQQD Ew1BQzEgUkFJWiBNVElOMRIwEAYDVQQFEwlTMjgxOTAwMUUxNTAzBgNVBAsTLFBS RVNUQURPUiBERSBTRVJWSUNJT1MgREUgQ0VSVElGSUNBQ0lPTiBNVElOMTEwLwYD VQQLEyhTVUJESVJFQ0NJT04gR0VORVJBTCBERSBQUk9DRVNPIERFIERBVE9TMSww KgYDVQQKEyNNSU5JU1RFUklPIERFIFRSQUJBSk8gRSBJTk1JR1JBQ0lPTjEPMA0G A1UEBxMGTUFEUklEMQswCQYDVQQGEwJFUzAeFw0wOTExMDUxNjE3NDVaFw0xOTEx MDMxNjE3NDVaMIHiMRYwFAYDVQQDEw1BQzEgUkFJWiBNVElOMRIwEAYDVQQFEwlT MjgxOTAwMUUxNTAzBgNVBAsTLFBSRVNUQURPUiBERSBTRVJWSUNJT1MgREUgQ0VS VElGSUNBQ0lPTiBNVElOMTEwLwYDVQQLEyhTVUJESVJFQ0NJT04gR0VORVJBTCBE RSBQUk9DRVNPIERFIERBVE9TMSwwKgYDVQQKEyNNSU5JU1RFUklPIERFIFRSQUJB Sk8gRSBJTk1JR1JBQ0lPTjEPMA0GA1UEBxMGTUFEUklEMQswCQYDVQQGEwJFUzCC AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANzNzbG/3iX1/xwzc5k8G6Ft 9aDEfZs4Zo0J3wNsVzW0E0H+41/mIgRYGLlOaTMEP5XH2U7/MzSnMkAyk1f+ga8l Q1wd/XtXC2IIZ2ditOPlWCWA5qqGYkDnTxBhKUkmq018oatbYTGBBmpklE0n+Ese 0dVD4texbfb2/7RwVfYImbd0AeDznrV85ASICFBZeB8alNvvyMmJ0ze48z2G0RnL g1oQBwhPmXQCB/AyUcj75tA8JnZ9cn6sdjfBinUgXEDchD/QSXxNZ6457+TOgOHK neYtqy7mEpXa+fvf4+KMPYf7RW5Eq/Z4kicUoV1rT3B7V3Pv+V2oD3Wf7xFgGYSw ZEDu2KmG+qXXRfQRb/GGyDRbiEjOut3Nm92I4wE26Kxq6BILsOB7kB6FC0mJAfb/ gt9YZSKDSNYH0Bxm/GYoOsTD5fiZZSdSWPNr8W8CRIR10KTjaFNhcu/2L6mzrPX0 9tBc3GlMzHnSpBvIcwY0dLTxasopKMc0hFsj2LoAjMwJwcdvXQSrt08md6k1zyDW s/8xadA0+yXsaJYKot2DH8o8j3Q2JVTv9Rh7wiQx0fuCBK4Egtb1Ailx4ZJxdI7b qnEdxDvGYiZshjwjVesp0R+ryh5j57NztKe4Kjr2H/uHZYj885/+v+vVHbaoA+ll gxmM4BjtF9gcDT2cilh/AgMBAAGjggMBMIIC/TA3BggrBgEFBQcBAQQrMCkwJwYI KwYBBQUHMAGGG2h0dHA6Ly9jYS5tdGluLmVzL210aW4vb2NzcDAOBgNVHQ8BAf8E BAMCAQYwGwYDVR0RBBQwEoEQYWRtaW5fY2FAbXRpbi5lczAbBgNVHRIEFDASgRBh ZG1pbl9jYUBtdGluLmVzMA8GA1UdEwEB/wQFMAMBAf8wcgYDVR0fBGswaTAyoDCg LoYsaHR0cDovL2NhLm10aW4uZXMvbXRpbi9jcmwvTVRJTkF1dG9yaWRhZFJhaXow M6AxoC+GLWh0dHA6Ly9jYTIubXRpbi5lcy9tdGluL2NybC9NVElOQXV0b3JpZGFk UmFpejCBuQYDVR0gBIGxMIGuMIGrBgsrBgEEAYHZBQIEATCBmzAwBggrBgEFBQcC ARYkaHR0cDovL2NhLm10aW4uZXMvbXRpbi9EUEN5UG9saXRpY2FzMGcGCCsGAQUF BwICMFsaWUNlcnRpZmljYWRvIHJh7XouIENvbnN1bHRlIGxhcyBjb25kaWNpb25l cyBkZSB1c28gZW4gaHR0cDovL2NhLm10aW4uZXMvbXRpbi9EUEN5UG9saXRpY2Fz MB0GA1UdDgQWBBQzQxizxEsdyx/58E7830rkFWDIgzCCARYGA1UdIwSCAQ0wggEJ gBQzQxizxEsdyx/58E7830rkFWDIg6GB6KSB5TCB4jEWMBQGA1UEAxMNQUMxIFJB SVogTVRJTjESMBAGA1UEBRMJUzI4MTkwMDFFMTUwMwYDVQQLEyxQUkVTVEFET1Ig REUgU0VSVklDSU9TIERFIENFUlRJRklDQUNJT04gTVRJTjExMC8GA1UECxMoU1VC RElSRUNDSU9OIEdFTkVSQUwgREUgUFJPQ0VTTyBERSBEQVRPUzEsMCoGA1UEChMj TUlOSVNURVJJTyBERSBUUkFCQUpPIEUgSU5NSUdSQUNJT04xDzANBgNVBAcTBk1B RFJJRDELMAkGA1UEBhMCRVOCBgULQV6CezANBgkqhkiG9w0BAQUFAAOCAgEAmeOq DpHTkqnq/0Rn06AtIGfzEA8aN3ddUkbmarj3iPOCwyr0YQ0sny+GLWHpYFm9t0+v kwkc+TN3QJyhfGXcXpCVqfS+gvT8gh0exT3gXK7eLdVjdqvx7CSnIPge6M9xggPd jnZiKrUpiBMkrVz0oEq46hOKVo1qL2g5coZYxKSrdXxE5xqEDI0R3Bm5HDbu8/9R m7NDyCV+5w5Io+RPBi0VHqCmR5BXO/gvLdsjuusjk7C4UhtgHNQZsG14j0udpwso Z0rdeEi9sT6Y1LsV/rNfbR11yB7PD65KGl2HLAZ0bAqFUyReesmgfHGbkl1vSH+2 WHGyTKYaCSM0UHEVa0fb+74abcKMlC8HZyAiZ2O3q8YZnJYNYuoIpBpw76m5707F QLzih1fzA8oomRrAVWB1e2O+ZD+WTkuP/S2mdMDfSTrsVX5m07r975OxY/JbP+12 odnTDP4ubwqmU0vv0fNHrbke7EwfvtCDU8ObFUX/LgfR2mqSReZsV1skLlFpyTDP 1/ukATVazafrFG+0t2AiCMVxyJPiviVf9Qz6WFE9e8gvN/mTHCoJ4Gf9lolCyus2 sNYbplAPWp12/6RPxuwNxOHQ51g+1nnAd00M1bPkmE3dRi5SsOIPDUI2pRAkUii+ YjVCOcl6lh/u5ktZPyRzi78iS2by2w818TedoCQ= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFqjCCA5KgAwIBAgIQMmmiv0BrjbRHg2Q8iw3JQzANBgkqhkiG9w0BAQsFADBm MQswCQYDVQQGEwJTRTEoMCYGA1UEChMfU3dlZGlzaCBTb2NpYWwgSW5zdXJhbmNl IEFnZW5jeTEtMCsGA1UEAxMkU3dlZGlzaCBHb3Zlcm5tZW50IFJvb3QgQXV0aG9y aXR5IHYzMB4XDTE1MDkyOTExMzIzMloXDTQwMDkyOTExNDIwOVowZjELMAkGA1UE BhMCU0UxKDAmBgNVBAoTH1N3ZWRpc2ggU29jaWFsIEluc3VyYW5jZSBBZ2VuY3kx LTArBgNVBAMTJFN3ZWRpc2ggR292ZXJubWVudCBSb290IEF1dGhvcml0eSB2MzCC AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALoeomkbaE9cj7r0I8deZgV4 hTZYo6J/Z++iDBaSpEqL4KCSh1U3C8TRxNBAQ5cyUE/slUe3P69DBeWElwnvVlTn QzNH/a3xOpuYpOHkUaO5rIwL7iUGCfLTujVnYYzCvSbL12PM14Mz2Uzi7/kbn6jL DXYBLXLJIrtokd6QDzs9tEK9GX2fhFw8fkI3hrFgwkiHUk5cV/7Okq7KPla3s56V mpT4L6HQoi7CVFpszMzWrUtH0C6HgjOoe1A5pyossVsnCp+t9RTr/I1TsnMrVCP0 jJeZl/s13My1+jMUJo11pySm6BQuLaaAKIOaP7jKO8f1GOD97I55+6pCbEpLFn7z ggNuuucRBqWfhCvSYG3pRu5BWpa5FP0cP4YS8VQmJv1ngC/lqC0oLkO3ZMLv5Ld+ ltyEiyfZdj2YgVMU3EJFoVRn+doYZpAKtEeQPAHlK6Nm72/7MoPxM30yIWylRRU/ L/NVkUiTnyXPLTw5O1INGq/H36tvgNiQy55xcmpCaZPqkgA9SQTZo1y6RfsCEP+t aXRSpThjmmaIBLIRuhOqOdWDX+1lW1PInVyyhaB4cDVNXCQQpPYxKpJVQdnzF2yZ E1j63SjQbBO9W4eNk4OtWClWFbRYJ0qbEWygpmdFOs7Q2M7/kDPsWjFND1IS+632 YV/kL28NZjDloE/Pz/1fAgMBAAGjVDBSMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB Af8EBTADAQH/MB0GA1UdDgQWBBScvAHnq2Q19TGbjbX7F5mIAsub8jAQBgkrBgEE AYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAgEAh6tq5OdrJFI99iKDT1MERTKc YVoWXJxEtaPRltBA/s9mFV5+QAAgFf2nqmTap2FmaMLdUnEloGq53cDNzoYI1Dw1 ES999G/S2gyXA2WXg7Q+OssJdI3rBcp66YCwt1EtIpPjmhnu7ZcIIYOtxwqRX8TK 216vuOeMujpJ0lUDNRkZUErihqe7eD2V/bEfRvJPZvL7v4VktgojGJIJnklFMbbW FFee/IlFdH85zMBqaMjPR9DhHsfTLy35LCQ7/Gq6lBPezHLyoh3LH5/Vg3cmXn6b oK9pn3jbpcFucVxIQk4r2Hi41Q+lP2zLj5DNR9iQGUmF1mz84quqQr/LE5e/aUR1 YzUt2qDH/WH3ykE9VJz0NsDkbiFIn11xYoHT8iXmWYxZQSZIp+PrZ2rT7DS3mPfM yqM2BpXnyDBZ9//JodHkebzfEx8u2bN10QS3IwkhzB0hHCecDiv6wYcYyfr5SYOM Ehb7xRLOOw9C+vAFZX6ox+tSSvmYXnGjrBLHKHEaWnXPh8ofNygcFJ2QUG/Gv0rM xyXPMd1bkU52qBHVdmbZv4BzYrDsw/5EvM1ZEwsMLdihzKpiTVRFXqRSo4xXPBQx k1TOpRZUXi1Cs+5lqbadP2zOYdlWy97qoFbebYYD+reBaozS2PPXtsCsKYRZIw6b l2rmoM7VKlQY71CYeSA= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/ MQswCQYDVQQGEwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmlj YXRpb24gQXV0aG9yaXR5MB4XDTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1ow PzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQgUm9vdCBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB AJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qNw8XR IePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1q gQdW8or5BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKy yhwOeYHWtXBiCAEuTk8O1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAts F/tnyMKtsc2AtJfcdgEWFelq16TheEfOhtX7MfP6Mb40qij7cEwdScevLJ1tZqa2 jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wovJ5pGfaENda1UhhXcSTvx ls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7Q3hub/FC VGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHK YS1tB6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoH EgKXTiCQ8P8NHuJBO9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThN Xo+EHWbNxWCWtFJaBYmOlXqYwZE8lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1Ud DgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNVHRMEBTADAQH/MDkGBGcqBwAE MTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg209yewDL7MTqK UWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyf qzvS/3WXy6TjZwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaK ZEk9GhiHkASfQlK3T8v+R0F2Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFE JPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlUD7gsL0u8qV1bYH+Mh6XgUmMqvtg7 hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6QzDxARvBMB1uUO07+1 EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+HbkZ6Mm nD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WX udpVBrkk7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44Vbnz ssQwmSNOXfJIoRIM3BKQCZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDe LMDDav7v3Aun+kbfYNucpllQdSNpc5Oy+fwC00fmcc4QAu4njIT/rEUNE1yDMuAl pYYsfPQS -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFSzCCAzOgAwIBAgIRALZLiAfiI+7IXBKtpg4GofIwDQYJKoZIhvcNAQELBQAw PzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQgUm9vdCBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eTAeFw0xMjA5MjgwODU4NTFaFw0zNzEyMzExNTU5NTla MD8xCzAJBgNVBAYTAlRXMTAwLgYDVQQKDCdHb3Zlcm5tZW50IFJvb3QgQ2VydGlm aWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC AQC2/5c8gb4BWCQnr44BK9ZykjAyG1+bfNTUf+ihYHMwVxAA+lCWJP5Q5ow6ldFX eYTVZ1MMKoI+GFy4MCYa1l7GLbIEUQ7v3wxjR+vEEghRK5lxXtVpe+FdyXcdIOxW juVhYC386RyA3/pqg7sFtR4jEpyCygrzFB0g5AaPQySZn7YKk1pzGxY5vgW28Yyl ZJKPBeRcdvc5w88tvQ7Yy6gOMZvJRg9nU0MEj8iyyIOAX7ryD6uBNaIgIZfOD4k0 eA/PH07p+4woPN405+2f0mb1xcoxeNLOUNFggmOd4Ez3B66DNJ1JSUPUfr0t4urH cWWACOQ2nnlwCjyHKenkkpTqBpIpJ3jmrdc96QoLXvTg1oadLXLLi2RW5vSueKWg OTNYPNyoj420ai39iHPplVBzBN8RiD5C1gJ0+yzEb7xs1uCAb9GGpTJXA9ZN9E4K mSJ2fkpAgvjJ5E7LUy3Hsbbi08J1J265DnGyNPy/HE7CPfg26QrMWJqhGIZO4uGq s3NZbl6dtMIIr69c/aQCb/+4DbvVq9dunxpPkUDwH0ZVbaCSw4nNt7H/HLPLo5wK 4/7NqrwB7N1UypHdTxOHpPaY7/1J1lcqPKZc9mA3v9g+fk5oKiMyOr5u5CI9ByTP isubXVGzMNJxbc5Gim18SjNE2hIvNkvy6fFRCW3bapcOFwIDAQABo0IwQDAPBgNV HRMBAf8EBTADAQH/MB0GA1UdDgQWBBTVZx3gnHosnMvFmOcdByYqhux0zTAOBgNV HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAJA75cJTQijq9TFOjj2Rnk0J 89ixUuZPrAwxIbvx6pnMg/y2KOTshAcOD06Xu29oRo8OURWV+Do7H1+CDgxxDryR T64zLiNB9CZrTxOH+nj2LsIPkQWXqmrBap+8hJ4IKifd2ocXhuGzyl3tOKkpboTe Rmv8JxlQpRJ6jH1i/NrnzLyfSa8GuCcn8on3Fj0Y5r3e9YwSkZ/jBI3+BxQaWqw5 ghvxOBnhY+OvbLamURfr+kvriyL2l/4QOl+UoEtTcT9a4RD4co+WgN2NApgAYT2N vC2xR8zaXeEgp4wxXPHj2rkKhkfIoT0Hozymc26Uke1uJDr5yTDRB6iBfSZ9fYTf hsmL5a4NHr6JSFEVg5iWL0rrczTXdM3Jb9DCuiv2mv6Z3WAUjhv5nDk8f0OJU+jl wqu+Iq0nOJt3KLejY2OngeepaUXrjnhWzAWEx/uttjB8YwWfLYwkf0uLkvw4Hp+g pVezbp3YZLhwmmBScMip0P/GnO0QYV7Ngw5u6E0CQUridgR51lQ/ipgyFKDdLZzn uoJxo4ZVKZnSKdt1OvfbQ/+2W/u3fjWAjg1srnm3Ni2XUqGwB5wH5Ss2zQOXlL0t DjQG/MAWifw3VOTWzz0TBPKR2ck2Lj7FWtClTILD/y58Jnb38/1FoqVuVa4uzM8s iTTa9g3nkagQ6hed8vbs -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloX DTI4MTExMzIzMDAwMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv b3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4yolQP cPssXFnrbMSkUeiFKrPMSjTysF/zDsccPVMeiAho2G89rcKezIJnByeHaHE6n3WW IkYFsO2tx1ueKt6c/DrGlaf1F2cY5y9JCAxcz+bMNO14+1Cx3Gsy8KL+tjzk7FqX xz8ecAgwoNzFs21v0IJyEavSgWhZghe3eJJg+szeP4TrjTgzkApyI/o1zCZxMdFy KJLZWyNtZrVtB0LrpjPOktvA9mxjeM3KTj215VKb8b475lRgsGYeCasH/lSJEULR 9yS6YHgamPfJEf0WwTUaVHXvQ9Plrk7O53vDxk5hUUurmkVLoR9BvUhTFXFkC4az 5S6+zqQbwSmEorXLCCN2QyIkHxcE1G6cxvx/K2Ya7Irl1s9N9WMJtxU51nus6+N8 6U78dULI7ViVDAZCopz35HCz33JvWjdAidiFpNfxC95DGdRKWCyMijmev4SH8RY7 Ngzp07TKbBlBUgmhHbBqv4LvcFEhMtwFdozL92TkA1CvjJFnq8Xy7ljY3r735zHP bMk7ccHViLVlvMDoFxcHErVc0qsgk7TmgoNwNsXNo42ti+yjwUOH5kPiNL6VizXt BznaqB16nzaeErAMZRKQFWDZJkBE41ZgpRDUajz9QdwOWke275dhdU/Z/seyHdTt XUmzqWrLZoQT1Vyg3N9udwbRcXXIV2+vD3dbAgMBAAGjQjBAMA8GA1UdEwEB/wQF MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRUrfrHkleuyjWcLhL75Lpd INyUVzANBgkqhkiG9w0BAQsFAAOCAgEAMJmdBTLIXg47mAE6iqTnB/d6+Oea31BD U5cqPco8R5gu4RV78ZLzYdqQJRZlwJ9UXQ4DO1t3ApyEtg2YXzTdO2PCwyiBwpwp LiniyMMB8jPqKqrMCQj3ZWfGzd/TtiunvczRDnBfuCPRy5FOCvTIeuXZYzbB1N/8 Ipf3YF3qKS9Ysr1YvY2WTxB1v0h7PVGHoTx0IsL8B3+A3MSs/mrBcDCw6Y5p4ixp gZQJut3+TcCDjJRYwEYgr5wfAvg1VUkvRtTA8KCWAg8zxXHzniN9lLf9OtMJgwYh /WA9rjLA0u6NpvDntIJ8CsxwyXmA+P5M9zWEGYox+wrZ13+b8KKaa8MFSu1BYBQw 0aoRQm7TIwIEC8Zl3d1Sd9qBa7Ko+gE4uZbqKmxnl4mUnrzhVNXkanjvSr0rmj1A fsbAddJu+2gw7OyLnflJNZoaLNmzlTnVHpL3prllL+U9bTpITAjc5CgSKL59NVzq 4BZ+Extq1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR 1VmiiXTTn74eS9fGbbeIJG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/ QFH1T/U67cjF68IeHRaVesd+QnGTbksVtzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM 94B7IWcnMFk= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJO TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFh dCBkZXIgTmVkZXJsYW5kZW4gRVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0y MjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIg TmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRlcmxhbmRlbiBFViBS b290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkkSzrS M4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nC UiY4iKTWO0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3d Z//BYY1jTw+bbRcwJu+r0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46p rfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13l pJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gVXJrm0w912fxBmJc+qiXb j5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr08C+eKxC KFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS /ZbV0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0X cgOPvZuM5l5Tnrmd74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH 1vI4gnPah1vlPNOePqc7nvQDs/nxfRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrP px9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB /zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwaivsnuL8wbqg7 MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u 2dfOWBfoqSmuc0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHS v4ilf0X8rLiltTMMgsT7B/Zq5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTC wPTxGfARKbalGAKb12NMcIxHowNDXLldRqANb/9Zjr7dn3LDWyvfjFvO5QxGbJKy CqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tNf1zuacpzEPuKqf2e vTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi5Dp6 Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIa Gl6I6lD4WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeL eG9QgkRQP2YGiqtDhFZKDyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8 FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGyeUN51q1veieQA6TqJIc/2b3Z6fJfUEkc 7uzXLg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIx GDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxp bXNlbCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0w KwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24gTWVya2V6aSAtIEthbXUgU00xNjA0 BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRpZmlrYXNpIC0gU3Vy dW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYDVQQG EwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXll IEJpbGltc2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklU QUsxLTArBgNVBAsTJEthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBT TTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11IFNNIFNTTCBLb2sgU2VydGlmaWthc2kg LSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3UwM6q7 a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y86Ij5iySr LqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INr N3wcwv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2X YacQuFWQfw4tJzh03+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/ iSIzL+aFCr2lqBs23tPcLG07xxO9WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4f AJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQUZT/HiobGPN08VFw1+DrtUgxH V8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL BQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPf IPP54+M638yclNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4 lzwDGrpDxpa5RXI4s6ehlj2Re37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c 8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0jq5Rm+K37DwhuJi1/FwcJsoz7UMCf lo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGnTCCBIWgAwIBAgISAu4Am2bYah1n/tqKJW8hWnUbMA0GCSqGSIb3DQEBCwUA MFoxOjA4BgNVBAMMMUF1dG9yaWRhZCBDZXJ0aWZpY2Fkb3JhIFJhw616IE5hY2lv bmFsIGRlIFVydWd1YXkxDzANBgNVBAoTBkFHRVNJQzELMAkGA1UEBhMCVVkwHhcN MTExMTAzMTUwMjQ5WhcNMzExMDI5MTUwMjQ5WjBaMTowOAYDVQQDDDFBdXRvcmlk YWQgQ2VydGlmaWNhZG9yYSBSYcOteiBOYWNpb25hbCBkZSBVcnVndWF5MQ8wDQYD VQQKEwZBR0VTSUMxCzAJBgNVBAYTAlVZMIICIDANBgkqhkiG9w0BAQEFAAOCAg0A MIICCAKCAgEAl8QfKkShgUtIkXXd69qPyhuL8rQ8LMbl9MEe0bgwE29cn+VRln8a pBb+0tQdJfbQ5jdgXwCjGansJ79QLQWgXF6T6+No/Zs9uRQ2LeclFRCQGpLJEbEp l5NWVWKtR6x/1Qx3ltKTaGox3VTvk/IKT6BfAlrvtkQ+55myjkXeoPfA6EiwR+ze QhTbNXugafwewAEpFtozoSGhMjIQdn2ox8Auc4Nk/Fr3mzaMae0gVSN5zfPzbGtg XHiN/D2FLLyp93DopcpN2HyY74Z2GITVQCkQJzLn7wNEC0/JKvG2tCug1QOUhCHT dPMpbXjwBWquAQ9hH8al8MeCFdk7+92LdGnu5MfH9BHcFFHBhBolVhNrW85fLP2L Gy0PyMBVqhhPmJzPoncItDWV2LmLnEkOtBAL/PxHTdSaV/mfer3pV7u0D18VkNho bNWFJYMthgxHYpezeU25ZQh3Um9K426AwKyj1bzqSeJl4kxZaoLeK/WqPv5l6FFw TTeEBgQ/koPUVijjJdVUyoXuVsAuzvlwEBJfXZ7GvEsQHVZtynLBUwkqEz3Ytfkc O0XGhxTQOH6eIV/8dh3/CylC26HEeTnhTdWGUOPy4LPXWZvePx4aA/PUaYZLRxwy fzwHCRMQp5sHMHczvGkR0TQ9fBAquB6OvUfe+bJ5VWYhAgf7OSwKF6ECAQOjggFd MIIBWTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBiBgNVHR8EWzBZ MCygKqAohiZodHRwOi8vd3d3LmFnZXNpYy5ndWIudXkvYWNybi9hY3JuLmNybDAp oCegJYYjaHR0cDovL3d3dy51Y2UuZ3ViLnV5L2Fjcm4vYWNybi5jcmwwgbIGA1Ud IASBqjCBpzBcBgtghlqE4q4dhIgFADBNMEsGCCsGAQUFBwIBFj9odHRwOi8vd3d3 LnVjZS5ndWIudXkvaW5mb3JtYWNpb24tdGVjbmljYS9wb2xpdGljYXMvY3BfYWNy bi5wZGYwRwYLYIZahOKuHYSIBQEwODA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5h Z2VzaWMuZ3ViLnV5L2Fjcm4vY3BzX2Fjcm4ucGRmMB0GA1UdDgQWBBSSnpG4VSg9 d0IsM6WYX9DJrI21ozANBgkqhkiG9w0BAQsFAAOCAgEAXeerWepJ3L9GQ/2Uu5hw lBT6zgNd8X0xE5JOhSQwFGts0+fO5nnV205VThcr15NF3xMMJ2cdx0KQVDDG8ahp KLROpm2lNaZQlmhJo+4vC6v8AwJQaPGVKT5xLNza5S3Zdi7uVjN+F6EnAuGhJygh ir8B52LHu7IlBNobpiOMfJO6yYvrCvk3t5Q5/U2PfqLcgW8brRQPWyADeEFzZ57S lxeQKopUS6d5fyQSkZ87LMc3pAxccmoTnjIJJ+tDMnVf10fDKkVTFVZ2T7sJ6IRg Ee9z1edQbmko/evGy8pOE2MNDjcsMR/bp1igsv0NF4ezkq4bKIAftpJ+hhHh9kyY f2aLHxNJA0L8+5ic7oaWqS4FfnAcwXfI6V2CuA7OW2QFY+4/Bi02DOkfclserN0m 9Rw4bv2MPU2G6yfLygONQPMq0YrYNA7CrbWI7YeaioWih+/puTjnaJajAc+CPRxL KJ0n9fmZlntI/azQ8DL3OATdTZmuDpKCw/o8GxPHaLdd4JNGuLi4pAzEG8a6Rpbd nlUPR532gaWsZVnY3a4GbOBDgsZn2HACNfU2BONKOal1Ah7mP0bPnCwehIgXqiap pkOA4MBbo2SDm5rtawFltsE9GOyTGWaUqNMRUJl6iH2vPn+UkDsKw2q3jV/Sp1HR Mh+58jJ9d5NtQ+xBaavPyWE= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDgDCCAmigAwIBAgIDDN+bMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYTAlNJ MRQwEgYDVQQKEwtIYWxjb20gZC5kLjEXMBUGA1UEYRMOVkFUU0ktNDMzNTMxMjYx KjAoBgNVBAMTIUhhbGNvbSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0x NjA2MTAwNzA3NTBaFw0zNjA2MTAwNzA3NTBaMGgxCzAJBgNVBAYTAlNJMRQwEgYD VQQKEwtIYWxjb20gZC5kLjEXMBUGA1UEYRMOVkFUU0ktNDMzNTMxMjYxKjAoBgNV BAMTIUhhbGNvbSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAOlSpsYa72O7rYH0kLJajw3VFjO0HBj7y4kq MLtlgcTh+wKplAd25dcV5HpkEIDqPNCzoq2uHB/qu4FhmNT5jWmVxEUuAwnKhvpc WhEXQDA+8MZjCcnxjUGlVg0FZGlLWKwqKZa7QDMWNEtnbNfxtEal6lmoQ2gPjDgq qjz2RAOG+IrbRSErKR4St/qlZUHeBghYcJU+9EzZ6w8pqZGKnq3KEvXlleY42Rqm i5xPpkgTEKV5RL1qOyn1FndAy36bXN++i+vnoBlvnxU/J54psfUN/F9HojzdLgsC +/SN6uwMsfm0Baz5j6k9biwdOZ/QTp9OyGqegANh3M/4bZTLD88CAwEAAaMzMDEw DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIQq6mQ8eYKLAwCwYDVR0PBAQDAgEG MA0GCSqGSIb3DQEBCwUAA4IBAQBSuXnQ22P+GYH7DPnB5VBZyp2y+1wz0Dioq7Ua TlMldSLTSb/Kgc/T4XujkUZ1yhrr2fVdvHuGNf2Bl5yE1yaYIvyxNdCplbZ8/+SX tEB+SV1oyOLUOXUnTwORsjFXv4bXbcpxACI30DtYJFCgnIyaiY71KEZs5xbtsIGr 9EYmr6boGkV3cBaSsntxcdz330lnwDMIDi5TwXerx0qRTBLv5w4J5XUxIK5u/FqK gJwQsNuoSszzK9w2NKb3qQtnnZDLPSafdc1MyR0GCnWLUsCB8NEmrMySphScXDwW QvuTzAKoE/PargrDuBX0sNDU4BYgT6xQmHgmlB5o65Ry/veL -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICWjCCAeGgAwIBAgIQMWjZ2OFiVx7SGUSI5hB98DAKBggqhkjOPQQDAzBvMQsw CQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2Vh cmNoIEluc3RpdHV0aW9ucyBDQTEnMCUGA1UEAwweSEFSSUNBIENsaWVudCBFQ0Mg Um9vdCBDQSAyMDIxMB4XDTIxMDIxOTExMDMzNFoXDTQ1MDIxMzExMDMzM1owbzEL MAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl YXJjaCBJbnN0aXR1dGlvbnMgQ0ExJzAlBgNVBAMMHkhBUklDQSBDbGllbnQgRUND IFJvb3QgQ0EgMjAyMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABAcYrZWWlNBcD4L3 KkD6AsnJPTamowRqwW2VAYhgElRsXKIrbhM6iJUMHCaGNkqJGbcY3jvoqFAfyt9b v0mAFdvjMOEdWscqigEH/m0sNO8oKJe8wflXhpWLNc+eWtFolaNCMEAwDwYDVR0T AQH/BAUwAwEB/zAdBgNVHQ4EFgQUUgjSvjKBJf31GpfsTl8au1PNkK0wDgYDVR0P AQH/BAQDAgGGMAoGCCqGSM49BAMDA2cAMGQCMEwxRUZPqOa+w3eyGhhLLYh7WOar lGtEA7AX/9+Cc0RRLP2THQZ7FNKJ7EAM7yEBLgIwL8kuWmwsHdmV4J6wuVxSfPb4 OMou8dQd8qJJopX4wVheT/5zCu8xsKsjWBOMi947 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFqjCCA5KgAwIBAgIQVVL4HtsbJCyeu5YYzQIoPjANBgkqhkiG9w0BAQsFADBv MQswCQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl c2VhcmNoIEluc3RpdHV0aW9ucyBDQTEnMCUGA1UEAwweSEFSSUNBIENsaWVudCBS U0EgUm9vdCBDQSAyMDIxMB4XDTIxMDIxOTEwNTg0NloXDTQ1MDIxMzEwNTg0NVow bzELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFuZCBS ZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExJzAlBgNVBAMMHkhBUklDQSBDbGllbnQg UlNBIFJvb3QgQ0EgMjAyMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB AIHbV0KQLHQ19Pi4dBlNqwlad0WBc2KwNZ/40LczAIcTtparDlQSMAe8m7dI19EZ g66O2KnxqQCEsIxenugMj1Rpv/bUCE8mcP4YQWMaszKLQPgHq1cx8MYWdmeatN0v 8tFrxdCShJFxbg8uY+kfU6TdUhPMCYMpgQzFU3VEsQ5nUxjQwx+IS5+UJLQpvLvo Tv1v0hUdSdyNcPIRGiBRVRG6iG/E91B51qox4oQ9XjLIdypQceULL+m26u+rCjM5 Dv2PpWdDgo6YaQkJG0DNOGdH6snsl3ES3iT1cjzR90NMJveQsonpRUtVPTEFekHi lbpDwBfFtoU9GY1kcPNbrM2f0yl1h0uVZ2qm+NHdvJCGiUMpqTdb9V2wJlpTQnaQ K8+eVmwrVM9cmmXfW4tIYDh8+8ULz3YEYwIzKn31g2fn+sZD/SsP1CYvd6QywSTq ZJ2/szhxMUTyR7iiZkGh+5t7vMdGanW/WqKM6GpEwbiWtcAyCC17dDVzssrG/q8R chj258jCz6Uq6nvWWeh8oLJqQAlpDqWW29EAufGIbjbwiLKd8VLyw3y/MIk8Cmn5 IqRl4ZvgdMaxhZeWLK6Uj1CmORIfvkfygXjTdTaefVogl+JSrpmfxnybZvP+2M/u vZcGHS2F3D42U5Z7ILroyOGtlmI+EXyzAISep0xxq0o3AgMBAAGjQjBAMA8GA1Ud EwEB/wQFMAMBAf8wHQYDVR0OBBYEFKDWBz1eJPd7oEQuJFINGaorBJGnMA4GA1Ud DwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEADUf5CWYxUux57sKo8mg+7ZZF yzqmmGM/6itNTgPQHILhy9Pl1qtbZyi8nf4MmQqAVafOGyNhDbBX8P7gyr7mkNuD LL6DjvR5tv7QDUKnWB9p6oH1BaX+RmjrbHjJ4Orn5t4xxdLVLIJjKJ1dqBp+iObn K/Es1dAFntwtvTdm1ASip62/OsKoO63/jZ0z4LmahKGHH3b0gnTXDvkwSD5biD6q XGvWLwzojnPCGJGDObZmWtAfYCddTeP2Og1mUJx4e6vzExCuDy+r6GSzGCCdRjVk JXPqmxBcWDWJsUZIp/Ss1B2eW8yppRoTTyRQqtkbbbFA+53dWHTEwm8UcuzbNZ+4 VHVFw6bIGig1Oq5l8qmYzq9byTiMMTt/zNyW/eJb1tBZ9Ha6C8tPgxDHQNAdYOkq 5UhYdwxFab4ZcQQk4uMkH0rIwT6Z9ZaYOEgloRWwG9fihBhb9nE1mmh7QMwYXAwk ndSV9ZmqRuqurL/0FBkk6Izs4/W8BmiKKgwFXwqXdafcfsD913oY3zDROEsfsJhw v8x8c/BuxDGlpJcdrL/ObCFKvicjZ/MGVoEKkY624QMFMyzaNAhNTlAjrR+lxdR6 /uoJ7KcoYItGfLXqm91P+edrFcaIz0Pb5SfcBFZub0YV8VYt6FwMc8MjgTggy8kM ac8sqzuEYDMZUv1pFDM= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICZjCCAe2gAwIBAgIQTIpjHaljjwWi+3YU/1uizTAKBggqhkjOPQQDAzB1MQsw CQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2Vh cmNoIEluc3RpdHV0aW9ucyBDQTEtMCsGA1UEAwwkSEFSSUNBIENvZGUgU2lnbmlu ZyBFQ0MgUm9vdCBDQSAyMDIxMB4XDTIxMDIxOTExMDQzNloXDTQ1MDIxMzExMDQz NVowdTELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFu ZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExLTArBgNVBAMMJEhBUklDQSBDb2Rl IFNpZ25pbmcgRUNDIFJvb3QgQ0EgMjAyMTB2MBAGByqGSM49AgEGBSuBBAAiA2IA BEOfvFxCakPhrEu4Dl+ABuMFd4t/C3nXYaCQv/JTKKNYupTAZmocWdqAWIEATLzJ eZgQDMcdC+OT3IU5aNm/p0PSMcyCgie6iNHSLVY39zrabjnccRBl7jgLh3oDujBf ZKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUanHBc2qTQqaXcl67kF+C kg8r1uswDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2cAMGQCMB6l1QtElRDk Z3xOhV65RUkCc7CyHLOnItEAYUAPs4c3Fo0A7baLVSUGlJDc1+d1nwIwf3Rr8Urf 8PeEe/LFeTADSPIeICJXZFRXNIB3tz8jT7T1gJjCwVZboOfWoY/1DG8d -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFtjCCA56gAwIBAgIQFcKuKk2ZmmOM07oTGXYI9TANBgkqhkiG9w0BAQsFADB1 MQswCQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl c2VhcmNoIEluc3RpdHV0aW9ucyBDQTEtMCsGA1UEAwwkSEFSSUNBIENvZGUgU2ln bmluZyBSU0EgUm9vdCBDQSAyMDIxMB4XDTIxMDIxOTEwNTk1NFoXDTQ1MDIxMzEw NTk1M1owdTELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWlj IGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExLTArBgNVBAMMJEhBUklDQSBD b2RlIFNpZ25pbmcgUlNBIFJvb3QgQ0EgMjAyMTCCAiIwDQYJKoZIhvcNAQEBBQAD ggIPADCCAgoCggIBAIpq7qoKI1UMiwZC45VbVHhfxY4GLHw8Mb6vDamh7EogWAWd 4miyu+tffyozufJVnG+qpB7tEL6DKRE25p4/+m17UeHVd6W9y2kOOyIglAwxZUAN Ca8QNXqb6nkIRKSLZ6krTcHn0Nen9rU6jdmjqXm4pGVcvPM+95+Z9rjDZWgtq4Mu 3YWZBKn10VzVUUIBuZ9BtUsisgD0y2cQ72nEEK36lAZ2UBJXgq7FFK08fbud8XPh fPCucd5b9xLd94Dx3D7xYLrJGZdvdXSFTP05Q8NkbjSsE8EcZbZSQvFG6y/6XabP Dkmd93R8eA0GOiwS++JLJuRviyGBM0I5E+hCq1tV1Bu7N7YSkffzfbzS/+yxw9Wg zLIrx49dfkxSQkj7j/1akHMQ1alyVI1J2zhSqkZIDi/6ACzMcww2SyTOE2ympKSj 1nyb6TgLxiTbTaxnIUlbQTdk5mBrH+0qL2AZMB7YPJwZQ4ffwAr05MpgiHrWo7nk JS554v7Byzy3989OWEz7w62rfarKiPsOOA0fnlw567gHxFAiTfiFf27sjPq2cU3e fZZpxN0+Ht4mkAosTRWVqaI+3D0Od3yNQShPuINRvj63j5A6cDGJWvqTU/xgyY11 kO5aLx2EnwCp5sOGI6Ie3RLjoUZgG2e/UBUiknxKtIyPbpyVwizcOzogtryLAgMB AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRkFkjo/FpLMymJ65lA uSC09mEaMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAK6xZi+Y5 RNz7rUqI4GT/q8Py0s5wLwPlb7LE9TbWU2uHqx2LmQfIMI5Hcv2huHXWF6EWvWRz kTBXrX39BUCGk9FJlrIL1HxkE4vTIUk4u/vozD4x8a57TCrfggajjgWEnH9wzsC7 RRffXWUM5FBIB0SLpC9W2sZ69mCNpDjxnYcWMLLwX3pCVSBxz8zuALESR79CueSz tR0ZhLmYbeBptBVBteJQSMcf6pq3eZHd1dVTGfyuGGxp261ZKJtkmKc8x1WO0TAA z9QynmKxwyruNSLGu/B8u4O4AIn13BqX2TiaKVNhGaan9DtH/d1nlQ+OpGYsgpq3 LXHm3674+GjBuw/qUKBFl7calRJvyLO2BWjaah4ONYWErHQMirT0dZ8ir7BUu7ae IvnZ69WKDcfc+JgxX576xpf0QRB104G2MV963YiFCK9wRwI3e+JK7F3y3SkSRMiK qt3SVXgXda9xaQ13cEqwH39C28dx3FjWGL1QxblyBMdne3xTYMpJGBW8QHOuK6gr rG8RRDnsgkh+Ecr71j+2wLm4BpN1vZMndxcNXKWe6sFbAC0MqDVgx+JvNRs9drXn rd10I0+GskfvyC/QhXw5ljehKykCvT6Hz6j2HXUyzzjjc7HuEIG1KrGIBlEeWjpI UfM2WWLfQmZZULdYvvV2QJoSFuYOqtdsoNU= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICVDCCAdugAwIBAgIQZ3SdjXfYO2rbIvT/WeK/zjAKBggqhkjOPQQDAzBsMQsw CQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2Vh cmNoIEluc3RpdHV0aW9ucyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBFQ0MgUm9v dCBDQSAyMDIxMB4XDTIxMDIxOTExMDExMFoXDTQ1MDIxMzExMDEwOVowbDELMAkG A1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJj aCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgRUNDIFJvb3Qg Q0EgMjAyMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABDgI/rGgltJ6rK9JOtDA4MM7 KKrxcm1lAEeIhPyaJmuqS7psBAqIXhfyVYf8MLA04jRYVxqEU+kw2anylnTDUR9Y STHMmE5gEYd103KUkE+bECUqqHgtvpBBWJAVcqeht6NCMEAwDwYDVR0TAQH/BAUw AwEB/zAdBgNVHQ4EFgQUyRtTgRL+BNUW0aq8mm+3oJUZbsowDgYDVR0PAQH/BAQD AgGGMAoGCCqGSM49BAMDA2cAMGQCMBHervjcToiwqfAircJRQO9gcS3ujwLEXQNw SaSS6sUUiHCm0w2wqsosQJz76YJumgIwK0eaB8bRwoF8yguWGEEbo/QwCZ61IygN nxS2PFOiTAZpffpskcYqSUXm7LcT4Tps -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFpDCCA4ygAwIBAgIQOcqTHO9D88aOk8f0ZIk4fjANBgkqhkiG9w0BAQsFADBs MQswCQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl c2VhcmNoIEluc3RpdHV0aW9ucyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBSU0Eg Um9vdCBDQSAyMDIxMB4XDTIxMDIxOTEwNTUzOFoXDTQ1MDIxMzEwNTUzN1owbDEL MAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl YXJjaCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgUlNBIFJv b3QgQ0EgMjAyMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIvC569l mwVnlskNJLnQDmT8zuIkGCyEf3dRywQRNrhe7Wlxp57kJQmXZ8FHws+RFjZiPTgE 4VGC/6zStGndLuwRo0Xua2s7TL+MjaQenRG56Tj5eg4MmOIjHdFOY9TnuEFE+2uv a9of08WRiFukiZLRgeaMOVig1mlDqa2YUlhu2wr7a89o+uOkXjpFc5gH6l8Cct4M pbOfrqkdtx2z/IpZ525yZa31MJQjB/OCFks1mJxTuy/K5FrZx40d/JiZ+yykgmvw Kh+OC19xXFyuQnspiYHLA6OZyoieC0AJQTPb5lh6/a6ZcMBaD9YThnEvdmn8kN3b LW7R8pv1GmuebxWMevBLKKAiOIAkbDakO/IwkfN4E8/BPzWr8R0RI7VDIp4BkrcY AuUR0YLbFQDMYTfBKnya4dC6s1BG7oKsnTH4+yPiAwBIcKMJJnkVU2DzOFytOOqB AGMUuTNe3QvboEUHGjMJ+E20pwKmafTCWQWIZYVWrkvL4N48fS0ayOn7H6NhStYq E613TBoYm5EPWNgGVMWX+Ko/IIqmhaZ39qb8HOLubpQzKoNQhArlT4b4UEV4AIHr W2jjJo3Me1xR9BQsQL4aYB16cmEdH2MtiKrOokWQCPxrvrNQKlr9qEgYRtaQQJKQ CoReaDH46+0N0x3GfZkYVVYnZS6NRcUk7M7jAgMBAAGjQjBAMA8GA1UdEwEB/wQF MAMBAf8wHQYDVR0OBBYEFApII6ZgpJIKM+qTW8VX6iVNvRLuMA4GA1UdDwEB/wQE AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAPpBIqm5iFSVmewzVjIuJndftTgfvnNAU X15QvWiWkKQUEapobQk1OUAJ2vQJLDSle1mESSmXdMgHHkdt8s4cUCbjnj1AUz/3 f5Z2EMVGpdAgS1D0NTsY9FVqQRtHBmg8uwkIYtlfVUKqrFOFrJVWNlar5AWMxaja H6NpvVMPxP/cyuN+8kyIhkdGGvMA9YCRotxDQpSbIPDRzbLrLFPCU3hKTwSUQZqP JzLB5UkZv/HywouoCjkxKLR9YjYsTewfM7Z+d21+UPCfDtcRj88YxeMn/ibvBZ3P zzfF0HvaO7AWhAw6k9a+F9sPPg4ZeAnHqQJyIkv3N3a6dcSFA1pj1bF1BcK5vZSt jBWZp5N99sXzqnTPBIWUmAD04vnKJGW/4GKvyMX6ssmeVkjaef2WdhW+o45WxLM0 /L5H9MG0qPzVMIho7suuyWPEdr6sOBjhXlzPrjoiUevRi7PzKzMHVIf6tLITe7pT BGIBnfHAT+7hOtSLIBD6Alfm78ELt5BGnBkpjNxvoEppaZS3JGWg/6w/zgH7IS79 aPib8qXPMThcFarmlwDB31qlpzmq6YR/PFGoOtmUW4y/Twhx5duoXNTSpv4Ao8YW xw/ogM4cKGR0GQjTQuPOAF1/sdwTsOEFy9EgqoZ0njnnkf3/W9b3raYvAwtt41dU 63ZTGI0RmLo= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzAN BgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl c2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hl bGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgRUNDIFJv b3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEwMzcxMlowgaoxCzAJ BgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmljIEFj YWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5 MUQwQgYDVQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0 dXRpb25zIEVDQyBSb290Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKg QehLgoRc4vgxEZmGZE4JJS+dQS8KrjVPdJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJa jq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoKVlp8aQuqgAkkbH7BRqNC MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFLQi C4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaep lSTAGiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7Sof TUwJCA3sS61kFyjndc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD 75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp 5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p 6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7 dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI l7WdmplNsDz4SgCbZN2fOUvRJ9e4 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1Ix DzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5k IFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMT N0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9v dENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAxMTIxWjCBpjELMAkG A1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh ZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkx QDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 dGlvbnMgUm9vdENBIDIwMTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC AQDC+Kk/G4n8PDwEXT2QNrCROnk8ZlrvbTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA 4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+ehiGsxr/CL0BgzuNtFajT0 AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+6PAQZe10 4S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06C ojXdFPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV 9Cz82XBST3i4vTwri5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrD gfgXy5I2XdGj2HUb4Ysn6npIQf1FGQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6 Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2fu/Z8VFRfS0myGlZYeCsargq NhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9muiNX6hME6wGko LfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNV HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVd ctA4GGqd83EkVAswDQYJKoZIhvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0I XtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+D1hYc2Ryx+hFjtyp8iY/xnmMsVMI M4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrMd/K4kPFox/la/vot 9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+yd+2V Z5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/ea j8GsGsVn82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnh X9izjFk0WaSrT2y7HxjbdavYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQ l033DlZdwJVqwjbDG2jJ9SrcR5q+ss7FJej6A7na+RZukYT1HCjI/CbM1xyQVqdf bzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVtJ94Cj8rDtSvK6evIIVM4 pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGaJI7ZjnHK e7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0 vm9qp/UsQu0yrbYhnr68 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw MTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw JQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG SIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT 3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU +ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1 bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL vYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK Vsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK dHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT c+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv l7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N iGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB /zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD ggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH 6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt LRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93 nAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3 +wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK W2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT AwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq l1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG 4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A 7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBN MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu VHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN MzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0 MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIi MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7 ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGy RBb06tD6Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlS bdsHyo+1W/CD80/HLaXIrcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF /YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R 3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZZoY+rfGwyj4GD3vw EUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFnol57plzy 9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V GxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ 2fjXctscvG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsV WaFHVCkugyhfHMKiq3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gD W/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcN AQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHV DRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9 TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G lwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwW mhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4Df WN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5 +bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJ tshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhA GaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv 8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFkzCCA3ugAwIBAgIRAJBmYahiPWVEdwQ/cZrDlwwwDQYJKoZIhvcNAQEFBQAw OzELMAkGA1UEBhMCU0UxETAPBgNVBAoMCEluZXJhIEFCMRkwFwYDVQQDDBBTSVRI UyBSb290IENBIHYxMB4XDTEyMDMyOTA3NTQ0OVoXDTMyMDMyOTA3NTQ0OVowOzEL MAkGA1UEBhMCU0UxETAPBgNVBAoMCEluZXJhIEFCMRkwFwYDVQQDDBBTSVRIUyBS b290IENBIHYxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwO3mnqis qP/YNbn8+/CVTz89RyPRksnJ+PDiH4atiD/gAM9PEZVhPaXWIBnRiNLCVglFIKEq 6iLD6rrMQmmeuIWfcMBsp75vo1zdQ4gHzcop32l6Hy2fVmobYiAhYcZQS2V1SUa/ XNcpHsIehULhDjhNwzZxQkRROtFYzMm0qmxAx4PxxwmfSvNr8wcWNfSCjl6LhNxx ebn7bldFt8VwOv9CAtE0v4VwbU+P5x8ZIffVNLzuWeYuIvNxgmIZnwVkfDsicRil LcF4WJnRr96UQAYZdhNQhyPLR1eubMUT6pqFUsPKVyYf3hZtrXF+8thh/eY2TnEa ndMgNa0SIVh1NouJFqQ3KM+ggzpAo8oR77TlkBvjZZJnmG8OKeVnGNeI+o22x3ql oH+RHqu2+XSYdlJgL1o3majb0T7WhGpvUtO02hrHuLLRlBEfxYiJ6Vupo5Tmon1N pzKJod4ma83Vo/IyG9o1E4kRSU2/RjG76S0T+A4Apf4D9VZGPI8TK+Dlxx4D34rq RoVFhtntXgu4ZJP00FguKY1FV02JdZBlzGo7wZyAubSANQOO324qk76mvgoBRG9A c6oqghyEdn9p3bG7kljoQFFyXPc+OUT6pZmgf42LsEFYd60ixaDAuv0xmTVq2ckg Gl7zvbwIf91JLS+dkRANW6g/z7RXcztb4GcCAwEAAaOBkTCBjjAPBgNVHRMBAf8E BTADAQH/MEwGA1UdIARFMEMwQQYJKoVwSggBAgEBMDQwMgYIKwYBBQUHAgEWJmh0 dHA6Ly9jcHMuc2l0aHMuc2Uvc2l0aHNyb290Y2F2MS5odG1sMA4GA1UdDwEB/wQE AwIBBjAdBgNVHQ4EFgQUMvmdT2npmI2g1ox9+R3Oozy6dhUwDQYJKoZIhvcNAQEF BQADggIBAB8/43hYyArKNCIJ2LIFi9FlnOHX130KwByYpSRSODPaZCIjgK7+PYC+ T4/dg/YNTDNa1aM7UIpSWiYUc1GU5FKXY9u3Bqjvj63i7d6jvyDRRtsteOgsJ0Sc POy3F/yJl/Ojol7CWVPgz+S1ATtjUyjTr2ZLNDmvYQ4+m+6zidaToDsBxLMjVBA8 TdeqsNrZbMowRC3dsihiikFg8kATbLB8PkHgi6Y08eeuUYcDjpl/2Wii9pwNeYKy n98kyGZg6LZIRCfIa1a3RIXOArfTinFcV1FXIYzqwlEPUD+AqwRNyVLd5KXyLh9t dbqHHZAL7hiEgHO7i5WEimENTl1in+NmDPs2DifTSPgGiAalX+5+XN2tCh09HKpA eZh5uFCMNo0LCjYL1T7nXYHdbNxtsW8NdJ4sL8IF8kQRsjP6gcVKbT5F1izia18u 5EOVURuZMQXfJRtz0XucxHNJ+2Jg2Wlj3dE+ZW1H+mRMA1hQ2aa+5Spo6z+LEPHm uyIGKJqgpJhpbza01A0ODH3AKTG7LAMn4WenvdGLLraHxArgCQuCoeZPWJ372Phh 4cqXxLi3UDnMMU79LRwa9kfjbOwbBeh/FzUQhNoz5zTmtaTrxCIHSvabWNgPnED7 sYtfov2Z6qJ7WWLRXq7RSnIYK0s2OXIHmlrwYzrPG/nP3UhzWXDk -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ 0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ 3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq 4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQsw CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00 MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBJbnRlcm5ldCBT ZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNSRyBSb290IFgyMHYw EAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0HttwW +1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9 ItgKbppbd9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T AQH/BAUwAwEB/zAdBgNVHQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZI zj0EAwMDaAAwZQIwe3lORlCEwkSHRhtFcP9Ymd70/aTSVaYgLXTWNLxBo1BfASdW tL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1 /q4AaOeMSQ+2b1tbFfLn -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4 MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6 ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+ JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+ HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56 awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/ QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+ naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDczCCAlugAwIBAgIBBDANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJLUjEN MAsGA1UECgwES0lTQTEuMCwGA1UECwwlS29yZWEgQ2VydGlmaWNhdGlvbiBBdXRo b3JpdHkgQ2VudHJhbDEWMBQGA1UEAwwNS0lTQSBSb290Q0EgMTAeFw0wNTA4MjQw ODA1NDZaFw0yNTA4MjQwODA1NDZaMGQxCzAJBgNVBAYTAktSMQ0wCwYDVQQKDARL SVNBMS4wLAYDVQQLDCVLb3JlYSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBDZW50 cmFsMRYwFAYDVQQDDA1LSVNBIFJvb3RDQSAxMIIBIDANBgkqhkiG9w0BAQEFAAOC AQ0AMIIBCAKCAQEAvATk+hM58DSWIGtsaLv623f/J/es7C/n/fB/bW+MKs0lCVsk 9KFo/CjsySXirO3eyDOE9bClCTqnsUdIxcxPjHmc+QZXfd3uOPbPFLKc6tPAXXdi 8EcNuRpAU1xkcK8IWsD3z3X5bI1kKB4g/rcbGdNaZoNy4rCbvdMlFQ0yb2Q3lIVG yHK+d9VuHygvx2nt54OJM1jT3qC/QOhDUO7cTWu8peqmyGGO9cNkrwYV3CmLP3WM vHFE2/yttRcdbYmDz8Yzvb9Fov4Kn6MRXw+5H5wawkbMnChmn3AmPC7fqoD+jMUE CSVPzZNHPDfqAmeS/vwiJFys0izgXAEzisEZ2wIBA6MyMDAwHQYDVR0OBBYEFL+2 J9gDWnZlTGEBQVYx5Yt7OtnMMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF BQADggEBABOvUQveimpb5poKyLGQSk6hAp3MiNKrZr097LuxQpVqslxa/6FjZJap aBV/JV6K+KRzwYCKhQoOUugy50X4TmWAkZl0Q+VFnUkq8JSV3enhMNITbslOsXfl BM+tWh6UCVrXPAgcrnrpFDLBRa3SJkhyrKhB2vAhhzle3/xk/2F0KpzZm4tfwjeT 2KM3LzuTa7IbB6d/CVDv0zq+IWuKkDsnSlFOa56ch534eJAx7REnxqhZvvwYC/uO fi5C4e3nCSG9uRPFVmf0JqZCQ5BEVLRxm3bkGhKsGigA35vB1fjbXKP4krG9tNT5 UNkAAk/bg9ART6RCVmE6fhMy04Qfybo= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQEL BQAwUTELMAkGA1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6 ZW5pb3dhIFMuQS4xGDAWBgNVBAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkw NzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9L cmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYDVQQDDA9TWkFGSVIg Uk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5QqEvN QLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT 3PSQ1hNKDJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw 3gAeqDRHu5rr/gsUvTaE2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr6 3fE9biCloBK0TXC5ztdyO4mTp4CEHCdJckm1/zuVnsHMyAHs6A6KCpbns6aH5db5 BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwiieDhZNRnvDF5YTy7ykHN XGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD AgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsF AAOCAQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw 8PRBEew/R40/cof5O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOG nXkZ7/e7DDWQw4rtTw/1zBLZpD67oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCP oky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul4+vJhaAlIDf7js4MNIThPIGy d05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6+/NNIxuZMzSg LvWpCz/UXeHPhJ/iGcJfitYgHuNztw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFmDCCA4CgAwIBAgIEVRpusTANBgkqhkiG9w0BAQsFADBDMQswCQYDVQQGEwJa QTERMA8GA1UEChMITEFXdHJ1c3QxITAfBgNVBAMTGExBV3RydXN0IFJvb3QgQ0Ey ICg0MDk2KTAgFw0yMzAyMTQwOTE5MzhaGA8yMDUzMDIxNDA5NDkzOFowQzELMAkG A1UEBhMCWkExETAPBgNVBAoTCExBV3RydXN0MSEwHwYDVQQDExhMQVd0cnVzdCBS b290IENBMiAoNDA5NikwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM F8srQ7ps+cmTimUNEkzsJxS3E3ng1NUtGFbx+eoqEBZObETHamVG85qJNdGH+DOJ L4gJGpIQkZDBa58Obn8mihNdGKxoAQ0QeGVw2I6PhFqXMBjQEQ5KjVIQpYErUSj1 Y8S27ECzAeWtd73lOO+8jbPdGaB7DY2022r7JTNa+pGvxHFFMPiIKXvLv9W6JwSO 3bIA98pcmTUU6v11BhUIu8pXaPs/+7Q0c2PR1ePIOFppfWp6RAwNik7tkh0Qjzsi LLbf7cXG8Il5VGVeXxu9j33fubft6+TFB9FnPJU7kf5CelJAgATSOVdL9JJ9/5vv 5Z3JCbKREjimKQg7ruvKzO1N504hAQf8bzLOaYyEUsZ36icwCt6lrzAraB+s1Owh rSJJds4PwvIHKvlqEoOaOwSuGXr+oYYk+kFeJXxArCe24yk2bzXiV9AZWN//ZPbD AUl22yu+vLlPFArVG1gh9hwuAHz4lLXLNxoU5DK5FtRg7AWqXzL6aiMSrNQQu9Ki grRLDotwJ6rWB8FniPqEwwjJioTI0jdygQ+NFkrk1zVRpTgPjIRLlTbA9ded4F2P q5HuAAi5nVIf7PiZu3lWsUna0uXYYYtbr/CrN8V7Go6Gvn7FexUeYWjoC4eLc0mh F3N+KXiOyuBBL3VzdKKXOn/3LnQJuExgi0Y2GRAtnQIDAQABo4GRMIGOMA8GA1Ud EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMCsGA1UdEAQkMCKADzIwMjMwMjE0 MDkxOTM4WoEPMjA1MzAyMTQwOTQ5MzhaMB8GA1UdIwQYMBaAFNfWVmJcPxeB5nNE KfVRBe8LYDesMB0GA1UdDgQWBBTX1lZiXD8XgeZzRCn1UQXvC2A3rDANBgkqhkiG 9w0BAQsFAAOCAgEASZwp/j3snkV/qz48/iNvNz53p1P/eJ/8SUSAV2acbtp5/81F rUyTv7VZxukQt+X4jPuHxR6L2LM/ApYKu4qO79e0wIMgOJdZRWT89ncT8gnXocg4 dAjq+UhM+h8EnLT/7G5WNnKTbJU+LF/eDwurycwVPhaPZvyyELih0bTewGMZzO9T qnU2IoslH7+byNfBX+ymNwmqe2K89iIt8dZY3Yy7UvQLp3apensajdytmoFiLoYF kHJHL6HJZ4SwDWywuJsWt9CZFC+cEpsjqI2mQx7p5S3leKcfZJRktneyqFz7Casp 6x5tddH20MWlwx2fHvMaLbLIH+UoCm7zX/3a5iOhdpBcS5gBgizuRy0CGl9/NMVp tXKtPvPPnm34KegRJyvgWQsbYetKymmlpNXNURuUjnnN3/audF2xLBuGU/7RMAZB NAdigkz0fseHdA6wIR4JIIDBsxU9Rm3T8QaSP++glYocbncxtut4KQx77oKlT36k KV6eqi34jsDz/A0GhZtO3PfiCXzQFFEeerMjr/rRYSpltQHZuOMHyiR20vBKvu+G BIBCFXARaH7Xx7v+506bnJWlHEqkydAJjKrOSNIekpfXEentZsw33PXXG3SbpupC rF0y4Fj0gUf/0hLifhzcSXaWwx2fS8pcKjdbPYrROJsh2uO/RUPT4Fh3Hyg= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEHjCCAwagAwIBAgIET7PQ7jANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMC WkExETAPBgNVBAoTCExBV3RydXN0MTIwMAYDVQQLEylMQVcgVHJ1c3RlZCBUaGly ZCBQYXJ0eSBTZXJ2aWNlcyBQVFkgTHRkLjEzMDEGA1UEAxMqTEFXdHJ1c3QgUm9v dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMDQ4MB4XDTEyMDUxNjE1NDAxOFoX DTMyMDUxNjE2MTAxOFowgYkxCzAJBgNVBAYTAlpBMREwDwYDVQQKEwhMQVd0cnVz dDEyMDAGA1UECxMpTEFXIFRydXN0ZWQgVGhpcmQgUGFydHkgU2VydmljZXMgUFRZ IEx0ZC4xMzAxBgNVBAMTKkxBV3RydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRo b3JpdHkgMjA0ODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKTckbEK FR42rhFERZfVJTWHixsK0c9w+iZBsfxKDahatWan3B9uHQjppoYLZkRcuFCiMJYC C4jIFVQXr/rX5GoPgMfO5eimmbJLf5JNNmVU7iEwI+QPx0LnXcwvGz5rCqc+0Y8H Lti3+s8YVTWZs9BSuw3nqUsb+/tG/wEJsjdPsf15Ovg27GMq3Ps48bfoYeCR0rt4 FTZ0vR21Xtm9tm4I/Hn2un/kHC1AvR22A6QCyOtqGNt3ZWe1k2o64N0kV6uB4v1x 19de7Y78YMXnufwjprlr99zTJgKabuADhfvFp8ZR7MlpE/QWC+00ASIje90rQZap Okzqald1KwsPFD8CAwEAAaOBizCBiDArBgNVHRAEJDAigA8yMDEyMDUxNjE1NDAx OFqBDzIwMzIwNTE2MTYxMDE4WjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUXN46 MzRJZMSSMXxVXvXyO0/uwx0wHQYDVR0OBBYEFFzeOjM0SWTEkjF8VV718jtP7sMd MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAJYl5BxGneuWSlaE5zbA r7IxxqtnyTv3X3GZZK5U4w1KccxcfNI1u0cSx7PEkW1UCTbFREaCF1InNnmLukSU tIJxZdM1Vf7Drj8j9vpFho1VjvbHmc/PP+RHepzwqVQIuqQ/lIxALIQkAyJFx3Ep GFxV/O9dh/2nmoMD3L++jESN6/FiWlNpjYADYLMP53hDTKnZsXJAy1hEx3Xo1oni Sv73kKyE9ybEQOGUuFPcsgPyJiQXZc2yxtOTncJhG1GfzSQbALNltD5qs98Gha2c h3bc08fCFrHFult+FUU9Nnuc8yanErD2np40mrN3C6pHDoXsFWENtjplBI59Oz+I c88= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFwzCCA6ugAwIBAgIUCn6m30tEntpqJIWe5rgV0xZ/u7EwDQYJKoZIhvcNAQEL BQAwRjELMAkGA1UEBhMCTFUxFjAUBgNVBAoMDUx1eFRydXN0IFMuQS4xHzAdBgNV BAMMFkx1eFRydXN0IEdsb2JhbCBSb290IDIwHhcNMTUwMzA1MTMyMTU3WhcNMzUw MzA1MTMyMTU3WjBGMQswCQYDVQQGEwJMVTEWMBQGA1UECgwNTHV4VHJ1c3QgUy5B LjEfMB0GA1UEAwwWTHV4VHJ1c3QgR2xvYmFsIFJvb3QgMjCCAiIwDQYJKoZIhvcN AQEBBQADggIPADCCAgoCggIBANeFl78RmOnwYoNMPIf5U2o3C/IPPIfOb9wmKb3F ibrJgz337spbxm1Jc7TJRqMbNBM/wYlFV/TZsfs2ZUv7COJIcRHIbjuend+JZTem hfY7RBi2xjcwYkSSl2l9QjAk5A0MiWtj3sXh306pFGxT4GHO9hcvHTy95iJMHZP1 EMShduxq3sVs35a0VkBCwGKSMKEtFZSg0iAGCW5qbeXrt77U8PEVfIvmTroTzEsn Xpk8F12PgX8zPU/TPxvsXD/wPEx1bvKm1Z3aLQdjAsZy6ZS8TEmVT4hSyNvoaYL4 zDRbIvCGp4m9SAptZoFtyMhk+wHh9OHe2Z7d21vUKpkmFRseTJIpgp7VkoGSQXAZ 96Tlk0u8d2cx3Rz9MXANF5kM+Qw5GSoXtTBxVdUPrljhPS80m8+f9niFwpN6cj5m j5wWEWCPnolvZ77gR1o7DJpni89Gxq44o/KnvObWhWszJHAiS8sIm7vI+AIpHb4g DEa/a4ebsypmQjVGbKq6rfmYe+lQVRQxv7HaLe2ArWgk+2mr2HETMOZns4dA/Yl+ 8kPREd8vZS9kzl8UubG/Mb2HeFpZZYiq/FkySIbWTLkpS5XTdvN3JW1CHDiDTf2j X5t/Lax5Gw5CMZdjpPuKadUiDTSQMC6otOBttpSsvItO13D8xTiOZCXhTTmQzsmH hFhxAgMBAAGjgagwgaUwDwYDVR0TAQH/BAUwAwEB/zBCBgNVHSAEOzA5MDcGByuB KwEBAQowLDAqBggrBgEFBQcCARYeaHR0cHM6Ly9yZXBvc2l0b3J5Lmx1eHRydXN0 Lmx1MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBT/GCh2+UgFLKGu8SsbK7JT +Et8szAdBgNVHQ4EFgQU/xgodvlIBSyhrvErGyuyU/hLfLMwDQYJKoZIhvcNAQEL BQADggIBAGoZFO1uecEsh9QNcH7X9njJCwROxLHOk3D+sFTAMs2ZMGQXvw/l4jP9 BzZAcg4atmpZ1gDlaCDdLnINH2pkMSCEfUmmWjfrRcmF9dTHF5kH5ptV5AzoqbTO jFu1EVzPig4N1qx3gf4ynCSecs5U89BvolbW7MM3LGVYvlcAGvI1+ut7MV3CwRI9 loGIlonBWVx65n9wNOeD4rHh4bhY79SV5GCc8JaXcozrhAIuZY+kt9J/Z93I055c qqmkoCUUBpvsT34tC38ddfEz2O3OuHVtPlu5mB0xDVbYQw8wkbIEa91WvpWAVWe+ 2M2D2RjuLg+GLZKecBPs3lHJQ3gCpU3I+V/EkVhGFndadKpAvAefMLmx9xIX3eP/ JEAdemrRTxgKqpAd60Ae36EeRJIQmvKN4dFLRp7oRUKX6kWZ8+xm1QL68qZKJKre zrnK+T+Tb/mjuuqlPpmt/f97mfVl7vBZKGfXkJWkE4SphMHozs51k2MavDzq1WQf LSoSOcbDWjLtR5EWDrw4wVDej8oqkDQc7kGUnF4ZLvhFSZl0kbAEb+MEWrGrKqv+ x9CWttrhSmQGbmBNvUJO/3jaJMobtNeWOWyu8Q6qp31IiyBMz2TWuJdGsE7RKlY6 oJO9r4Ak4Ap+58rVyuiFVdw2KuGUaJPHZnJED4AhMmwlxyOAgwrr -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGEjCCA/qgAwIBAgIQPPt99H6ktMZyoD/D0lx8xjANBgkqhkiG9w0BAQsFADB4 MQswCQYDVQQGEwJNTzExMC8GA1UEChMoTWFjYW8gUG9zdCBhbmQgVGVsZWNvbW11 bmljYXRpb25zIEJ1cmVhdTE2MDQGA1UEAxMtZVNpZ25UcnVzdCBSb290IENlcnRp ZmljYXRpb24gQXV0aG9yaXR5IChHMDMpMB4XDTE3MDEwMTAwMDAwMFoXDTQxMTIz MTIzNTk1OVoweDELMAkGA1UEBhMCTU8xMTAvBgNVBAoTKE1hY2FvIFBvc3QgYW5k IFRlbGVjb21tdW5pY2F0aW9ucyBCdXJlYXUxNjA0BgNVBAMTLWVTaWduVHJ1c3Qg Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAoRzAzKTCCAiIwDQYJKoZIhvcN AQEBBQADggIPADCCAgoCggIBAMRTjgN1XSSze9lMBwJY56POLX9YVbYWxPJx8Pzo 055B1hR9N6OdkFzPMiSq5LgxZ8JjlqXK82lWKv/JMEZBKcQ20k70hgaQMce/7SXv w5lTQ+O4cNzf7yXVv5/BgOQTtz+ESYJEeniTXeWt1GLyy1NC7hGT79azuQ0I3qnK EyOWUGlboD/2H5M6yPlBXzb334tgTFZ9h8e3m4eoAyj4Aq5tLQwCJPjkcSXcigDn iOKxs7bStSSQkoNzp7x4DbgAcNRiPMVXhx/aAGU1KBZ6mPKeYijBBsm1pd1fCPuI Q/qjoiF8gAZl/L66u06Sv5f2JHiIkksW63KN2Vof4v8PtHjCZg4Rqm6HMkbOX89/ icxalBVVeEpndvhOSn4i5Pg8xU0YLx3hbe1/P56+pG2Rvv4lHGy1Ic9skiR/gJ72 IKwUe+fg2hI0RXHODNRmOF1vVqm4mW4zdg7aGJK/r3fx5NucUsR8yIyBUyX/Cnvs a8AT+zp5/7zvERvbVnVFW/usZYZ/QtWLGRAEKne6t4PDCMIYapVuFgM3mXGGPq97 ZsX+sKeACuqi4xLCVlFm+uQ5rSAfxQqUknUrQZicUAM3msRezyFa6nitTfzl/MGV 2IM0AtyKgflZJtXlf5M/dfcRIKdoliAluHy30mA+JgsGL91ab/H9Dyiu9z+fHbVZ 8abNAgMBAAGjgZcwgZQwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw MQYDVR0RBCowKKQmMCQxIjAgBgNVBAMTGU1QRVNULVBST0QtT2ZmbGluZS00MDk2 LTEwHQYDVR0OBBYEFBzgIGE9BuTtLG1VuI41rtls5UeBMB8GA1UdIwQYMBaAFBzg IGE9BuTtLG1VuI41rtls5UeBMA0GCSqGSIb3DQEBCwUAA4ICAQBcONUKhiMtAWTY xoo2RwG1wt42Zs+CXIAwaxX/n3SCwrQ5c2MVJrQtGJAsdONidAJOsQo45z2ah1WK FMtDfQHyfIfcv0fbgjPgfZ+H2XfnQCujZgNQOVPokBtk6JLVdRkM8QEI/ST7DZB1 OtsXl32gZRpgf3bC/1fHm1N94wbEvfZp1l9XjYW9yhJxUJt+/4qTlEEojG1D7WaE DagxBGfe7WM7bDAg39TtsTeB7eCrQC4aQvnyYeA86AinuF4BerjVKcwPHl1F+ld/ 7h8xMONwpNCa49/TK2SeUKQzd/PZbSXz+quSYKAefbW03P4NOFah5duW/Nl+zfwn ExGik+Y7NZfXCQ/MhboMrJ5QjVJHULobOqoX5sDYGxo+GDwXz2iEgOBETijPKkPx x7iqx55Wfn/H1fsUmMMggB7+dS1jmKf1BVKpXn7pUCm2qZMuaGYJFBv8q5wIaTXa c5fOAi9MapIBymFIYY+DjjZxyRraIBn9gYLvwYD8V9R/+SnU3fQ/84CXPp9OHaRk uZehgmYi1uQgYIm1/mkNKy7WBIOdlHHMw2i6bKqFp7Ia4OtAP4nfa2oIQ8T0jENJ H/gEwUuTxYZSitBj00TEX528OsyuKoD9OFYsPyamAJclOWXL23QBEXaru0rkm2f0 N6rD89yf8GkKtB/r2OAom62ooTchLg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICQDCCAeWgAwIBAgIMAVRI7yH9l1kN9QQKMAoGCCqGSM49BAMCMHExCzAJBgNV BAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMgTHRk LjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25vIFJv b3QgQ0EgMjAxNzAeFw0xNzA4MjIxMjA3MDZaFw00MjA4MjIxMjA3MDZaMHExCzAJ BgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMg THRkLjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25v IFJvb3QgQ0EgMjAxNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJbcPYrYsHtv xie+RJCxs1YVe45DJH0ahFnuY2iyxl6H0BVIHqiQrb1TotreOpCmYF9oMrWGQd+H Wyx7xf58etqjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G A1UdDgQWBBSHERUI0arBeAyxr87GyZDvvzAEwDAfBgNVHSMEGDAWgBSHERUI0arB eAyxr87GyZDvvzAEwDAKBggqhkjOPQQDAgNJADBGAiEAtVfd14pVCzbhhkT61Nlo jbjcI4qKDdQvfepz7L9NbKgCIQDLpbQS+ue16M9+k/zzNY9vTlp8tLxOsvxyqltZ +efcMQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0 ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G CSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2MTYxMTMwMThaFw0y OTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3Qx FjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3pp Z25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvP kd6mJviZpWNwrZuuyjNAfW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tc cbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4U fIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7 N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbC xkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1 +rUCAwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G A1UdDgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqG SIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5DwpL7v8u8h mLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfXI/OMn74dseGk ddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c 2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5t HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDIzCCAqigAwIBAgIQFJgmZtx8zY9AU2d7uZnshTAKBggqhkjOPQQDAzCBlDEL MAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1v bmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE+MDwGA1UEAxM1TWlj cm9zb2Z0IEVDQyBQcm9kdWN0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIw MTgwHhcNMTgwMjI3MjA0MjA4WhcNNDMwMjI3MjA1MDQ2WjCBlDELMAkGA1UEBhMC VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE+MDwGA1UEAxM1TWljcm9zb2Z0IEVD QyBQcm9kdWN0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTgwdjAQBgcq hkjOPQIBBgUrgQQAIgNiAATHERYqdh1Wjr65YmXUw8608MMw7I9t1245vMhJq6u4 40N41YEGXe/HfZ/O1rOQdd4MsJDeI7rI0T5n4BmpG4YxHl80Le4X/RX7fieKMqHq yY/JfhjLLzssSHp9pvQBB6yjgbwwgbkwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB /wQFMAMBAf8wHQYDVR0OBBYEFEPvcIe4nb/siBncxsRrdQ11NDMIMBAGCSsGAQQB gjcVAQQDAgEAMGUGA1UdIAReMFwwBgYEVR0gADBSBgwrBgEEAYI3TIN9AQEwQjBA BggrBgEFBQcCARY0aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9Eb2Nz L1JlcG9zaXRvcnkuaHRtADAKBggqhkjOPQQDAwNpADBmAjEAocBJRF0yVSfMPpBu JSKdJFubUTXHkUlJKqP5b08czd2c4bVXyZ7CIkWbBhVwHEW/AjEAxdMo63LHPrCs Jwl/Yj1geeWS8UUquaUC5GC7/nornGCntZkU8rC+8LsFllZWj8Fo -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICWTCCAd+gAwIBAgIQZvI9r4fei7FK6gxXMQHC7DAKBggqhkjOPQQDAzBlMQsw CQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYD VQQDEy1NaWNyb3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIw MTcwHhcNMTkxMjE4MjMwNjQ1WhcNNDIwNzE4MjMxNjA0WjBlMQswCQYDVQQGEwJV UzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNy b3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwdjAQBgcq hkjOPQIBBgUrgQQAIgNiAATUvD0CQnVBEyPNgASGAlEvaqiBYgtlzPbKnR5vSmZR ogPZnZH6thaxjG7efM3beaYvzrvOcS/lpaso7GMEZpn4+vKTEAXhgShC48Zo9OYb hGBKia/teQ87zvH2RPUBeMCjVDBSMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8E BTADAQH/MB0GA1UdDgQWBBTIy5lycFIM+Oa+sgRXKSrPQhDtNTAQBgkrBgEEAYI3 FQEEAwIBADAKBggqhkjOPQQDAwNoADBlAjBY8k3qDPlfXu5gKcs68tvWMoQZP3zV L8KxzJOuULsJMsbG7X7JNpQS5GiFBqIb0C8CMQCZ6Ra0DvpWSNSkMBaReNtUjGUB iudQZsIxtzm6uBoiB078a1QWIP8rtedMDE2mT3M= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDFzCCAp6gAwIBAgIQFTh14WR+0bBHtO+vQRKCRTAKBggqhkjOPQQDAzCBjzEL MAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1v bmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE5MDcGA1UEAxMwTWlj cm9zb2Z0IEVDQyBUUyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE4MB4X DTE4MDIyNzIwNTEzNFoXDTQzMDIyNzIxMDAxMlowgY8xCzAJBgNVBAYTAlVTMRMw EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN aWNyb3NvZnQgQ29ycG9yYXRpb24xOTA3BgNVBAMTME1pY3Jvc29mdCBFQ0MgVFMg Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxODB2MBAGByqGSM49AgEGBSuB BAAiA2IABN7Nu3Ag8SUgtJTo17Q7D26H3ausz01AL4Eza1kJGNaHDSYjnLSNlZ12 n6W5BkLmrTayxLOuejwI1cudOl5FIWwL4yD1m8LdRDPjQrnq8ihCkqr+DAfKihOZ O2IA7drzNaOBvDCBuTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAd BgNVHQ4EFgQU6EfIQpqwna5vCyg7mBWP47HogLIwEAYJKwYBBAGCNxUBBAMCAQAw ZQYDVR0gBF4wXDAGBgRVHSAAMFIGDCsGAQQBgjdMg30BATBCMEAGCCsGAQUFBwIB FjRodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9y eS5odG0AMAoGCCqGSM49BAMDA2cAMGQCMBSGUMAmGuvqoRR3OlvfYzmlM8dQQNVr NWsPtN99VrnhpZ14GYKhQ24a11ijVQNC2wIwGJS0HjqNZPoMJxuHE0rStzoAlMby 5WO/r+P63JPV50aaa4FpPgLfUQ2PKHFBiZEv -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFzDCCA7SgAwIBAgIQVJjS0dRbGZVIE3nIEcCHmTANBgkqhkiG9w0BAQwFADB3 MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMUgw RgYDVQQDEz9NaWNyb3NvZnQgSWRlbnRpdHkgVmVyaWZpY2F0aW9uIFJvb3QgQ2Vy dGlmaWNhdGUgQXV0aG9yaXR5IDIwMjAwHhcNMjAwNDE2MTgzNjE2WhcNNDUwNDE2 MTg0NDQwWjB3MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv cmF0aW9uMUgwRgYDVQQDEz9NaWNyb3NvZnQgSWRlbnRpdHkgVmVyaWZpY2F0aW9u IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMjAwggIiMA0GCSqGSIb3DQEB AQUAA4ICDwAwggIKAoICAQCzkSoHgwZn/Z6d4MfAt6TmQgR/D6bbX/vVWtdFoPt3 C/CA86ZtWk15U9ighoRXRSDHolT7x6K/isduNfOiFcQvTuNKhZZJDf++mdgU9rwn B+5Cmyv1C5IG5P1pE2WokXLymITrgz0O5NdxEkghyw3t9kdJt5v5yccXtoRP/7is mtdzZ0mF44a9N0DQJYbU3rXCbWJq1al4vC1vSfnlbBQU/RTH02UWN97LbrxeKY39 YpsVLNYF5rmJMjOjYsfX1lJnCMQu9FYrnguHzOyntKaq6wXNGVelOgsEJxyRZ54t Yi0vHr7awCDLBBnKM/uJvpjicqByNb554ZyDb+RtF2+Q8z0AhnU4jtDgSZq729P4 MMrVV4hoTXLTv21/cdj9vQ2ukmRIt1tveSa1zZuVIYTR7w8yPXtXjPNFB0x84F4Y DjV2i22eyzZ0qwX44HNdMlaUZ5clCsY1PZSX58FEi4D9wfj0dBnlMPYG+yFXPgYc i2sVhidJe4KTylnodUfoPzj0x1N5oLa04lxR771fOMET5ngMlVouxUBZKMwPJMDs ugl3I5k4prYc2se6ILbXN9h/N68I4ztx225zG32ZcrDkhjNZdLUWAHtQbcaGE9r9 xDmCPSQAmmDaupTABVEsNKxQmROHu7MFgLJNMAJcuCaDXbRjc++uI5VPYCi+N9Vb pQIDAQABo1QwUjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV HQ4EFgQUyH7SaoUqG8oZmAQHJ89QEE9oqKIwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ KoZIhvcNAQEMBQADggIBAK9q3eYZ5y2UQxlOy+lQlWSlA5ECi+I2gDsVolLCFhm2 alpddEMw9Jv/YHQJsSEekBZtxSSPXGaIY/RPzH3yEkxAEIsBn9qpyK7ylRvPnQXr ST50oGhb5VYsZRyCflPaVtlGF3mSRcQQNghSKRfLL6byftRpJIoej7BzDcwcSquy qu2nkWMBZCKoMrh+MiizZ3MtkbTcMQEL90cKpvHXSu1WYMQsCKN7QLC8dCdSh9a+ iN03ioluZ4gd9cldoP62qzqA1xqXPBc2IkEerE3Vg+Y8OL1PMOlUqdO2BMMydmG7 sBjFKxizwIDVt5WwXlFNIvzsWKro2JS0pS7tkt7nGHwhV91VY/e/bc0f0qZ3KHDH 4ls6WwjSW07IAJaz4YM2r4YKZVx09ursemp0oPBL7u+Uo6xQ8oft1zowg8n7fVe+ 5eP4QcrlZK6zo+xY7IWazO+56vNWGLlcc5qvxXcXg1nbNxoYclSlQdK2I3WjQ5rl d3yWebdBjb/s3ICgn9F3dVhfNRPgJRpnC33OJfoHCuRhIdjUHOUHxjaZ9JbQxhX+ Ts3Xroud2xb9BMaSvdSI5qmjqrv3ZDg7X8wM0DW+dBkDpsWqTKJhNoI+HfMrvJdd 20t4Oy31O+9gI+j17AsjNpWvmGa/U9N7uGlKKpZmacSUxvRfbqyYeIiABlyisu2i -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEEjCCAvqgAwIBAgIPAMEAizw8iBHRPvZj7N9AMA0GCSqGSIb3DQEBBAUAMHAx KzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBNaWNyb3NvZnQgQ29ycC4xHjAc BgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0 IFJvb3QgQXV0aG9yaXR5MB4XDTk3MDExMDA3MDAwMFoXDTIwMTIzMTA3MDAwMFow cDErMCkGA1UECxMiQ29weXJpZ2h0IChjKSAxOTk3IE1pY3Jvc29mdCBDb3JwLjEe MBwGA1UECxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3Nv ZnQgUm9vdCBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQCpAr3BcOY78k4bKJ+XeF4w6qKpjSVf+P6VTKO3/p2iID58UaKboo9gMmvRQmR5 7qx2yVTa8uuchhyPn4Rms8VremIj1h083g8BkuiWxL8tZpqaaCaZ0Dosvwy1WCbB RucKPjiWLKkoOajsSYNC44QPu5psVWGsgnyhYC13TOmZtGQ7mlAcMQgkFJ+p55Er GOY9mGMUYFgFZZ8dN1KH96fvlALGG9O/VUWziYC/OuxUlE6u/ad6bXROrxjMlgko IQBXkGBpN7tLEgc8Vv9b+6RmCgim0oFWV++2O14WgXcE2va+roCV/rDNf9anGnJc PMq88AijIjCzBoXJsyB3E4XfAgMBAAGjgagwgaUwgaIGA1UdAQSBmjCBl4AQW9Bw 72lyniNRfhSyTY7/y6FyMHAxKzApBgNVBAsTIkNvcHlyaWdodCAoYykgMTk5NyBN aWNyb3NvZnQgQ29ycC4xHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEh MB8GA1UEAxMYTWljcm9zb2Z0IFJvb3QgQXV0aG9yaXR5gg8AwQCLPDyIEdE+9mPs 30AwDQYJKoZIhvcNAQEEBQADggEBAJXoC8CN85cYNe24ASTYdxHzXGAyn54Lyz4F kYiPyTrmIfLwV5MstaBHyGLv/NfMOztaqTZUaf4kbT/JzKreBXzdMY09nxBwarv+ Ek8YacD80EPjEVogT+pie6+qGcgrNyUtvmWhEoolD2Oj91Qc+SHJ1hXzUqxuQzIH /YIX+OVnbA1R9r3xUse958Qw/CAxCYgdlSkaTdUdAqXxgOADtFv0sd3IV+5lScdS VLa0AygS/5DW8AiPfriXxas3LOR65Kh343agANBqP8HSNorgQRKoNWobats14dQc BOSoRQTIWjM4bk0cDWK3CqKM09VUP0bNHFWmcNsSOoeTdZ+n0qA= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIF7TCCA9WgAwIBAgIQKMw6Jb+6RKxEmptYa0M5qjANBgkqhkiG9w0BAQsFADCB iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMp TWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMTAw NjIzMjE1NzI0WhcNMzUwNjIzMjIwNDAxWjCBiDELMAkGA1UEBhMCVVMxEzARBgNV BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm aWNhdGUgQXV0aG9yaXR5IDIwMTAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK AoICAQC5CJ4o5OTsBk5QaLNBxXvrrraOr4G6IkQfZTRpTL5wQBfyFnvief2G7Q05 9BuorZKQHss9do9a2bWREC48BY2KbSRU5x/tVq2DtFCcFaUXdIhZIPwIxYR202jU byh4zly481CQRP/jY1++oZoslhUE1gf+HoQh4EIxEcQoNpTPUKRinsnWq3EAslsM 5pbUCiSW9f/G1bcb18u3IWKvEtyhXTfjGvsaRpjAm8DnYx8qCJMCfh5qjvKfGInk IoWisYRXQP/1DthvnO3iRTEBzRfpf7CBReOqIUAmoXKqp088AQV+7oNYsV4GY5li kXiCtw2TDCRqtBvbJ+xflQQ/k0ow9ZcYs6f5GaeTMx0ByNsiUlzXJclG+aL7h1lD vptisY0thkQaRqx4YX4wCfquicRBKiJmA5E5RZzHiwyoyg0v+1LqDPdjMyOd/rAf rWfWp1ADxgRwY7UssYZaQ7f7rvluKW4hIUEmBozJw+6wwoWTobmF2eYybEtMP9Zd o+W1nXfDnMBVt3QA47g4q4OXUOGaQiQdxsCjMNEaWshSNPdz8ccYHzOteuzLQWDz I5QgwkhFrFxRxi6AwuJ3Fb2Fh+02nZaR7gC1o3Dsn+ONgGiDdrqvXXBSIhbiZvu6 s8XC9z4vd6bK3sGmxkhMwzdRI9Mn17hOcJbwoUR2r3jPmuFmEwIDAQABo1EwTzAL BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU1fZWy4/oolxi aNE9lJBb186aGMQwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQELBQADggIB AKylloy/u66m9tdxh0MxVoj9HDJxWzW31PCR8q834hTx8wImBT4WFH8UurhP+4my sufUCcxtuVs7ZGVwZrfysVrfGgLz9VG4Z215879We+SEuSsem0CcJjT5RxiYadgc 17bRv49hwmfEte9gQ44QGzZJ5CDKrafBsSdlCfjN9Vsq0IQz8+8f8vWcC1iTN6B1 oN5y3mx1KmYi9YwGMFafQLkwqkB3FYLXi+zA07K9g8V3DB6urxlToE15cZ8PrzDO Z/nWLMwiQXoH8pdCGM5ZeRBV3m8Q5Ljag2ZAFgloI1uXLiaaArtXjMW4umliMoCJ nqH9wJJ8eyszGYQqY8UAaGL6n0eNmXpFOqfp7e5pQrXzgZtHVhB7/HA2hBhz6u/5 l02eMyPdJgu6Krc/RNyDJ/+9YVkrEbfKT9vFiwwcMa4y+Pi5Qvd/3GGadrFaBOER PWZFtxhxvskkhdbz1LpBNF0SLSW5jaYTSG1LsAd9mZMJYYF0VyaKq2nj5NnHiMwk 2OxSJFwevJEU4pbe6wrant1fs1vb1ILsxiBQhyVAOvvH7s3+M+Vuw4QJVQMlOcDp NV1lMaj2v6AJzSnHszYyLtyV84PBWs+LjfbqsyH4pO0eMQ62TBGrYAukEiMiF6M2 ZIKRBBLgq28ey1AFYbRA/1mGcdHVM2l8qXOKONdkDPFp -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIF7TCCA9WgAwIBAgIQP4vItfyfspZDtWnWbELhRDANBgkqhkiG9w0BAQsFADCB iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMp TWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEw MzIyMjIwNTI4WhcNMzYwMzIyMjIxMzA0WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm aWNhdGUgQXV0aG9yaXR5IDIwMTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK AoICAQCygEGqNThNE3IyaCJNuLLx/9VSvGzH9dJKjDbu0cJcfoyKrq8TKG/Ac+M6 ztAlqFo6be+ouFmrEyNozQwph9FvgFyPRH9dkAFSWKxRxV8qh9zc2AodwQO5e7BW 6KPeZGHCnvjzfLnsDbVU/ky2ZU+I8JxImQxCCwl8MVkXeQZ4KI2JOkwDJb5xalwL 54RgpJki49KvhKSn+9GY7Qyp3pSJ4Q6g3MDOmT3qCFK7VnnkH4S6Hri0xElcTzFL h93dBWcmmYDgcRGjuKVB4qRTufcyKYMME782XgSzS0NHL2vikR7TmE/dQgfI6B0S /Jmpaz6SfsjWaTr8ZL22CZ3K/QwLopt3YEsDlKQwaRLWQi3BQUzK3Kr9j1uDRprZ /LHR47PJf0h6zSTwQY9cdNCssBAgBkm3xy0hyFfj0IbzA2j70M5xwYmZSmQBbP3s MJHPQTySx+W6hh1hhMdfgzlirrSSL0fzC/hV66AfWdC7dJse0Hbm8ukG1xDo+mTe acY1logC8Ea4PyeZb8txiSk190gWAjWP1Xl8TQLPX+uKg09FcYj5qQ1OcunCnAfP SRtOBA5jUYxe2ADBVSy2xuDCZU7JNDn1nLPEfuhhbhNfFcRf2X7tHc7uROzLLoax 7Dj2cO2rXBPB2Q8Nx4CyVe0096yb5MPa50c8prWPMd/FS6/r8QIDAQABo1EwTzAL BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUci06AjGQQ7kU BU7h6qfHMdEjiTQwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQELBQADggIB AH9yzw+3xRXbm8BJyiZb/p4T5tPw0tuXX/JLP02zrhmu7deXoKzvqTqjwkGw5biR nhOBJAPmCf0/V0A5ISRW0RAvS0CpNoZLtFNXmvvxfomPEf4YbFGq6O0JlbXlccmh 6Yd1phV/yX43VF50k8XDZ8wNT2uoFwxtCJJ+i92Bqi1wIcM9BhS7vyRep4TXPw8h Ir1LAAbblxzYXtTFC1yHblCk6MM4pPvLLMWSZpuFXst6bJN8gClYW1e1QGm6CHmm ZGIVnYeWRbVmIyADixxzoNOieTPgUFmG2y/lAiXqcyqfABTINseSO+lOAOzYVgm5 M0kS0lQLAausR7aRKX1MtHWAUgHoyoL2n8ysnI8X6i8msKtyrAv+nlEex0NVZ09R s1fWtuzuUrc66U7h14GIvE+OdbtLqPA1qibUZ2dJsnBMO5PcHd94kIZysjik0dyS TclY6ysSXNQ7roxrsIPlAT/4CTL2kzU0Iq/dNw13CYArzUgA8YyZGUcFAenRv9FO 0OYoQzeZpApKCNmacXPSqs0xE2N2oTdvkjgefRI8ZjLny23h/FKJ3crWZgWalmG+ oijHHKOnNlA8OqTfSm7mhzvO6/DggTedEzxSjr25HTTGHdUKaj2YKXCMiSrRq4IQ SB/c9O+lxbtVGjhjhE63bK2VVOxlIhBJF7jAHscPrFRH -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFqDCCA5CgAwIBAgIQHtOXCV/YtLNHcB6qvn9FszANBgkqhkiG9w0BAQwFADBl MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYw NAYDVQQDEy1NaWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 IDIwMTcwHhcNMTkxMjE4MjI1MTIyWhcNNDIwNzE4MjMwMDIzWjBlMQswCQYDVQQG EwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1N aWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwggIi MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKW76UM4wplZEWCpW9R2LBifOZ Nt9GkMml7Xhqb0eRaPgnZ1AzHaGm++DlQ6OEAlcBXZxIQIJTELy/xztokLaCLeX0 ZdDMbRnMlfl7rEqUrQ7eS0MdhweSE5CAg2Q1OQT85elss7YfUJQ4ZVBcF0a5toW1 HLUX6NZFndiyJrDKxHBKrmCk3bPZ7Pw71VdyvD/IybLeS2v4I2wDwAW9lcfNcztm gGTjGqwu+UcF8ga2m3P1eDNbx6H7JyqhtJqRjJHTOoI+dkC0zVJhUXAoP8XFWvLJ jEm7FFtNyP9nTUwSlq31/niol4fX/V4ggNyhSyL71Imtus5Hl0dVe49FyGcohJUc aDDv70ngNXtk55iwlNpNhTs+VcQor1fznhPbRiefHqJeRIOkpcrVE7NLP8TjwuaG YaRSMLl6IE9vDzhTyzMMEyuP1pq9KsgtsRx9S1HKR9FIJ3Jdh+vVReZIZZ2vUpC6 W6IYZVcSn2i51BVrlMRpIpj0M+Dt+VGOQVDJNE92kKz8OMHY4Xu54+OU4UZpyw4K UGsTuqwPN1q3ErWQgR5WrlcihtnJ0tHXUeOrO8ZV/R4O03QK0dqq6mm4lyiPSMQH +FJDOvTKVTUssKZqwJz58oHhEmrARdlns87/I6KJClTUFLkqqNfs+avNJVgyeY+Q W5g5xAgGwax/Dj0ApQIDAQABo1QwUjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/ BAUwAwEB/zAdBgNVHQ4EFgQUCctZf4aycI8awznjwNnpv7tNsiMwEAYJKwYBBAGC NxUBBAMCAQAwDQYJKoZIhvcNAQEMBQADggIBAKyvPl3CEZaJjqPnktaXFbgToqZC LgLNFgVZJ8og6Lq46BrsTaiXVq5lQ7GPAJtSzVXNUzltYkyLDVt8LkS/gxCP81OC gMNPOsduET/m4xaRhPtthH80dK2Jp86519efhGSSvpWhrQlTM93uCupKUY5vVau6 tZRGrox/2KJQJWVggEbbMwSubLWYdFQl3JPk+ONVFT24bcMKpBLBaYVu32TxU5nh SnUgnZUP5NbcA/FZGOhHibJXWpS2qdgXKxdJ5XbLwVaZOjex/2kskZGT4d9Mozd2 TaGf+G0eHdP67Pv0RR0Tbc/3WeUiJ3IrhvNXuzDtJE3cfVa7o7P4NHmJweDyAmH3 pvwPuxwXC65B2Xy9J6P9LjrRk5Sxcx0ki69bIImtt2dmefU6xqaWM/5TkshGsRGR xpl/j8nWZjEgQRCHLQzWwa80mMpkg/sTV9HB8Dx6jKXB/ZUhoHHBk2dxEuqPiApp GWSZI1b7rCoucL5mxAyE7+WL85MB+GqQk2dLsmijtWKP6T+MejteD+eMuMZ87zf9 dOLITzNy4ZQ5bb0Sr74MTnB8G2+NszKTc0QWbej09+CVgI+WXTik9KveCjCHk9hN AHFiRSdLOkKEW39lt2c0Ui2cFmuqqNh7o0JMcccMyj6D5KbvtwEwXlGjefVwaaZB RA+GsCyRxj3qrg+E -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGAzCCA+ugAwIBAgIQL9Z6QyKTMpBF6VM0PuJ0ZjANBgkqhkiG9w0BAQsFADCB kzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE9MDsGA1UEAxM0 TWljcm9zb2Z0IFRpbWUgU3RhbXAgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkg MjAxNDAeFw0xNDEwMjIyMjA4NTdaFw0zOTEwMjIyMjE1MTlaMIGTMQswCQYDVQQG EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMT0wOwYDVQQDEzRNaWNyb3NvZnQg VGltZSBTdGFtcCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE0MIICIjAN BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArgHUXaBYyu3ozOE3RkYQW3rEUrgL WI8FPV2prVHiA4ngBhL4AnhrXgRQz7bWBAxUHnk3IDzjfmMdRXeYFB2+diLcWqo/ 5G9AYiRjyDzATIcoPWt4a5g5lRpBf3NR/gf8FHzzj4QJ4fjCL6FOvTl9zGNniQyA BM2wgskAiz4JhwOdwnlCxFwhkSuVGmw1R2zIvzwKTur2hXDVxV/BnkfbXMIyYVoI 1nGdLIGffri+baHYZkNpCuTzcvCRSyhgqNXj3YSuKGVVn4QrSnXtJKYsdTHUhXd0 8oBVAmNB8nAI9MjCU5HbFAdlIAmB5orXmw/KDNcbX/3R5XSFXBD7msmmK55Dlsxb cnPQD1WZhxgbPfgpeLBv0XS85SC6Q4sUOGlkoXMPwRYpeU+bhSlosT6ZKo+y3EcG zd/Q6yLcHlccflmQJaMDgr6Myx2buY0quKEQ5/qtFv7s5VPGrcCXfESbgfN6pvn/ rvqsF6mmYL1nPHlshQtVrzHEw1mQDqHVfEg5i63juw7k5frf/dqdnltvGzIOpjfT qqosBBdl08ZORyStglCZQSvWs+cmWrE1m+ZxVeHIb6JEHchchPz5eAF2wT53k/Ki lOHacDDsZAquoqEdP4NDc0DS4IlwWa+NLtTUIQphpPT3I4ZDgCiyHEMMRdr8Bvgl QAd1aXjjphOD15cCAwEAAaNRME8wCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMB Af8wHQYDVR0OBBYEFMvR8s5I/QGf6laqV9F+mVj4P//gMBAGCSsGAQQBgjcVAQQD AgEAMA0GCSqGSIb3DQEBCwUAA4ICAQAT2NPko9gmzv07R++AvvujloXafZWcKQBi Rr5ICsoU7B1Osh71zkavWQEQOP3iZQu/+A/mddncM8qD764gV30n+shcID4Lhiy8 EnYDXNMhU6DPPvdFGSIPbiE3xmiHxJwpVaOQ6KkevrNB549H6R00xWQkW0wy7Laa DLhW4AbkQIvyEAf6jo5mIOYcS+Slo7suBulFe57J/5SKV8Fpo11lWN20wmNKpt1j MRiv7RYY2sFqPx/Sqpa2YW/Vgym0eWbBwVADHNDqLsa6z8aYbdYbxs4QsMnxQxor 1/8VNIY72Uo8bT4juwI9zlTDSiXvRjx5W46zwiqCEkVSlsIJ1Ep4nt1vn/mfcEqa o03vLfqqlvq0fdY2l87w2HzSL1ZUCgBg0DyOaOLNKao9LiCDy7JVRqDfuJF5KJJB Dv4mOEN103el3YdS8U2dv9yjLfIeD0kspRGwijYTObD1G5J3tIPdmJ4Fr6CjCdDf HXaYQkQBc7CyqTtS5bZvq4zy1Rcpf2/45aM0625FkkhNAlW2N6ECsTTfx7KSPQK9 NxoG4aGAjpIlMc72geeu5ZIXrFnEkqzfyCwnUkIeJh14h7lOi/dHescBcNWhyQui Igg4/MqowjtT3As2O+Gjyq33tgjDE1WvAzpptOmk0S3NZ9TDQspjX56ApOxjbHLE WOUH+pb4jQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIF8TCCA9mgAwIBAgIIVE2lvEA1VlowDQYJKoZIhvcNAQELBQAwgYUxCzAJBgNV BAYTAlBUMUIwQAYDVQQKDDlNVUxUSUNFUlQgLSBTZXJ2acOnb3MgZGUgQ2VydGlm aWNhw6fDo28gRWxlY3Ryw7NuaWNhIFMuQS4xMjAwBgNVBAMMKU1VTFRJQ0VSVCBS b290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IDAxMB4XDTE0MDQwNDA4NTk0N1oX DTM5MDQwNDA4NTk0N1owgYUxCzAJBgNVBAYTAlBUMUIwQAYDVQQKDDlNVUxUSUNF UlQgLSBTZXJ2acOnb3MgZGUgQ2VydGlmaWNhw6fDo28gRWxlY3Ryw7NuaWNhIFMu QS4xMjAwBgNVBAMMKU1VTFRJQ0VSVCBSb290IENlcnRpZmljYXRpb24gQXV0aG9y aXR5IDAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAztw/9BluuxVp hvTkzec6cDvHmos7gwCBW/sgFlq+v1gAXynmV29+iiwVB1waY4xCXxbd2omERVcX lqCcoXUiQRo6/cUXkRP2vmIKvG4lLVvAjBBm9+LW+9xIMaMaqOVNSMmiHHP+j2ZA Y3dZBzw9FJ/U94WR0MNC9Rths3eAgCptEgKWi1HZwW8nCxoHNAD/0llMKejXGWPY kbQ//I4OJfKhEgdlyjXeq/4WowiMr39+EvRZFgUf6K10eTL3eAK2tMyr2x44YQQZ ekFA2loRZHUC/WTR1pRCDyLnZc2vkA4MWzEBmVHvRYx9pTjannxL5Kbos6SC1gM0 Lk+3Uat3OAn1Bv7cZhsPP/p974xVvuANhpWh3L3EwwjRRR7yvb5w8eYmxrsIsSil wqXtiNahwPsj8Sc5zOGEBxm8fvbMOP9uELtG6SOJJIH/AOJRANxSUH0TUH0WPUCN 07/5imXYYhIpd8K6wkk0T4p5aclLFfM03s+vhuLlyKlWYUwGVFrFbBnq88hEzSQa dtFxAFlr2XWbzv0Q/rGDoqW3koZ2m0r3HdyMhaZYrYqmaGkXyW0bps8nSyks3XFC GokQ5dWbEl9Ji4S82Ahc+884Qq++0W57kapmQMUFfivQZrbH31L+9EVtI5IhnhIB kHOD4qUJDdfA+IWVHmPRPzXalNE32fUCAwEAAaNjMGEwHQYDVR0OBBYEFNU5HJxb bwSqopVM7yDdKXSkxUVxMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1Tkc nFtvBKqilUzvIN0pdKTFRXEwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUA A4ICAQA/51/zIhbeg54g5ILn5Z53yfsrsHQN3xt0Ig9zEKGwF+xMDNQocGpmckRp EJN2Nc8v+I88qxl8cZKVcRs3FcIbKHrvbng43/uPmwEg3K/21o0JZtrERqn8lapE IxLfR8CwFey1sZ5sD5GqpjrlwQ1gbFBAcFxcyM6zzOvtqogZVqWkyAx65XZAZzO0 PZbcd8sjePlTW8+N3rGnjlp6ojJjo4jXJWFaXUk6cubPqpSGbG73guCOZ5MoxagN Te84rXlKZo2EAQgEefNSxkHnmmIGs/USHuzZAEPT65Z3dOF5+RSUhG26VIIFjN8B 8jCIgax6L4tDLHY0zjXnh45OCwqlGlexU1q/a9i+AH7G+e5mMQix35QzhJx3T3tk L++OD1koIsvwXD4r/TXWlf8D7GVSfr7yGfh71VIsUneakWZBcI3VSecLSH+Krt5F Pd3+5tLkksN7zjCgSW43rajTLLY9niHbBlfi8K4G+9nFETehe9sdEXxodiA+9byl 2Wa1Ia1FJsZdHgKjQcTUfYEZyxeXBg/m7HQARsR13T3wQzSvprz89oL7z8X6sw8l pT9mENaegqXbOhN53o2p16aNhtIv2WkN4nV4fklfIquGcChRs3q2oHn61OWDp7B3 ytsBgu/ivk0v08BN0ONpbnwmm+um+0XvsQSKL6ohBvbm1LxBIw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEM BQAwaTELMAkGA1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRG T1JNIENvcnAuMTIwMAYDVQQDDClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0 aW9uIEF1dGhvcml0eTAeFw0xNzA4MTgwODU4NDJaFw0zNzA4MTgyMzU5NTlaMGkx CzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVTUyBQTEFURk9STSBD b3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlvbiBB dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVA iQqrDZBbUGOukJR0F0Vy1ntlWilLp1agS7gvQnXp2XskWjFlqxcX0TM62RHcQDaH 38dq6SZeWYp34+hInDEW+j6RscrJo+KfziFTowI2MMtSAuXaMl3Dxeb57hHHi8lE HoSTGEq0n+USZGnQJoViAbbJAh2+g1G7XNr4rRVqmfeSVPc0W+m/6imBEtRTkZaz kVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2aacp+yPOiNgSnABIqKYP szuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4Yb8Obtoq vC8MC3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHf nZ3zVHbOUzoBppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaG YQ5fG8Ir4ozVu53BA0K6lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo 0es+nPxdGoMuK8u180SdOqcXYZaicdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3a CJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv8ejyYhbLgGvtPe31HzClrkvJE+2K AQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0IwQDAdBgNVHQ4EFgQU0p+I 36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB Af8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7gyKoN qo0hV4/GPnrK21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatj cu3cvuzHV+YwIHHW1xDBE1UBjCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm +LUx5vR1yblTmXVHIloUFcd4G7ad6Qz4G3bxhYTeodoS76TiEJd6eN4MUZeoIUCL hr0N8F5OSza7OyAfikJW4Qsav3vQIkMsRIz75Sq0bBwcupTgE34h5prCy8VCZLQe lHsIJchxzIdFV4XTnyliIoNRlwAYl3dqmJLJfGBs32x9SuRwTMKeuB330DTHD8z7 p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzyqkn+Zvjp2DXrDige7kgvOtB5CTh8 piKCk5XQA76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLR LBT/DShycpWbXgnbiUSYqqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX 5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oGI/hGoiLtk/bdmuYqh7GYVPEi92tF4+KO dh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmgkpzNNIaRkPpkUZ3+/uul 9XXeifdy -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3 MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl cnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWR dGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCB pzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRM b2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlm aWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNz IEdvbGQpIEbFkXRhbsO6c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrT lF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrz AZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5 VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRG ILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2 BJtr+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2M U9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRh bvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C +C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2 XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGITCCBAmgAwIBAgIGSUEt7AAQMA0GCSqGSIb3DQEBCwUAMIGtMQswCQYDVQQG EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3 MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl cnZpY2VzKTE7MDkGA1UEAwwyTmV0TG9jayBQbGF0aW5hIChDbGFzcyBQbGF0aW51 bSkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUxMjQ0WhcNMjgxMjA2MTUx MjQ0WjCBrTELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQK DAxOZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAo Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcykxOzA5BgNVBAMMMk5ldExvY2sgUGxhdGlu YSAoQ2xhc3MgUGxhdGludW0pIEbFkXRhbsO6c8OtdHbDoW55MIICIjANBgkqhkiG 9w0BAQEFAAOCAg8AMIICCgKCAgEAzfLuxBp663QpTLa95NYKF2xl4mY9xNG8DLZa 1itwXy3MIdFZEOSxE732zCKV1mxGTpEys+v1rMsEAU923VM+eJ/5Xry1ghNGyhDj HS1pK5QyEHMhq6k4xeNuE2TVY6ntCWbsim+JjRGG0PW/MpYLdXD1KFhCXqxptPX8 kTkuopFA0TxUQYcjZFBIeWhLaJNLcuuAabNKHJC+skGjpc0XwNEaaX8CGEq1Yocm Vy1sqCwhOfWXXpuapvjnTHnEeztW3Hr4tFjOdgquIlXrj8eEZHu9a8qVT9i+MRO/ jaEKK9V5t/V2rdpRXIFHYqiq/89T4DRxzw0lU6meY0evhZH4zxkR5U75z+3jNQUB IgPPmnzqHVFay/1zPTkLMevEO8qFKhEUAKAbgaIJiEjzfKJkoexntFiH8BTqqb6l IkFN7L2kDug9h/cvqs41hk8wV5KNNq541v0Y/NclHs96/Bn9oD9yFzYIQT+XNpUM iZVxRfqE1tQgYLNFCvK3lT0L5aTDuBLykWzpbWCD9kURBbrmR4PZkeJu4btGa0gb vMb7z37eLLuQhO62JznnjaIxD9+BtyxsAOKx2CoXXBseR4lLF1EUQEBPxDkYMsKA YDblekdn9qgFVMFdlqAftohSDAK+jVV+FEvDogHunIpBXflflpEJjrTktcUE39Y2 rVm0stcCAwDzkaNFMEMwEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8EBAMC AQYwHQYDVR0OBBYEFOahE4P+l0vy2P8xoad0M4nOXn+kMA0GCSqGSIb3DQEBCwUA A4ICAQBphELA414TYZcgSfH0FoWln6QRCCXEY4aP8Euvsyn1B1caYscbRW6vXRa3 wdBkgzuX9UO2RZDxZiqDJCr/iOl6C/nCW3qvY/cJeIZIWTRem2oQTvFulYk2SmjQ b5vgfk+3NQ/jebEFryd8qokKQ976DO/ZVy8occ1pa1JCyYowRVmhzPpZSo/31t1E pbMuWxEY4rK15xFTOP6CTNNzvmWSGjqo0tKqvNS+bTZS/2vU0rUbN/MXQvEup9WQ bHSddPX6XyIb09x1qLX/8hrRvCsAXDzFuIYIVEminCP776aNcPRCUk0bIACB+KC4 9HQjnL70uQ7sHmrYZUoVdfF3W27YseYPtJa4HfqGyJJui+l936IO1fHxfK5K42a/ Xfxb70iynmnHfZCgVbaUcIG5Cr2JdVPshKkDpd9RmQjQdAwC1nNyBnuLu12qTvxn Z9iOEAMZLTc61HepOhydwHl7bCl3Mk1KizCIwuc2zmijmpiG+YkVnr+qUX3xUEZU DwIuXJ/j3lczFf4YkmGo0ikFXWVEHpvj7/vcBd8Vq6bYC6Rzskw64J7Us2rlOg4K 8E7PeIEfvqmYb7FHUX1CMzazpqkCUgV0fips1KqSVrA+OyNYsY01pxOPZx5xFaaz tQOGuCBmwEhvuazUSgNVsjffBN0iDFOGKkoqocE4PjzlPN91lw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIESTCCAzGgAwIBAgIEOsP2HzANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJT RzEoMCYGA1UEChMfTmV0cnVzdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMTEUMBIG A1UECxMLTmV0cnVzdCBDQTEwHhcNMDEwMzMwMDIyNzQ1WhcNMjEwMzMwMDI1NzQ1 WjBNMQswCQYDVQQGEwJTRzEoMCYGA1UEChMfTmV0cnVzdCBDZXJ0aWZpY2F0ZSBB dXRob3JpdHkgMTEUMBIGA1UECxMLTmV0cnVzdCBDQTEwggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQDinM+1yzd2SIeOpxXFGqkLpBlnbjCxNwHCAVZIADRo FCIvtxLXgwI/o2TqeC3QsmvM75sNsKjV++1sVkYlGqXQP/A9cKbw+TUtq0S6x3kN rlE1BQoyljicpcP7R+KzCUbx7Nw4DLk+W5WEjfI6P6e2+4u7geh+xPpqUwfF+uk6 srE92fh0SOGWS0ZkefIjcTngwAcpK/4Ae85/XQROYOZsQKvnehmMnOqCEyhYqvjd GrxXbdgvrT+Caf3OSg3AzlPqBarW8qR0NieRiUMbnZ9x5ucDLkqC4UQyjysK+lE3 UCVhLydXS59BCKsfmPW04jYCxcmlX3042D09ApOIoCfrAgMBAAGjggEvMIIBKzAR BglghkgBhvhCAQEEBAMCAAcwbwYDVR0fBGgwZjBkoGKgYKReMFwxCzAJBgNVBAYT AlNHMSgwJgYDVQQKEx9OZXRydXN0IENlcnRpZmljYXRlIEF1dGhvcml0eSAxMRQw EgYDVQQLEwtOZXRydXN0IENBMTENMAsGA1UEAxMEQ1JMMTArBgNVHRAEJDAigA8y MDAxMDMzMDAyMjc0NVqBDzIwMjEwMzMwMDI1NzQ1WjALBgNVHQ8EBAMCAQYwHwYD VR0jBBgwFoAUHUSJskUmf29rksU6e3JjytJwKt0wHQYDVR0OBBYEFB1EibJFJn9v a5LFOntyY8rScCrdMAwGA1UdEwQFMAMBAf8wHQYJKoZIhvZ9B0EABBAwDhsIVjUu MDo0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4IBAQBqB1ZWxlAFW8ZQBCqSiFBkqrxz Hgy5TWz3cWb40VOeW/h8nfABAaPmTU4AWYHV8i+2CZjBMTDngEqeKwmhTqUUAiPz tncq99G+nyKf6jSpOW2LnOra8ZSszqwhjp2fpKCtrtsTE/5b6D4wsvh/7GyJtZIb d1+t/yS236JTWf+UlOccEJ6ayXayC3mF55wNZ9l07yfF8Fgj4hjplgZtuEd3/6cO 5yWtvdDPQq0NcIO/9oRHk1IJe/u71hbgQJo1lNaJh8Mgt03L5Dfjw5fbIA6IdgCi 1cUNSa7XnkeKtBsTRj1mnk4+KAL+odzfktvRCSCYfLiY44mB2Sev4/02GkW7 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIF4zCCA8ugAwIBAgIEV8fs9DANBgkqhkiG9w0BAQsFADBrMQswCQYDVQQGEwJT RzEYMBYGA1UEChMPTmV0cnVzdCBQdGUgTHRkMSYwJAYDVQQLEx1OZXRydXN0IENl cnRpZmljYXRlIEF1dGhvcml0eTEaMBgGA1UEAxMRTmV0cnVzdCBSb290IENBIDIw HhcNMTYwOTAxMDgyNTE3WhcNNDEwOTAxMDg1NTE3WjBrMQswCQYDVQQGEwJTRzEY MBYGA1UEChMPTmV0cnVzdCBQdGUgTHRkMSYwJAYDVQQLEx1OZXRydXN0IENlcnRp ZmljYXRlIEF1dGhvcml0eTEaMBgGA1UEAxMRTmV0cnVzdCBSb290IENBIDIwggIi MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDV39ONmRdqmz3gsGnbtAXMvqUg +E8NB7MZPJeDPey8uVwMrKIDZKN/DHcT5siHq1IYTzDv6g7dgveVDzCKwBlQvGBl odwRxn8W8RuY5CJXUUKMynCWXG4NuY9naloFm98ePzjjqiVGwZwrkn/0grEjPN1s Z2ABVPLkqhD9o4p3JyGe1j3dRlwFPxgIFgplyAxNT2Y9XhZfFw8O/8EXC+cid18a C3hpp8oGj17F30CzDvjg12g+cUHJn41h60uZ4K8zAHetxBZZZgg2p0rkUixZP3t8 OEPkC6PT5Yl4U+ZrvPUnMOggNg6xDI4OFMhUNwd6rujTtsBGTMe1MS51/FHyqmz4 GKsmhWC/ELnDQRNf9HnBCfaRrPeOxY9INakW3R7gX4XzGrM/gVvRfkLu5BtnRGy5 wen7kHQ/lE6TybTpfUJLHfCnlptIfaKQXLQUcCCpCASL0nyy0glMI2ypMZPWKYFF LsPkqqbvvZvxy64Ct2RdgD1BTYlLi5qct4FvX9xoU4aKcXTSVxcyg77V9Hrbmu4N CtVjq9QR5cxdbT7Bj/SPTl0SJkTPLX1XekED2c0eOC8Q1JShNXI6Yd7uQ4tIKdJ2 4S1RLtS+vIDb/02LXw0wraMwpTDr1SRnljz6gW249RiBzMW2QgfzvITmHF6D1Gka uELq29THck1NpZm/owIDAQABo4GOMIGLMA8GA1UdEwEB/wQFMAMBAf8wKwYDVR0Q BCQwIoAPMjAxNjA5MDEwODI1MTdagQ8yMDQxMDkwMTA4NTUxN1owCwYDVR0PBAQD AgEGMB8GA1UdIwQYMBaAFDofR9lvhhjpKfr+Oc7L7YrJVlUrMB0GA1UdDgQWBBQ6 H0fZb4YY6Sn6/jnOy+2KyVZVKzANBgkqhkiG9w0BAQsFAAOCAgEARbJm3IEyIRyA mmkJ9aaUVVkB93asquqINx6sVfVKH26JV6OiBuudmCkasa0EVtruWDtoKm7j+QSP KlKbW+wQ/kwors+qFCzeFgJAU/3XXGAZ5UWWkuzjHhDf+RtK1aS/opcp20BBb9qu 7AmBukLwJDN+wFVssEd2Yo1Y6oG5FpkTBxou/xUqrWW7u9JNjCNVuxYo9SkZnsn8 avw+o+4XAgwTNJkvreeu4kA8dgxKsYQ5Ke3DPbiox5ZA/rK8t3LsoU++Pnf4fY7o Dqa5IsPkt5FkD/2RjaWoL4POYf1Z3mNpo4YwbsXubM+272ZcXvZ1Uf2YSCM4yb/p dQb9cWwhf/zJGceoAMYqXACd+vLkc0i1eIteq+l07Cvjph38Kdbhd1GXikEwzNHM k+rJT8V+caOm2Whsbn9Duxa9RbwBQp4O5x/Zn9q+GDfH1COy7jIMy2/owbhGasW4 BzI5zUq+w757LqLd8qtL2qbOkF49c35RlNLeL8dxFDaRV/VdpMvtxgIxaML7RfVa c/p7oT+o+W3NN9/APyjxvZKAuaCZo5JXcuXrsgXOzEYbobD3w4j1CCR1ZIc/K9MB Z1KPSTADjsdBUW2EmR4blEU+HkRHxSnM+gZp+Usn3GSkFkFrZuPN+c1+9a8nLZ3P 7naLqfk3x/LtOfB6wiMDtoXZPJRBvNM= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGHDCCBASgAwIBAgIES45gAzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJE SzESMBAGA1UEChMJVFJVU1QyNDA4MSIwIAYDVQQDExlUUlVTVDI0MDggT0NFUyBQ cmltYXJ5IENBMB4XDTEwMDMwMzEyNDEzNFoXDTM3MTIwMzEzMTEzNFowRTELMAkG A1UEBhMCREsxEjAQBgNVBAoTCVRSVVNUMjQwODEiMCAGA1UEAxMZVFJVU1QyNDA4 IE9DRVMgUHJpbWFyeSBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB AJlJodr3U1Fa+v8HnyACHV81/wLevLS0KUk58VIABl6Wfs3LLNoj5soVAZv4LBi5 gs7E8CZ9w0F2CopW8vzM8i5HLKE4eedPdnaFqHiBZ0q5aaaQArW+qKJx1rT/AaXt alMB63/yvJcYlXS2lpexk5H/zDBUXeEQyvfmK+slAySWT6wKxIPDwVapauFY9QaG +VBhCa5jBstWS7A5gQfEvYqn6csZ3jW472kW6OFNz6ftBcTwufomGJBMkonf4ZLr 6t0AdRi9jflBPz3MNNRGxyjIuAmFqGocYFA/OODBRjvSHB2DygqQ8k+9tlpvzMRr kU7jq3RKL+83G1dJ3/LTjCLz4ryEMIC/OJ/gNZfE0qXddpPtzflIPtUFVffXdbFV 1t6XZFhJ+wBHQCpJobq/BjqLWUA86upsDbfwnePtmIPRCemeXkY0qabC+2Qmd2Fe xyZphwTyMnbqy6FG1tB65dYf3mOqStmLa3RcHn9+2dwNfUkh0tjO2FXD7drWcU0O I9DW8oAypiPhm/QCjMU6j6t+0pzqJ/S0tdAo+BeiXK5hwk6aR+sRb608QfBbRAs3 U/q8jSPByenggac2BtTN6cl+AA1Mfcgl8iXWNFVGegzd/VS9vINClJCe3FNVoUnR YCKkj+x0fqxvBLopOkJkmuZw/yhgMxljUi2qYYGn90OzAgMBAAGjggESMIIBDjAP BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjARBgNVHSAECjAIMAYGBFUd IAAwgZcGA1UdHwSBjzCBjDAsoCqgKIYmaHR0cDovL2NybC5vY2VzLnRydXN0MjQw OC5jb20vb2Nlcy5jcmwwXKBaoFikVjBUMQswCQYDVQQGEwJESzESMBAGA1UEChMJ VFJVU1QyNDA4MSIwIAYDVQQDExlUUlVTVDI0MDggT0NFUyBQcmltYXJ5IENBMQ0w CwYDVQQDEwRDUkwxMB8GA1UdIwQYMBaAFPZt+LFIs0FDAduGROUYBbdezAY3MB0G A1UdDgQWBBT2bfixSLNBQwHbhkTlGAW3XswGNzANBgkqhkiG9w0BAQsFAAOCAgEA VPAQGrT7dIjD3/sIbQW86f9CBPu0c7JKN6oUoRUtKqgJ2KCdcB5ANhCoyznHpu3m /dUfVUI5hc31CaPgZyY37hch1q4/c9INcELGZVE/FWfehkH+acpdNr7j8UoRZlkN 15b/0UUBfGeiiJG/ugo4llfoPrp8bUmXEGggK3wyqIPcJatPtHwlb6ympfC2b/Ld v/0IdIOzIOm+A89Q0utx+1cOBq72OHy8gpGb6MfncVFMoL2fjP652Ypgtr8qN9Ka /XOazktiIf+2Pzp7hLi92hRc9QMYexrV/nnFSQoWdU8TqULFUoZ3zTEC3F/g2yj+ FhbrgXHGo5/A4O74X+lpbY2XV47aSuw+DzcPt/EhMj2of7SA55WSgbjPMbmNX0rb oenSIte2HRFW5Tr2W+qqkc/StixgkKdyzGLoFx/xeTWdJkZKwyjqge2wJqws2upY EiThhC497+/mTiSuXd69eVUwKyqYp9SD2rTtNmF6TCghRM/dNsJOl+osxDVGcwvt WIVFF/Onlu5fu1NHXdqNEfzldKDUvCfii3L2iATTZyHwU9CALE+2eIA+PIaLgnM1 1oCfUnYBkQurTrihvzz9PryCVkLxiqRmBVvUz+D4N5G/wvvKDS6t6cPCS+hqM482 cbBsn0R9fFLO4El62S9eH1tqOzO20OAOK65yJIsOpSE= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDkDCCAnigAwIBAgIQHKAtwVI7am2LXB+VSu2sMDANBgkqhkiG9w0BAQUFADBi MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp dHkwHhcNMTEwMTAxMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4 qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjQjBA MB0GA1UdDgQWBBQhMMn7ANdOmNqHqirQpy6xQDGnTDAOBgNVHQ8BAf8EBAMCAQYw DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAwomEoOiMZv3/EwUb wzqOmEmK+KoAXCb9cmqjfhIblK5U+CGPp5NP9xbvubmzMsAlITFmNywJsP4ysDfs PLjOjwiqCJAHXHXV4U4sywIk6aJe6fV4NSIGHPIfiLHhXMyWVPpvScyN8VYD7c8s nyfe5cqDRL5GQPlXLtJ/MS3Og9z+cGuE0KOf/5fQqNcC7LEs8O9zOD2ZrMRPAb/V aurGLjIpFwrL5mme0Uq19t+OGfiV6UWpDs1tQVkgnnPGbHEcnNRNMKhzCaAV86BF JsNb/bu52C3XH/UFMBn2rg+OYo/fyE+G2R1hFrPJ8Lv7x/WvASJH7NjazxzzU2a6 UwkB+Q== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIClDCCAhmgAwIBAgIQeThLtBkajXQizP+FMvLkujAKBggqhkjOPQQDAzCBijEL MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkZMMRUwEwYDVQQHEwxKYWNrc29udmlsbGUx ITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5DLjE0MDIGA1UEAxMrTmV0 d29yayBTb2x1dGlvbnMgRUNDIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNTEx MTgwMDAwMDBaFw0zODAxMTgyMzU5NTlaMIGKMQswCQYDVQQGEwJVUzELMAkGA1UE CBMCRkwxFTATBgNVBAcTDEphY2tzb252aWxsZTEhMB8GA1UEChMYTmV0d29yayBT b2x1dGlvbnMgTC5MLkMuMTQwMgYDVQQDEytOZXR3b3JrIFNvbHV0aW9ucyBFQ0Mg Q2VydGlmaWNhdGUgQXV0aG9yaXR5MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEFOED C2VvrVnWHu7Jv7RMxcZcLzDHn1LbaGHAaRDiknoaw7+SqIk5ivvnoLtxpKDD33fW lDcTX35TXVC640wIx2XiQbDmWfKc+MCyd8EKkSZ38mm2u9BBPCqIGpSRFsY+o0Iw QDAdBgNVHQ4EFgQUm3vryP+D8lKYRzAKVvg4vuPrAM4wDgYDVR0PAQH/BAQDAgGG MA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwMDaQAwZgIxAKlkWPecuRNmIkl/ stEC6RP8HPukNJLkygcNt7FSeCg0y/IhVpGGhsiKC68yhFRliQIxAOx5DZ2J8AwY 6ntXUq0L5tR5W8ub4gZFdRi90Pyn3cfhxyK240EkXSPmqJ8AalAyJQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIF4jCCA8qgAwIBAgIQTANLrGcYTH+vRAhNgpbHsjANBgkqhkiG9w0BAQwFADCB ijELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkZMMRUwEwYDVQQHEwxKYWNrc29udmls bGUxITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5DLjE0MDIGA1UEAxMr TmV0d29yayBTb2x1dGlvbnMgUlNBIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0x NTExMTgwMDAwMDBaFw0zODAxMTgyMzU5NTlaMIGKMQswCQYDVQQGEwJVUzELMAkG A1UECBMCRkwxFTATBgNVBAcTDEphY2tzb252aWxsZTEhMB8GA1UEChMYTmV0d29y ayBTb2x1dGlvbnMgTC5MLkMuMTQwMgYDVQQDEytOZXR3b3JrIFNvbHV0aW9ucyBS U0EgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A MIICCgKCAgEAhN+opqOMC3geyE0Zld0pkJIgNZAqlI2CMy1wElilCIqewQjzk9Zo wC8Uvnmk/H3M1bw+j+2cSgJhWT2qw290ANL4GjTUVJ5qdEeaL+DS9w/3w90/pb/B +n1CaWAAgOw85ruBN6QeBhQ9V4+QpDVKNHOHthrDXZDvBk1wdjY8gontz2QZgyVD Thzi8WpShv5R5H443xWNTGxgQUpPsEBVRjl1yYE5AHOKYuoPZbePT5dAzs/uwWoo oHGpmSfRPck1c3qAmfh9hrmdeTrt0yr6fqa4/1cqc7Kmv9qJugYb2mWg5r5glIj2 32bhJ2ob/tBeqY0giwrEH36IQS+ywdDztmjtyDvx76oH3n7XIuCB9qXqexb0QlSd ln72YhZTzf0Kq7JCoU4qiEJ1g72M5U165x3jTLje46tgOC1nKf7kX67CqOi/rmz5 67NS8X/p7MIv2Z3KF55C+jtYwT6IYk9fk8GXbWaPHCLzmsH07blrGn42hMgxuPBe K36V5HnPdUzC2AS/OI4os91btthPI26S6DeVroOu1vw5KkYGH/GEdSHWuE6mKpdY ZfWaGAHX9cN/KckQ7nNKQ3Z70aYwUf/WKx0eYoS++b5pl5nHDed8JFB1F/2kIOc1 aANglKfZDcYaLOXiTtXMDsB6MFbvYJK+2S71x/DoRc/ahq7v2HepEicCAwEAAaNC MEAwHQYDVR0OBBYEFA/xSkp1dAURDB3YW5nrv/6qfV7XMA4GA1UdDwEB/wQEAwIB hjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4ICAQA9y9JGePX2Ohfo w3tk0cW7kHiN9U+5xC2X+wvmxbjxturoWEs0rXd5LDUfcn0CPu610BaKBjeWte9D 0AkQLJdmx4EfHuYnxYKRWF7zyFtBaICDkbmcgfgn+kXf7nnyXG1wAlTuwFPYQ+sF esz0Ud2p1CJ9ajvy/ojUUkk6hZJkU/hqU2CIj/Jb1K4rUuDq/1R+oeTvhhungwsG Zl4wgIxVoEcz/2seREhLYaoePuhMZMfYbX0Orjw8Qj3KJBpw8WEUnDoY1fAGKZEi sjo6oRZUYxr5M5VEnySjIWQECOKb1d4IUhxiHFMWRzVCJsenDP3zWxN3Aoxc4hbw GB/ZffXfAiSIevNe/xcOs2JnoauxF449Okaw9UaMq4TY9Q6hIOvC8Jl0PY6zA9gk xWzrawxTv2Bp3YwoxW/Pu9KBdyvGfLHESmwVEDcpXa74sREFxBSN7BOjRP1Ni2i4 wf+d1TcuSPgofNz5c1PZtgF1Qnq/C99RULhTsuHudJDLvKrQcYOiq07JELY9HO9A 109DkDO5AZZUXSrVBluShrgGEIEGyJHbKSCyU73zS1tM22kfiW5UP9eJXee1zQy+ P314OAHStmemz1hIlBpF/ZBzScq1Q6AhYo1JBCaq+B8uP/IuofKr9AYesC3EwXBC Pf3DUUmIAA7Kgg2beQLiwC6T3+Ty8Q== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGQDCCBCigAwIBAgIIdPhg8eijj0EwDQYJKoZIhvcNAQELBQAwgasxCzAJBgNV BAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDE8MDoGA1UECgwzTklTWiBOZW16ZXRp IEluZm9rb21tdW5pa8OhY2nDs3MgU3pvbGfDoWx0YXTDsyBacnQuMUswSQYDVQQD DEJGxZF0YW7DunPDrXR2w6FueWtpYWTDsyAtIEtvcm3DoW55emF0aSBIaXRlbGVz w610w6lzIFN6b2xnw6FsdGF0w7MwHhcNMTMwOTEzMTAyNzA0WhcNMzMwOTEzMTAy NzA0WjCBqzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MTwwOgYDVQQK DDNOSVNaIE5lbXpldGkgSW5mb2tvbW11bmlrw6FjacOzcyBTem9sZ8OhbHRhdMOz IFpydC4xSzBJBgNVBAMMQkbFkXRhbsO6c8OtdHbDoW55a2lhZMOzIC0gS29ybcOh bnl6YXRpIEhpdGVsZXPDrXTDqXMgU3pvbGfDoWx0YXTDszCCAiIwDQYJKoZIhvcN AQEBBQADggIPADCCAgoCggIBALVCpWRI22SlN/gsuJkCUbmiKMT7cATE2WyKhvcP iRekhMIubE71/0TvW0MOiX83NaVbyOQjW68ZnFvtrNYALttjysNU2K9n1MtgRKJP z6Te/B8xZla34d04ilP8zyMVi4qH/Qkw5ZhHBA4Waa8JBbzH1JBFj2hjvoJYN/vY TG+lrBV3daWIZDhc0mUPUwXOlDCXb3qB6WSYEtEeSp/B8xfbGTYQObgBs7d4TbUM e16qTp25zV04/39J/rdIrwNCbL5kG2H5zmt6m1BxAPNXl8UBdBurySZZbHq/Cpdn lrWARUgBRpxAFORhOCFbiWTiBTYToCrO24gEhkQ13JM0WVdq7VNj+ovCGBY89HHH PgwaEeTODyDDFyOro38TVay0/5bYwC96CZvbHJaNpoz8oWqma9EMnTGsmjH6UvmJ OfovU/PpkS5Qjqq4pCWvG4vZalKIVwrDC5pxn7zKRYrpudWVwbbCztENaUo2PK6N rMt19pAhwwmXzi0SdmJe6w6Pcl8rm7DJChXz/s/3RIRGAf3PZuzQMJd8bazROMFG cgcXDj77MObLNNW1cxNFIQ4dGWtIFtrokakG0Og9b/qM0bj1mQPx69i1abu4iU9S Aqd+PtvsxZcGlftT6+DT58iPiJn/LreXmX2E81H9joND3vOv4DN0xBUcKRenSXPc wE7dAgMBAAGjZjBkMB0GA1UdDgQWBBTVqFEOeTByXrSsFg3TtevqwUvcOjASBgNV HRMBAf8ECDAGAQH/AgEDMB8GA1UdIwQYMBaAFNWoUQ55MHJetKwWDdO16+rBS9w6 MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAYfZkTup7l8LCAtlZ MoBtgpKi+k2Cc2ZanYLSVWIw+CDNp9OJwcZzxNhdST3Ovgx6HchpbD367wD2gZqN O1VPDJ1W2afmTeZrsKK1oP7fXYNbqxHyaxivq2bbG8lLGvdE3fGcgqyaXqioqDGe 3pzBQiKMxBOE5SxDBhspaTPX4AcCH6vuSZ7Xw4iuWRuXy/gbZWABzG3hQCAtSyEB 7B4ssYFr3saM9TSwjMOb3lg+EU3oSEyHlu5aR0tCb57og0iCuZrpPET5UZNUq5RF +aiVrqaIefXmkqhYIi7UlEwYuq39p4VaghNqva5bwCwZXdiTwN11QDNp2U4mCjaH pAEM4d+tDBkYX4jKNbEKe4EHZvl/Dy1tGYrk5IO7Qx1eT9LhKTjBH/Vco1Rg6/hD 3uaVBJmH4cupJDp5LRpwZZ8RJ104LkUNW/gRWS4ONRNq16dUBP5S+EwV5gOZXLKH /KpGCPjTaAdgHC8nUnWTAtjd07GH1P2ZdnzB/AOq78eCSXr6+kvah9sFn1jib75j +hqjNMHPukwiAAcFgF8F5gFzV9SR4dBh74Yo433MyjKX47NtvL/wCaAtxABUM20F h/SHJB2Fzd7DOzeg5Qiv44sBHbgdNmOiEOElK2xS4B3Gx/ZtneDHIuTdsIYupqOY ZTMgdlbbZ/DGXkOCwgptZNXejGw= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFtjCCA56gAwIBAgIMXkDoOwAAAABUkcpSMA0GCSqGSIb3DQEBCwUAMFIxCzAJ BgNVBAYTAkNBMRUwEwYDVQQKEwxOb3Rhcml1cyBJbmMxLDAqBgNVBAMTI05vdGFy aXVzIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTIxMDUxNzE3NDcwNloX DTM2MDUxNzE4MTcwNlowUjELMAkGA1UEBhMCQ0ExFTATBgNVBAoTDE5vdGFyaXVz IEluYzEsMCoGA1UEAxMjTm90YXJpdXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3Jp dHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDzS+i62ZGguH6ehkx0 eVor2OhwlIdDv/tdNTedqfNOa7eRThN0GMcR1fFzAHTt0V8fKJh7mq2sT1IJyBRi 9qU7wYjCpsWjWoVE55MfOj8XhjMrmeHnvaYkvcV91y/xGjsX/2PO1ZzDIF5FRDYZ kg75AHYnI5IYiZPBBHnLqVdzDLW6RnntUtiI1CEVBRVtLC2a9nO5mYd1RzxcJNFW +PEnLUdGrn69nLAaR5CqInb7s/3w8eSkJB02BRM/DFayRjupbMwYzksw3XYOz0/W eCzORlplDbdDr4hl0x14/RPh4te8ME3+AQSGJGpedpa1VssF6UBLoKKhSWRUBDfw wcXZBw91u+CFN7loq3ONceEv/GWVBfnCrwosNPvg/CmOvbq9EAheBT88aBgS6rwy RIC9nj7tMqQzlUDIQCprpfwCYpyqBebjyl9Iepnz6UPb72d/Sqv0VI35h04svEuV ezO/hxeVoOF40Un9qhZc/eq7BSae7yTwpC7LaKHs4G0HoehaeW54evoVDxIdfdDK 8PPEDzbyuABGm/VjPGjKuxOEXVBHmoMPv8XlfcGCoyYj4af1iNhLT0S/YQKO1kmg DXl8o8e+Xl//RByvjv3hI0eTrHMzjxwz2ZKTiSaYRYQHqqJsM/smWWQYgvvJoVL/ M3bESni03uXJ7SW/0wI5S10OywIDAQABo4GLMIGIMCsGA1UdEAQkMCKADzIwMjEw NTE3MTc0NzA2WoEPMjAzNjA1MTcxODE3MDZaMAsGA1UdDwQEAwIBBjAfBgNVHSME GDAWgBRfzShf2+WR+AoTp6hobMUYHMdYrzAdBgNVHQ4EFgQUX80oX9vlkfgKE6eo aGzFGBzHWK8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANvCfug5G G31PyBQqL5cc5rcEhw5skkbsiSu6uaV7VzBzO+U78vdSSc/AKfKj35U4g+Fr/Ul8 F9hLfdN+aTK7V0h11Vv3y58JCICs2m2WWD2omY17gZvR6o6VMgT8UFYJ7S1QhtVL jLpwHY3UZtan1KLqCEQa2Fo3hJGrRGmpeofbqb3ZXoUKsdYM13OQp/sWdBFfNBbc onnqa0B1IuJRMWSNB415sKZdVq1DSF3rZP5OX2XSvRkD4F1hSS8hY5vg2zTo9Qnw QFaolr1B2TL/qySHEnPsVX7EXl19mwL3IC4lwGrBoPwVDe5E9+eLse0kB+eczlkZ yKVx6kPvd4NTFiIVCW86VLnoqdn8fKQg4iL+danRbUecKBdBcOKvntEpxTEENnu6 qqDTpiLHqXTaOf7/8ZdOonIDjeIiUJDMoqfNhODCgf1XBcEAxVuobLBar/hmlFKU mU+Gdn5Qlg/+MSDyW/xiBij092bUnHBr+ThM7X5n5QcIvcl7zwFaVcyhfKITpC4d KjXyVmekuaLS2a/Y4lupS9aDn45Wr9kvizh0LkQO2ZXN/3SSwQd2kv1ep/LCAz/c zWIEm5dte7Q3toaZwmAK/G0ZBkI3ZLwXum1LzddoRhN51ltgmc6NzfDIG97qKL7M z4leKEMaJ8dId29zULSpxVPgc8dUrdyac1E= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFrjCCA5agAwIBAgIEVJGosDANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJD QTEVMBMGA1UEChMMTm90YXJpdXMgSW5jMSwwKgYDVQQDEyNOb3Rhcml1cyBSb290 IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNDEyMTcxNTMwNTFaFw0zNDEyMTcx NjAwNTFaMFIxCzAJBgNVBAYTAkNBMRUwEwYDVQQKEwxOb3Rhcml1cyBJbmMxLDAq BgNVBAMTI05vdGFyaXVzIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjAN BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArVK5kig4XFE/X2tRUy/8uc3z573P aPUWc28qWqN+IsxfJjK/0x/HXuexkOvGIvXpXhkSohLzvCL5iNX3O2HFGcjiY2uM 8ds/IqD73Fn6ZvB+dMZKsQ3JUh2Lt05M3ZbLmOYOQPu9Oh6kLJBe3oTWYednACoz DjOD8jeivk6oqkZtGEhGdyY0v2aBbyCT/PEy8WDyFi2fTkQdnes4LW2lWE0B++Jd xB6K/9VC3AwFp/bkhONn7NGpT5nen8YLlB/lMLcHqHnwYOqzoZzCZTea6LnBPFms YAvmBu04B1gBTKV+15zzbDNPIDZrVcpOVm/4OO7PlGXlSC9NPlDMqU45tv6KCBF1 xv17Srqj95O0nXjkoYuo7HeCKPebkSQe8fzPkUR76AZeKm/Kd4mAXRBgubZxolux Zifq92R8d+gKCi+PSFPitC+oNB/y5Mn1S74bcxH2HJlbsRHRRd6uGuGxxUN4Ob3J 6sDcg/sL4sLVyT9KQcWdPuHwJgKaU223hg9yTwxDC67EVGA2SoNOyVCmbQf68A/E 9AXz1WYd6+S/HKX9uOcYNzq7BBobhw3Sknt0joirijo+14CjSFeQKM/UQ1yUNy6L rxISTqo4pg21iRz5eWRtZfcRlD6h3D4ix4MpqWbEmY/NGk35xyWszPer86vmuP3j 6e3PKzkoir8wFJMCAwEAAaOBizCBiDArBgNVHRAEJDAigA8yMDE0MTIxNzE1MzA1 MVqBDzIwMzQxMjE3MTYwMDUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUmckQ Sn14uolWMU717DVzPaQb7W4wHQYDVR0OBBYEFJnJEEp9eLqJVjFO9ew1cz2kG+1u MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAII/6ndKCHTpbRuOrXnd 2bEQ8Z13TBfrLRjoL5TGU2ZeoKWRUrKs/MhQlA7FeaoNJs0VRr2bs7y1eIDfUM1b 3lk/+6a6APlysUPloJvbZJGpvgXXYvrbEr06hvB6YzX82lA0POZvtEIGKoErUh0e T/e1srxsYJrUpyjOpG4Ef+/eRStyMl3mzw1Sjy9AuNPfyYbMCQ5TYAfATzrK9iYG Xkacvw2+HVphJzp9YZO1p1QT3rGgm0lmm7M3vaC6SmXIIuDE7/CVzuifACmk+TIS nHA8ENfrpjx/VVDVQjH7uwnqhErNa3PWjKWUb4Q1mmVaeAgDAvxHs3q+jD4zZy3U AKpqnzgb9U540IvFby8qPYI+W1CAcEG1qGDA/vtYabnYwgwXoBhOBhr/P3KxN+6J b3rcpy+cyVfIgwtLgfHXNi8e7Pe4IGT6iwrmUbgFrFR77DIK484SHVFy+N59201K f5qEsAq4EHHYc3oWrvzF1G3kx58KF2tz4wExbfg6/BySZKXA2KSQwOP5jhkxrTZ2 7Lf7ZTz04PiUm+cYlB8qAnhxnkJdCm29O3vKcEr2xOedos5LmOKW87HWrcAhOKJ5 RkDH30jAB64volYYepq5wxhQFh+j40zDnmAuYC/pDOFZoRszKSuREjx9hTaieBIR 4sBFY8WLdJMuwrRbEWjHccjm -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCB ijELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHly aWdodCAoYykgMjAwNTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQSBDQTAeFw0w NTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYDVQQGEwJDSDEQMA4G A1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIwIAYD VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBX SVNlS2V5IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAy0+zAJs9Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxR VVuuk+g3/ytr6dTqvirdqFEr12bDYVxgAsj1znJ7O7jyTmUIms2kahnBAbtzptf2 w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbDd50kc3vkDIzh2TbhmYsF mQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ/yxViJGg 4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t9 4B3RLoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYw DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQw EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOx SPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vImMMkQyh2I+3QZH4VFvbBsUfk2 ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4+vg1YFkCExh8 vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZi Fj4A4xylNoEYokxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ /L7fCg0= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt MQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUg Rm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i YWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAwMzJaFw0zOTEyMDExNTEwMzFaMG0x CzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBG b3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh bCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3 HEokKtaXscriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGx WuR51jIjK+FTzJlFXHtPrby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX 1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNk u7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4oQnc/nSMbsrY9gBQHTC5P 99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvgGUpuuy9r M2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw AwEB/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUB BAMCAQAwDQYJKoZIhvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrgh cViXfa43FK8+5/ea4n32cZiZBKpDdHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5 gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0VQreUGdNZtGn//3ZwLWoo4rO ZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEuiHZeeevJuQHHf aPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQsw CQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91 bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwg Um9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRaFw00MjA1MDkwOTU4MzNaMG0xCzAJ BgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBGb3Vu ZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2JhbCBS b290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4ni eUqjFqdrVCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4W p2OQ0jnUsYd4XxiWD1AbNTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8E BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7T rYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0EAwMDaAAwZQIwJsdpW9zV 57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtkAjEA2zQg Mgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIKbzCCCFegAwIBAgIQAldiBmp1YIdPkAS/ocgoQTANBgkqhkiG9w0BAQUFADCB gzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1OMRQwEgYDVQQHEwtNaW5uZWFwb2xp czExMC8GA1UEChMoT3BlbiBBY2Nlc3MgVGVjaG5vbG9neSBJbnRlcm5hdGlvbmFs IEluYzEeMBwGA1UEAxMVT0FUSSBXZWJDQVJFUyBSb290IENBMB4XDTA4MDYwMzE5 MjgzMVoXDTM4MDYwMzE5MzYwMFowgYMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJN TjEUMBIGA1UEBxMLTWlubmVhcG9saXMxMTAvBgNVBAoTKE9wZW4gQWNjZXNzIFRl Y2hub2xvZ3kgSW50ZXJuYXRpb25hbCBJbmMxHjAcBgNVBAMTFU9BVEkgV2ViQ0FS RVMgUm9vdCBDQTCCAiAwDQYJKoZIhvcNAQEBBQADggINADCCAggCggIBAN54mUOu XmEeLdJ1ePU+LDZCisx8tt8Xd2FWp8zjOoAhgbJu0Ge1z6Whdr4oDRJWg6qWuySB O2v5wQOwi7QHBPmZ0D+0iv7A5RIqlb8VLwreFwFrVcq06LOyk+bjTLwHEXg9//sz dry4MryeFgPc0f1q3VTLJ+BL1DlpkPC6giIPZ3Ula8NiNveYkQTK/xJ0Xsuptndj 8RvkRE6GNtpraC+QXaE1mFylUopwukNeXN8t8TL4rPP27ZLDYmO3VkjHYR4StyGr uN1rZJDQR3AAt2jOlr1PQuULm3pNWbkcpK7vZ7WUtkibP4sESeb8KeP28TmdWkog FOAbwVhDGW26nSJshsu6Gf9YoFZE8W9RW1gL93t3f/ss0Qi6FX506OpnNCm4W5O7 pjDphJGXsCoHqduptYia3JPZZeYbcMzNRY5WkdVbG/PfajXiyIY+reWNegsodA/A fBJoyP2UtohJrFZXAOsMP+VRo5zqNhH9StbyCiDRYBM4w2CsuGdxJeHdBHn2EL9E xfJt0DyV2r3ju40JnaMgdpS1DxGORjM6XpW3hsTj5MgD25yy2ET73j6wZqFADYJJ CRa7eAPmnWeRLOOA6yv3dC+BSPvKJEsEEasZUGYFIsjynOxaWyQyK4ntp6FxtlMO Ofv0rt4Z8+XfAr2k9Ta35j8aCTKtHeMg2ACPAgEDo4IE3TCCBNkwCwYDVR0PBAQD AgFGMBMGCSsGAQQBgjcUAgQGHgQAQwBBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O BBYEFOUNZHGdyVLpwJsqaTPAk3zzgfXfMHAGA1UdHwRpMGcwZaBjoGGGMWh0dHA6 Ly9jZXJ0cy5vYXRpY2VydHMuY29tL3JlcG9zaXRvcnkvT0FUSUNBMi5jcmyGLGh0 dHA6Ly9jZXJ0cy5vYXRpLm5ldC9yZXBvc2l0b3J5L09BVElDQTIuY3JsMBAGCSsG AQQBgjcVAQQDAgEAMIIDdQYDVR0gBIIDbDCCA2gwggNkBggqhkiG/GYLATCCA1Yw ggNSBggrBgEFBQcCAjCCA0QeggNAAEYAbwByACAAbQBvAHIAZQAgAGkAbgBmAG8A cgBtAGEAdABpAG8AbgAgAHIAZQBnAGEAcgBkAGkAbgBnACAATwBBAFQASQAgAGMA ZQByAHQAaQBmAGkAYwBhAHQAZQBzACAAYQBuAGQAIAB0AGgAZQAgAE8AQQBUAEkA IAB3AGUAYgBDAEEAUgBFAFMAIABTAHkAcwB0AGUAbQAsACAAcABsAGUAYQBzAGUA IABzAGUAZQAgAHQAaABlACAATwBBAFQASQAgAEMAZQByAHQAaQBmAGkAYwBhAHQA aQBvAG4AIABQAHIAYQBjAHQAaQBjAGUAIABTAHQAYQB0AGUAbQBlAG4AdAAgACgA QwBQAFMAKQAgAGEAdAAgAHQAaABlACAAZgBvAGwAbABvAHcAaQBuAGcAIABsAG8A YwBhAHQAaQBvAG4AOgAgAGgAdAB0AHAAOgAvAC8AdwB3AHcALgBvAGEAdABpAGMA ZQByAHQAcwAuAGMAbwBtAC8AcgBlAHAAbwBzAGkAdABvAHIAeQAuACAAIABJAGYA IAB5AG8AdQAgAGgAYQB2AGUAIABzAHAAZQBjAGkAZgBpAGMAIABxAHUAZQBzAHQA aQBvAG4AcwAgAHQAaABhAHQAIABjAGEAbgBuAG8AdAAgAGIAZQAgAGEAbgBzAHcA ZQByAGUAZAAgAGIAeQAgAHQAaABlACAATwBBAFQASQAgAEMAUABTACAAbwByACAA dwBvAHUAbABkACAAbABpAGsAZQAgAE8AQQBUAEkAIAB3AGUAYgBDAEEAUgBFAFMA IABwAHIAbwBkAHUAYwB0ACAAaQBuAGYAbwByAG0AYQB0AGkAbwBuACwAIABwAGwA ZQBhAHMAZQAgAGUALQBtAGEAaQBsACAAeQBvAHUAcgAgAHIAZQBxAHUAZQBzAHQA cwAgAHQAbwAgAE8AQQBUAEkAIABhAHQAIAB0AGgAZQAgAGYAbwBsAGwAbwB3AGkA bgBnACAAYQBkAGQAcgBlAHMAcwA6ACAAQwB1AHMAdABvAG0AZQByAF8AUwBlAHIA dgBpAGMAZQBAAG8AYQB0AGkAYwBlAHIAdABzAC4AYwBvAG0ALjCBhwYIKwYBBQUH AQEEezB5MD0GCCsGAQUFBzAChjFodHRwOi8vY2VydHMub2F0aWNlcnRzLmNvbS9y ZXBvc2l0b3J5L09BVElDQTIuY3J0MDgGCCsGAQUFBzAChixodHRwOi8vY2VydHMu b2F0aS5uZXQvcmVwb3NpdG9yeS9PQVRJQ0EyLmNydDANBgkqhkiG9w0BAQUFAAOC AgEAsFcVBnu/4QCC+58H4Fb0rIQ1nIF1aHhRUNpweD+7Ndc8dmlPRQFtHS2vQrAz bv+cCvup0fyp2o+lS0qHLSKksuD0Fw4EuOsOQnMH79S6j0IS0w4tu21UyQHJP03W 7gxCVonaYjcLoUh9bMSxx6tEYsumPPRloH3f82BixYr4ifXbIYZTnefIME/bJXE5 LYTxKXghVpnWX0hJuzO4yc884ysVakReOglgPsDSIBZ2vGbyWwMZP0q2np7dohpY PnPvt2l7e5AHOZpnM7tWkrr+rp1iS1VhLpYfxlSVLWW+SRgR9/f9tsYGoTIPdW8W 4SRiyA5vOvKVgPGp+6B9TdWiQx+FYNZceSvMNM+hd+/m085zhbTYZ4mZvG/LDgcn LnVRiX/BO98NA7+IF+a8+pQMqBmww9GqgKgZ2bZE0pUrVyJbyC2uDtAIraJ7NADg lv+SyjnNwMPSzLn0N8NWpNemGoAebDNyzVb7X+Xd3DBb7rhMs99asJEk4o0cMQ8p swcghdZ2yj66d4v49VCFDU82cWtVEglAOwMVOP7ll3hLKB24gLuOsvrgsh3CeIkp s44M7ABfTke1ncvcTcLIdcg+UEbYfN+GyvVxKpQKbVdveOry1+XjV1R3W2KX1+yR zkJz3pBKv4IcldkZSND8mycZ+4nz5hATRNkCu8VfY29lmzE= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIHHzCCBgegAwIBAgIESPx+9TANBgkqhkiG9w0BAQUFADCBrjESMBAGCgmSJomT 8ixkARkWAnJzMRUwEwYKCZImiZPyLGQBGRYFcG9zdGExEjAQBgoJkiaJk/IsZAEZ FgJjYTEWMBQGA1UEAxMNQ29uZmlndXJhdGlvbjERMA8GA1UEAxMIU2VydmljZXMx HDAaBgNVBAMTE1B1YmxpYyBLZXkgU2VydmljZXMxDDAKBgNVBAMTA0FJQTEWMBQG A1UEAxMNUG9zdGEgQ0EgUm9vdDAeFw0wODEwMjAxMjIyMDhaFw0yODEwMjAxMjUy MDhaMIGuMRIwEAYKCZImiZPyLGQBGRYCcnMxFTATBgoJkiaJk/IsZAEZFgVwb3N0 YTESMBAGCgmSJomT8ixkARkWAmNhMRYwFAYDVQQDEw1Db25maWd1cmF0aW9uMREw DwYDVQQDEwhTZXJ2aWNlczEcMBoGA1UEAxMTUHVibGljIEtleSBTZXJ2aWNlczEM MAoGA1UEAxMDQUlBMRYwFAYDVQQDEw1Qb3N0YSBDQSBSb290MIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPK9iL7Ar0S+m0qiYxzWVqsdKbIcqhUeRdGs naBh1TX55FqDNmND3jhXFfzwlGL0B4BXg1eosxW8+00jeF/a9seBFr6r3+fcg1Nz K7bdY4iNRfMN3X2/6IiwZsFDXTfSbaGcmkbDsz/QwqCKlC6DpjzDYL0szB6LY4J2 QSjkFWtcDGE5VThByshm6Me4l1IQJnC3B7cJHqYTXq6ZWiZvZD3sxNOluVx2ZK1j fYiD4kvMDd7UxtMIQvVbF/Vx4ZEtA5+eHNyLcqToR2QQh2Qwc9jytPFXJpNXy7bH DYiLHc8FMF0E1nY36CAyV78PnDPGCIz2tMKpBrBbMKEeLRK6PwIDAQABo4IDQTCC Az0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwgboGA1UdIASBsjCB rzCBrAYLKwYBBAH6OAoKAQEwgZwwMAYIKwYBBQUHAgEWJGh0dHA6Ly93d3cuY2Eu cG9zdGEucnMvZG9rdW1lbnRhY2lqYTBoBggrBgEFBQcCAjBcGlpPdm8gamUgZWxl a3Ryb25za2kgc2VydGlmaWthdCBST09UIENBIHNlcnZlcmEgU2VydGlmaWthY2lv bm9nIHRlbGEgUG9zdGU6ICJQb3N0YSBDQSBSb290Ii4wEQYJYIZIAYb4QgEBBAQD AgAHMIIBvAYDVR0fBIIBszCCAa8wgcmggcaggcOkgcAwgb0xEjAQBgoJkiaJk/Is ZAEZFgJyczEVMBMGCgmSJomT8ixkARkWBXBvc3RhMRIwEAYKCZImiZPyLGQBGRYC Y2ExFjAUBgNVBAMTDUNvbmZpZ3VyYXRpb24xETAPBgNVBAMTCFNlcnZpY2VzMRww GgYDVQQDExNQdWJsaWMgS2V5IFNlcnZpY2VzMQwwCgYDVQQDEwNBSUExFjAUBgNV BAMTDVBvc3RhIENBIFJvb3QxDTALBgNVBAMTBENSTDEwgeCggd2ggdqGgaNsZGFw Oi8vbGRhcC5jYS5wb3N0YS5ycy9jbj1Qb3N0YSUyMENBJTIwUm9vdCxjbj1BSUEs Y249UHVibGljJTIwS2V5JTIwU2VydmljZXMsY249U2VydmljZXMsY249Q29uZmln dXJhdGlvbixkYz1jYSxkYz1wb3N0YSxkYz1ycz9jZXJ0aWZpY2F0ZVJldm9jYXRp b25MaXN0JTNCYmluYXJ5hjJodHRwOi8vc2VydGlmaWthdGkuY2EucG9zdGEucnMv Y3JsL1Bvc3RhQ0FSb290LmNybDArBgNVHRAEJDAigA8yMDA4MTAyMDEyMjIwOFqB DzIwMjgxMDIwMTI1MjA4WjAfBgNVHSMEGDAWgBTyy43iNe8QQ8Tae8r664kDoSKv uDAdBgNVHQ4EFgQU8suN4jXvEEPE2nvK+uuJA6Eir7gwHQYJKoZIhvZ9B0EABBAw DhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4IBAQBwRqHI5BcFZg+d4kMx SB2SkBnEhQGFFm74ks57rlIWxJeNCih91cts49XlDjJPyGgtNAg9c6iTQikzRgxE Z/HQmpxpAeWR8Q3JaTwzS04Zk2MzBSkhodj/PlSrnvahegLX3P+lPlR4+dPByhKV +YmeFOLyoUSyy+ktdTXMllW7OAuIJtrWrO/TUqILSzpT2ksiU8zKKiSaYqrEMpp+ 3MzBsmzNj9m0wM/1AsCMK4RbG0C8ENBQ4WHWZlaaBJGl49W9oC4igbHZONrkqIdf PEYElt7Jmju/rXhsHUlJtGm5cA8Fkla2/a+u+CAtRyPPthzNxJuATvm/McBUvrsx f/M+ -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFnDCCBISgAwIBAgIBZDANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJDWjEs MCoGA1UECgwjxIxlc2vDoSBwb8WhdGEsIHMucC4gW0nEjCA0NzExNDk4M10xHjAc BgNVBAMTFVBvc3RTaWdudW0gUm9vdCBRQ0EgMjAeFw0xMDAxMTkwODA0MzFaFw0y NTAxMTkwODA0MzFaMFsxCzAJBgNVBAYTAkNaMSwwKgYDVQQKDCPEjGVza8OhIHBv xaF0YSwgcy5wLiBbScSMIDQ3MTE0OTgzXTEeMBwGA1UEAxMVUG9zdFNpZ251bSBS b290IFFDQSAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFz8yBxf 2gf1uN0GGXknvGHwurpp4Lw3ZPWZB6nEBDGjSGIXK0Or6Xa3ZT+tVDTeUUjT133G 7Vs51D6z/ShWy+9T7a1f6XInakewyFj8PT0EdZ4tAybNYdEUO/dShg2WvUyfZfXH 0jmmZm6qUDy0VfKQfiyWchQRi/Ax6zXaU2+X3hXBfvRMr5l6zgxYVATEyxCfOLM9 a5U6lhpyCDf2Gg6dPc5Cy6QwYGGpYER1fzLGsN9stdutkwlP13DHU1Sp6W5ywtfL owYaV1bqOOdARbAoJ7q8LO6EBjyIVr03mFusPaMCOzcEn3zL5XafknM36Vqtdmqz iWR+3URAUgqE0wIDAQABo4ICaTCCAmUwgaUGA1UdHwSBnTCBmjAxoC+gLYYraHR0 cDovL3d3dy5wb3N0c2lnbnVtLmN6L2NybC9wc3Jvb3RxY2EyLmNybDAyoDCgLoYs aHR0cDovL3d3dzIucG9zdHNpZ251bS5jei9jcmwvcHNyb290cWNhMi5jcmwwMaAv oC2GK2h0dHA6Ly9wb3N0c2lnbnVtLnR0Yy5jei9jcmwvcHNyb290cWNhMi5jcmww gfEGA1UdIASB6TCB5jCB4wYEVR0gADCB2jCB1wYIKwYBBQUHAgIwgcoagcdUZW50 byBrdmFsaWZpa292YW55IHN5c3RlbW92eSBjZXJ0aWZpa2F0IGJ5bCB2eWRhbiBw b2RsZSB6YWtvbmEgMjI3LzIwMDBTYi4gYSBuYXZhem55Y2ggcHJlZHBpc3UvVGhp cyBxdWFsaWZpZWQgc3lzdGVtIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQgYWNjb3Jk aW5nIHRvIExhdyBObyAyMjcvMjAwMENvbGwuIGFuZCByZWxhdGVkIHJlZ3VsYXRp b25zMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQW BBQVKYzFRWmruLPD6v5LuDHY3PDndjCBgwYDVR0jBHwweoAUFSmMxUVpq7izw+r+ S7gx2Nzw53ahX6RdMFsxCzAJBgNVBAYTAkNaMSwwKgYDVQQKDCPEjGVza8OhIHBv xaF0YSwgcy5wLiBbScSMIDQ3MTE0OTgzXTEeMBwGA1UEAxMVUG9zdFNpZ251bSBS b290IFFDQSAyggFkMA0GCSqGSIb3DQEBCwUAA4IBAQBeKtoLQKFqWJEgLNxPbQNN 5OTjbpOTEEkq2jFI0tUhtRx//6zwuqJCzfO/KqggUrHBca+GV/qXcNzNAlytyM71 fMv/VwgL9gBHTN/IFIw100JbciI23yFQTdF/UoEfK/m+IFfirxSRi8LRERdXHTEb vwxMXIzZVXloWvX64UwWtf4Tvw5bAoPj0O1Z2ly4aMTAT2a+y+z184UhuZ/oGyMw eIakmFM7M7RrNki507jiSLTzuaFMCpyWOX7ULIhzY6xKdm5iQLjTvExn2JTvVChF Y+jUu/G0zAdLyeU4vaXdQm1A8AEiJPTd0Z9LAxL6Sq2iraLNN36+NyEK/ts3mPLL -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIHMDCCBRigAwIBAgICD6AwDQYJKoZIhvcNAQENBQAwZTELMAkGA1UEBhMCQ1ox FzAVBgNVBGETDk5UUkNaLTQ3MTE0OTgzMR0wGwYDVQQKDBTEjGVza8OhIHBvxaF0 YSwgcy5wLjEeMBwGA1UEAxMVUG9zdFNpZ251bSBSb290IFFDQSA0MB4XDTE4MDcy NjA5NTYwOFoXDTM4MDcyNjA5NTYwOFowZTELMAkGA1UEBhMCQ1oxFzAVBgNVBGET Dk5UUkNaLTQ3MTE0OTgzMR0wGwYDVQQKDBTEjGVza8OhIHBvxaF0YSwgcy5wLjEe MBwGA1UEAxMVUG9zdFNpZ251bSBSb290IFFDQSA0MIICIjANBgkqhkiG9w0BAQEF AAOCAg8AMIICCgKCAgEAxmaNgqB+vosiJXgQwAiLmhl/1a0AFA5k3t4hcB3IYUL6 VRyLnjvonYJHfLuOAn6dS9zi++i3PZkRqB1xHkfCJNFClXxk4tfbmhDeTJ6mQjx+ fu2wywPtxrtd/Dn0xO6Kc7Mb/ffwaFSSh6f0bZt61RLov4JPNKOvhq9qjOQgjGZy rBGIle60IppJm8bl0A5bmRL4FQygNwIascskyl0Vy69LHx4CNUIwtgN7b1s++leV NpETeLFpCtPdLoxEswg/kJuMRf8XaBZmGJIYSArCKIVYyC/gO7PRUmiwv2yLYdm7 9xvCd1xoIXHqPd23bqQs4vr5O0QzmYjU6kZbuLV8GIBuVFOH35tjtOUxMrZ+2Dja yuNcNc7OGnAoofqXvD5dfp5snqP+ZZYlVPXi9Y+N5e4PLt0rdud+uiLDW27ekSXR hvJMBxJxSb8XFgKPUbMnatCNTmtFaD9nfv5Uhlx7kfn2XzO61rnzuf2CcgSlNiT7 TQSXepGBIPjg+5QYJlhacazdL7JHdUTjJqYVbnA/Zje68lzDMfL1wDSMExh2HWGL VGJZj6inVKBZB+4suo7FtdqyzT9AmVW9a1ekPlk7g/s93freyoA/EIwHy/Hvosk7 VivLdYwU8IdUbX8JMA1QaxVgkMe6F7A7EKvFujf1L/nAnPt5CC0A2niFS+XBMikC AwEAAaOCAegwggHkMIGlBgNVHR8EgZ0wgZowMaAvoC2GK2h0dHA6Ly9jcmwucG9z dHNpZ251bS5jei9jcmwvcHNyb290cWNhNC5jcmwwMqAwoC6GLGh0dHA6Ly9jcmwy LnBvc3RzaWdudW0uY3ovY3JsL3Bzcm9vdHFjYTQuY3JsMDGgL6AthitodHRwOi8v Y3JsLnBvc3RzaWdudW0uZXUvY3JsL3Bzcm9vdHFjYTQuY3JsMIHVBgNVHSAEgc0w gcowgccGBFUdIAAwgb4wgbsGCCsGAQUFBwICMIGuGoGrVGVudG8gY2VydGlmaWth dCBwcm8gZWxla3Ryb25pY2tvdSBwZWNldCBieWwgdnlkYW4gdiBzb3VsYWR1IHMg bmFyaXplbmltIEVVIGMuIDkxMC8yMDE0LlRoaXMgaXMgYSBjZXJ0aWZpY2F0ZSBm b3IgZWxlY3Ryb25pYyBzZWFsIGFjY29yZGluZyB0byBSZWd1bGF0aW9uIChFVSkg Tm8gOTEwLzIwMTQuMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEG MB8GA1UdIwQYMBaAFJMYNh+paXBRNapPP6yNUH4mBSkKMB0GA1UdDgQWBBSTGDYf qWlwUTWqTz+sjVB+JgUpCjANBgkqhkiG9w0BAQ0FAAOCAgEAO01Radk3mUuojS9G +JksIhH6qWebQZg0UpN2v5H22JEI+HfBat2ept+TMmB9o9D51rhRoC8Y85yS0WB9 JJCMauZcF77PjF2LTT4pO/bvEgI3ahrjf63iJiTNHFNztqyzKuOBGNAqQ2S0bV9a GNcAqvSbF7gJbyDE/74EFz9Qq0BHnmQJH4xQN3uzGJPM8XkRvxRgj+SD/tXnqGGI PWurj4J6GGBsIfr6ecYReq9B2syPC9E4uB8qFfvEQunA9NJ2mLLoCqtTICU3/t95 IvUVOBl1o6q+QmYEfmUg2qJuIBbtXb5WhQ5hkRfIBFlQ8upyZQZaXXqlmJmjZJzk dNk7hstyRP7BhVdgyCyHZtBTX2p+cEO644M0fzw58ORo0s1zvG/tooRm9tWg+5ry hLmG2Xcrll4V+QxjFgmG8wFakq2AqNq4W7PxDHiAl/xqnh/kNgwkI+7VoTHrdqrz CSbyAwzjDd9T2kgRxQG8U6vfuEt84iNtySCdmp6pWPNPkfjNOGCQEv7GamcUlHw4 11SfvD70YnW5nxgNdmqxcDcUtxzGngcXtFa/qAjxWR7TS25ESNkzzKAZELQs9ORy DLQkgzbYhCLdvDolc33xA0+Ge1bjzpH6PbpGDZxmWKTFM2ZJQQYNvWH7P55T3pbE 53TUes0DYl+ICmA+jPmN4YzcGrI= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICdDCCAfqgAwIBAgIEBfXhAzAKBggqhkjOPQQDAzB4MSEwHwYDVQQDDBhJLkNB IFJvb3QgQ0EvRUNDIDA1LzIwMjIxLTArBgNVBAoMJFBydm7DrSBjZXJ0aWZpa2HE jW7DrSBhdXRvcml0YSwgYS5zLjEXMBUGA1UEYQwOTlRSQ1otMjY0MzkzOTUxCzAJ BgNVBAYTAkNaMB4XDTIyMDUwMzEyMTAwMFoXDTQ3MDUwMzEyMTAwMFoweDEhMB8G A1UEAwwYSS5DQSBSb290IENBL0VDQyAwNS8yMDIyMS0wKwYDVQQKDCRQcnZuw60g Y2VydGlmaWthxI1uw60gYXV0b3JpdGEsIGEucy4xFzAVBgNVBGEMDk5UUkNaLTI2 NDM5Mzk1MQswCQYDVQQGEwJDWjB2MBAGByqGSM49AgEGBSuBBAAiA2IABMF8C82C gbNtUNlAE2Vu34TjoDNT6kALav15eU0tqcTIPEOT33uvScANNFdLxOJWDJ74qxSU 2R7rU1zihlkzvOoXVsO+Xi1xaNwvxe5BKTzuAihf3FRPd/6YzMQMYwJSUaNVMFMw EQYDVR0gBAowCDAGBgRVHSAAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD AgEGMB0GA1UdDgQWBBRAJ5B0QwXUzyfgd/MbKC28LUgm4TAKBggqhkjOPQQDAwNo ADBlAjEA8ablZ3kU7ULAR/gNaBOnGJ4HYlzUgcoUXVVpZgWR+7vlHmeb15ASCLr7 LuQMHHI2AjA/WMRr/DHG41fGi7b3mO0vtTVbiXxFTBWZfdwBnYg8B+xrP2X/HBsF inSYcCkqYqI= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICvjCCAiCgAwIBAgIEBfXhATAKBggqhkjOPQQDBDB4MQswCQYDVQQGEwJDWjEt MCsGA1UECgwkUHJ2bsOtIGNlcnRpZmlrYcSNbsOtIGF1dG9yaXRhLCBhLnMuMRcw FQYDVQRhDA5OVFJDWi0yNjQzOTM5NTEhMB8GA1UEAwwYSS5DQSBSb290IENBL0VD QyAxMi8yMDE2MB4XDTE2MTIwNzExMDAwMFoXDTQxMTIwNzExMDAwMFoweDELMAkG A1UEBhMCQ1oxLTArBgNVBAoMJFBydm7DrSBjZXJ0aWZpa2HEjW7DrSBhdXRvcml0 YSwgYS5zLjEXMBUGA1UEYQwOTlRSQ1otMjY0MzkzOTUxITAfBgNVBAMMGEkuQ0Eg Um9vdCBDQS9FQ0MgMTIvMjAxNjCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAftR Bb2dghxXs6Ux+c+wN9n65c7jLZWUzLty376ONIGEtyRBKRZ6cJRb0nPN7MahIa1r p+62J9aNMH5pabDyMw/aAagmk+jmrpgBSfOx97Rn4Ykjru9oJMYpeC2IoDlPQ9vB 3/JU/EF6lzO/10wdL1vKoOR1BmkYFu6f6wziidk9tmfQo1UwUzAOBgNVHQ8BAf8E BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUddg3MwTzndDrHQqP5+Ym zNBNKyowEQYDVR0gBAowCDAGBgRVHSAAMAoGCCqGSM49BAMEA4GLADCBhwJBGieo oGlHxjtDibWSwrV99tHrZTmU4EsvGb4vctlUlmnhRwEBp4tsf8PF8Ra2TbowhgS0 y/N0XUH9Dn0I7ein2l0CQgGGuyiX8t/fYzue3h+GvevqS0lw2n4E8ea5yLUKNM0A B2eYVTxHkwWvbgOgl8nwCtsTSq1HleJIspSWOPt9F3Mf0g== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGfjCCBGagAwIBAgIEBfXhADANBgkqhkiG9w0BAQ0FADBwMQswCQYDVQQGEwJD WjEtMCsGA1UECgwkUHJ2bsOtIGNlcnRpZmlrYcSNbsOtIGF1dG9yaXRhLCBhLnMu MRkwFwYDVQQDDBBJLkNBIFJvb3QgQ0EvUlNBMRcwFQYDVQQFEw5OVFJDWi0yNjQz OTM5NTAeFw0xNTA1MjcxMjIwMDBaFw00MDA1MjcxMjIwMDBaMHAxCzAJBgNVBAYT AkNaMS0wKwYDVQQKDCRQcnZuw60gY2VydGlmaWthxI1uw60gYXV0b3JpdGEsIGEu cy4xGTAXBgNVBAMMEEkuQ0EgUm9vdCBDQS9SU0ExFzAVBgNVBAUTDk5UUkNaLTI2 NDM5Mzk1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqj9VtYmvdhQG KmQmlDgPX/bcBG8xRfUK/Tt/m3Jv+EB8/l39NJkFOJRJurHwvfiZXMBR+qoN++Zx FYVjESp3BpGSBoiz/BThmUa0KYKuhIPutSaHbviLVUSdQNj/Klqq6H/SZeEUR8J8 Mf11YQobjIBKnrTiLhRHMe68BVGupn7PEbjFSL0FVMKE5Kdoa/i4+n4oybnP5CFP ZcmIaKA42XWlETtMHG5LHtSGbMGtBUfTLJQNzIctGi3D1szehP7sa8DhIxOh05wY fuBy11xVvEyzQDEbnEDNmuuADnGu12JuWhZPH/ZlRdGfeoVBGcJ6Os4hkuSUcEy7 qEHGxLs1zfU6nmOpjaBq0SBEqiq2SKVyw86e5FhIRwl/AkHzDRxtCXjw1xTRoFX8 EdZaGgB55TvmCMtSnqQJq2vnbJwqLyJ9+7lQst5Q0y8McrnWs7ezCObre6z0tMX2 wTIfpxkh9dxeN6rHH1ObQz7mnp/aDddWog9TaS1Vv+uGeBG/ptdaTfMOk3Pq/w7Q 54/xyLPw2BhzbKVyiPFwTEdUtpta0bwmN40Y35trLtsLJbOKsuOtBlxtu30XAwcB ijCXiXRtSpR3Luvuz7Aetep29LUUOJXX1dkvP7KkJsxNo1yNCfNeDIUyzlZsAgjx S6Orv8hUoAWFdOR1HXq8nDtgPWr9GZECAwEAAaOCAR4wggEaMA4GA1UdDwEB/wQE AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR2uQNI+9UYoaE3oO3MaIJM UjQ2DTCB1wYDVR0gBIHPMIHMMIHJBgRVHSAAMIHAMIG9BggrBgEFBQcCAjCBsBqB rVRlbnRvIGt2YWxpZmlrb3Zhbnkgc3lzdGVtb3Z5IGNlcnRpZmlrYXQgYnlsIHZ5 ZGFuIHBvZGxlIHpha29uYSAyMjcvMjAwMCBTYi4gdiBwbGF0bmVtIHpuZW5pL1Ro aXMgcXVhbGlmaWVkIHN5c3RlbSBjZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFjY29y ZGluZyB0byBBY3QgTm8uIDIyNy8yMDAwIENvbGwuMA0GCSqGSIb3DQEBDQUAA4IC AQAZVAIlg9silosdlZ6Z2zTOk9AfLntcYCRqDNeFRHgfHEnyFPiDVBmmnTJmuCOm O4Yqnzb8F/xQD2DGN/0kqPd5p46/2AcVVF5SDL74ptjIQUTx9hPcgxlbr91k9zMW hw8VWvFkvNTnVT8yOIma88xIxWwxcZKaJhfCfEcCbTUnn/Ma4aodDXQRqZN8Qahv u46cxQHkc/a6UC7mENS8bxOaOLlpRqUG1vJMbDerPPjbGsZV8Mj4HSFuLwBqseJt WgQtfd0JT/bvFC/AEuoJGSsayqBxm7E6Mrz/QxjzfS/1LojpUbbxSZBM/ybHw1nd dF/BUF04XJ1oVWlqtEB3yV8yKUhUk8GzISN2oVUwaSM/MUnEoc07dlmVWoK0rXG1 vqaRzIAVSi/OlK4YVUl1IES48wGbwXgsjhBMp2StrTrrTB1WLn+U1B7QCtXJVIEO Hv73lPlhOj817tNgyftIsm7C2b56bpgFcACj0RfHxjSvbPVNj11SDN2Am3pt55jj OYVcP4vMRKJANjKTElaQAp4+WWgCH1aIHq/B/g97VY2X2bumk0e6fPhHtjnXjPJA bIecDP4t3dxx/A6RCKRDPYpX3d0H66eXUdC6hJmti3n+yQSQgxMr6ZcNZYnyES03 jku4u9J6OSrF3NBdDd0EJ5ifWP2OhrsFf/DtN5KQ3Zy9/A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFwzCCA6ugAwIBAgIEBfXhAjANBgkqhkiG9w0BAQ0FADB4MSEwHwYDVQQDDBhJ LkNBIFJvb3QgQ0EvUlNBIDA1LzIwMjIxLTArBgNVBAoMJFBydm7DrSBjZXJ0aWZp a2HEjW7DrSBhdXRvcml0YSwgYS5zLjEXMBUGA1UEYQwOTlRSQ1otMjY0MzkzOTUx CzAJBgNVBAYTAkNaMB4XDTIyMDUwMzEyMDUwMFoXDTQ3MDUwMzEyMDUwMFoweDEh MB8GA1UEAwwYSS5DQSBSb290IENBL1JTQSAwNS8yMDIyMS0wKwYDVQQKDCRQcnZu w60gY2VydGlmaWthxI1uw60gYXV0b3JpdGEsIGEucy4xFzAVBgNVBGEMDk5UUkNa LTI2NDM5Mzk1MQswCQYDVQQGEwJDWjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC AgoCggIBALI/FKJKQK/bDCQ4rD4u2Y3X3Zo4vey4yPbde1t0CRgVlZnR1y5inR4v B41NFBxi/QOVsos0n68i/Ap2yI8TJWrOTxKCo6gELj1H4cL7zJ4XrheMdbQZ9bkM 3j5jbg1dg1fU+zjmQjLPJbQyk9sImf/eq7x/hjPsNr1Uo2Mz1XBa6KY7Svmlx2Bt +P22IptmGAgANpZO91s5TwfHXBJCUSG5s5xr/CdKd/AeXAlh1d7bcfhjkBEMyaAc ILqK/TKOh9L8rFKt94s2a98qPXFKIh5fof/qp6hzlIGrnJMibK0g8uEJGv9vqQgd ECQ4tJfAF+b2vAFHtYsrBEbH9uxYmu01SKa0KK5XzVvpvHhdm6AnEPG3wSnkKnot eITnS765oxryT6xz9c+E0sO+B3Mau8bdHUUOLwc0Mprn17esgEyGFaivx21NdKRh 7hrBoEqTgo4jrS9C+ipqM1x+jbKudDxDG7rv2GQOnJkHctxkUSEh7clq7rrwetU1 A/x4Udr2EC+lOhEhse0FS9ffLsux1NpyJv4fEr1n+fg/P4CzrowIpiB+8UTPBAkF afjbUFkLQ5GdNZMkAbkyVBZSC5HdBA9/JmHT/I+lgGzQVUwaL6hba2W+Li3bQB04 o6OXj9gLWjmqdSHEiYB9qWXN/dXwPgRwmJyjaBr2syfSVjHo6PZnAgMBAAGjVTBT MBEGA1UdIAQKMAgwBgYEVR0gADAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE AwIBBjAdBgNVHQ4EFgQU+87+8S3hiIuKF0aIaqm67qoibOcwDQYJKoZIhvcNAQEN BQADggIBAFnSddf9L7Ll0uqS+B5+t4vG9c0FigKTOqbal7dfZTbzlxLmd2lMT+97 FAkcb7KaXpzSW3ofw0/4yqRxS2RHYwKGzcetZPBho33tgWd+Sq4WB8vcYSpFwnwg 7SCFKMNbIQskQJoyLHPQAeEZ6NZd4Tsn+UfRvvuKpHCakYXiw2SNRZrWfwCkmEpE Cc2wjQPqcwhpuw4POYHdUFlehLVsJJvVRrT8cjuarM86G5RFNUN3mt9o7cAtlRom kbZwHymWkkyTDP0wCanfu09krPdxiHgj9Ti5y+/H6+akmSWuwARvwuY5y47Sxv4e 0Icc4HJyzZLduzMMGLn93gVe5SXC6ika3wp2fP+FakFYKUlFO8hqUVSl6Mx+rmzz hsCP2B5cSLFpxdQeomZEh7EZ+rxpb0wE0y9MR7ebn1NJHdoRouq+T2LYR5faoXH6 EAh9GFnp8WpTnqogZiYouakkwjUnkpD77nSF0vaUHbiXOPDN6IujHRlT3bTlJu5u /pNg3wJfEP7Dfh5EDvcSsNT8cTZU9pzoqgwQW/7jJ5jjILRQvNSczzUrKstlu4D2 iRYfEo7YmOYWH/KH6n2FJkrZV2L2lxpwrVZz/DCjK6qklzSHBTDguFZ6JcNaPPlu O21Zr2CPXwm5JhBwqzyAcF4/c7+vXjOtwYGxiLmIq1RZUjtQ1iJz -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFyzCCA7OgAwIBAgIEBfXhBDANBgkqhkiG9w0BAQ0FADB8MSUwIwYDVQQDDBxJ LkNBIFRMUyBSb290IENBL1JTQSAwNS8yMDIyMS0wKwYDVQQKDCRQcnZuw60gY2Vy dGlmaWthxI1uw60gYXV0b3JpdGEsIGEucy4xFzAVBgNVBGEMDk5UUkNaLTI2NDM5 Mzk1MQswCQYDVQQGEwJDWjAeFw0yMjA1MDMxMjE1MDBaFw00NzA1MDMxMjE1MDBa MHwxJTAjBgNVBAMMHEkuQ0EgVExTIFJvb3QgQ0EvUlNBIDA1LzIwMjIxLTArBgNV BAoMJFBydm7DrSBjZXJ0aWZpa2HEjW7DrSBhdXRvcml0YSwgYS5zLjEXMBUGA1UE YQwOTlRSQ1otMjY0MzkzOTUxCzAJBgNVBAYTAkNaMIICIjANBgkqhkiG9w0BAQEF AAOCAg8AMIICCgKCAgEA1YKsEk5Juz5zQW0I+WJpnextUctdtjOUWoE/P7i8Of6L Fie7QNBcUWaEWfm5srqCHh97Lvu8VNRI04fH0CSrkmxRNO24Pc7UWJmWwZhdnmi+ W7/R+RpoMIZOaskGu33+LHxsvSyHHupPupaoPKEDyGTg9CMLWBU9ekRwa5oey2Bu r7Zei8ssVj+RM1+/sJWz/64/8V/UoqKTDf0fP3ENjyTHDLT9xYSJx56Wx7AyNDlv Zb2Fe97CjWkxPQ88+BVVq0giYc6JaRBqI/DA4DPtH28a01kcIQLwEs3e4ziz2Q4J kyAXw2BF9MZ4jzypVZgEM7/JqODY2FXt1STEu+bQMRi89gCk7khB/SknDoTS6IkS SK1uJkg89ULfm/Pxrgvz5ePm7NsbW9q8kH78/1NqQ8M5tPR5yLw8lmFk0gQj+opW ojMUEhPqKD4Ifhun1HTBgsdySnt5LCyUKzEmPVyFssvQ5R6Jn44+mvOLC62AcAIZ lRQjxPB/pYbaN1O7m8hFn6emvQops78HJdHHZZ2DgR+T7oNtZwDdboXNHxWti1ti oYT9TXvtqwbagar3wEsiU1ncplKSxduegq/qkC/asnyJqhhy8ILes4r/ImUrzjtO A94WlwzpSgvJLQaPSuVjpTUtYq4vwHXIsVoNQ7buCVoUkKCpokssNRrsrxDFnocC AwEAAaNVMFMwEQYDVR0gBAowCDAGBgRVHSAAMA8GA1UdEwEB/wQFMAMBAf8wDgYD VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRylXo7ia1RchFD/k/irzk6bQFoPzANBgkq hkiG9w0BAQ0FAAOCAgEApE0ZHZ+HJoiPfOB6K14asF+UyzMiJ2MsGpyIflyKb4OW 0y39FuaLhYPVn5iGZnvRyobf/Jas2pkqQHY1TMajmN19Y/HwnHym3EZkcbmITW2+ oVCU7NORiUOt6aEqRTcrEEJdPzgwVfHiW5bcWfqivRO1wJ/hVNldpr/f5iXZiLCf 1dO6Sq89eq0PYFu4PTUzwIGXgEm2WYZUO/pxjfoja9Vt5+OXWReb1IjeqkJDc1Wo jYXUC+WKnEfxN8R77NvH3/o/qz8BpZbq7MPGhYWp7vvFel1m/K4Asac7WVq/VvLj WO9cwy3vjMyFifBPgKN+lDvA3pCeYnko0sdFhAZlRv6drM7wix3q1vSwLiQB/462 mTvZWaEZ2DyTCQSuFwWKZwdK6wZe32fhp7saSzel2Q+uzXG8YtLJgWwPIIj6YBRl o/97WCoAaaIJR4GO+MgoXx7Q4ttyYySo5q22qpKwVoRA/y11ANtyeykE5amGpkbO k/jo7+40znZDkrrhmPRzZFvcKDcX1zJHhun5+p6qMKOpiq0QpuYXOCVgC9VH6Ky5 K8PmX0ort11ZBPLA2Fl06gs2h9A0YVdAwEtxh+c5MCltJY20KL6gPv5+ilqkM8x7 Nor9gRi0ttpp5MRbXzXN/apX+UkAFid7k9dUlsTnc/wvlmOLq1eYP16/wB6XYV8= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00 MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEgRzMwggIiMA0GCSqG SIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakEPBtV wedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWe rNrwU8lmPNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF341 68Xfuw6cwI2H44g4hWf6Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh 4Pw5qlPafX7PGglTvF0FBM+hSo+LdoINofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXp UhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/lg6AnhF4EwfWQvTA9xO+o abw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV7qJZjqlc 3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/G KubX9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSt hfbZxbGL0eUQMk1fiyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KO Tk0k+17kBL5yG6YnLUlamXrXXAkgt3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOt zCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB BjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZIhvcNAQELBQAD ggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2 cDMT/uFPpiN3GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUN qXsCHKnQO18LwIE6PWThv6ctTr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5 YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP+V04ikkwj+3x6xn0dxoxGE1nVGwv b2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh3jRJjehZrJ3ydlo2 8hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fawx/k NSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNj ZgKAvQU6O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhp q1467HxpvMc7hU6eFbm0FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFt nh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXD -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp +ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og /zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y 4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza 8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQEL BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00 MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzMwggIiMA0GCSqG SIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFhZiFf qq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMW n4rjyduYNM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ym c5GQYaYDFCDy54ejiK2toIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+ O7q414AB+6XrW7PFXmAqMaCvN+ggOp+oMiwMzAkd056OXbxMmO7FGmh77FOm6RQ1 o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+lV0POKa2Mq1W/xPtbAd0j IaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZoL1NesNKq IcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz 8eQQsSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43eh vNURG3YBZwjgQQvD6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l 7ZizlWNof/k19N+IxWA1ksB8aRxhlRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALG cC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB BjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZIhvcNAQELBQAD ggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RC roijQ1h5fq7KpVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0Ga W/ZZGYjeVYg3UQt4XAoeo0L9x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4n lv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgzdWqTHBLmYF5vHX/JHyPLhGGfHoJE +V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jwDQHV csaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtd dbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNg KCLjsZWDzYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeM HVOyToV7BjjHLPj4sHKNJeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4 WSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB 4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd 8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A 4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0 aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0 7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd +LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B 4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57 k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK 4SVhM7JZG+Ju1zdXtg2pEto= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQEL BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00 MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMgRzMwggIiMA0GCSqG SIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286IxSR /xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNu FoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXR U7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+c ra1AdHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERROR FHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/k A9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzw eyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634Ryl sSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBp VzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0Q A4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB BjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQAD ggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnI FUBhynLWcKzSt/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5Wvv oxXqA/4Ti2Tk08HS6IT7SdEQTXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFg u/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9DuDcpmvJRPpq3t/O5jrFc/ZSXPsoaP 0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGibIh6BJpsQBJFxwAYf 3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmDhPbl 8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+ DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HN PlopNLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ ywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8 t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy 1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/ SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICODCCAb6gAwIBAgIJANZdm7N4gS7rMAoGCCqGSM49BAMDMGExCzAJBgNVBAYT AkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSswKQYD VQQDEyJTZWN1cml0eSBDb21tdW5pY2F0aW9uIEVDQyBSb290Q0ExMB4XDTE2MDYx NjA1MTUyOFoXDTM4MDExODA1MTUyOFowYTELMAkGA1UEBhMCSlAxJTAjBgNVBAoT HFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKzApBgNVBAMTIlNlY3VyaXR5 IENvbW11bmljYXRpb24gRUNDIFJvb3RDQTEwdjAQBgcqhkjOPQIBBgUrgQQAIgNi AASkpW9gAwPDvTH00xecK4R1rOX9PVdu12O/5gSJko6BnOPpR27KkBLIE+Cnnfdl dB9sELLo5OnvbYUymUSxXv3MdhDYW72ixvnWQuRXdtyQwjWpS4g8EkdtXP9JTxpK ULGjQjBAMB0GA1UdDgQWBBSGHOf+LaVKiwj+KBH6vqNm+GBZLzAOBgNVHQ8BAf8E BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjAVXUI9/Lbu 9zuxNuie9sRGKEkz0FhDKmMpzE2xtHqiuQ04pV1IKv3LsnNdo4gIxwwCMQDAqy0O be0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70eN9k= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFfzCCA2egAwIBAgIJAOF8N0D9G/5nMA0GCSqGSIb3DQEBDAUAMF0xCzAJBgNV BAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScw JQYDVQQDEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTMwHhcNMTYwNjE2 MDYxNzE2WhcNMzgwMTE4MDYxNzE2WjBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UEAxMeU2VjdXJpdHkg Q29tbXVuaWNhdGlvbiBSb290Q0EzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC CgKCAgEA48lySfcw3gl8qUCBWNO0Ot26YQ+TUG5pPDXC7ltzkBtnTCHsXzW7OT4r CmDvu20rhvtxosis5FaU+cmvsXLUIKx00rgVrVH+hXShuRD+BYD5UpOzQD11EKzA lrenfna84xtSGc4RHwsENPXY9Wk8d/Nk9A2qhd7gCVAEF5aEt8iKvE1y/By7z/MG TfmfZPd+pmaGNXHIEYBMwXFAWB6+oHP2/D5Q4eAvJj1+XCO1eXDe+uDRpdYMQXF7 9+qMHIjH7Iv10S9VlkZ8WjtYO/u62C21Jdp6Ts9EriGmnpjKIG58u4iFW/vAEGK7 8vknR+/RiTlDxN/e4UG/VHMgly1s2vPUB6PmudhvrvyMGS7TZ2crldtYXLVqAvO4 g160a75BflcJdURQVc1aEWEhCmHCqYj9E7wtiS/NYeCVvsq1e+F7NGcLH7YMx3we GVPKp7FKFSBWFHA9K4IsD50VHUeAR/94mQ4xr28+j+2GaR57GIgUssL8gjMunEst +3A7caoreyYn8xrC3PsXuKHqy6C0rtOUfnrQq8PsOC0RLoi/1D+tEjtCrI8Cbn3M 0V9hvqG8OmpI6iZVIhZdXw3/JzOfGAN0iltSIEdrRU0id4xVJ/CvHozJgyJUt5rQ T9nO/NkuHJYosQLTA70lUhw0Zk8jq/R3gpYd0VcwCBEF/VfR2ccCAwEAAaNCMEAw HQYDVR0OBBYEFGQUfPxYchamCik0FW8qy7z8r6irMA4GA1UdDwEB/wQEAwIBBjAP BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4ICAQDcAiMI4u8hOscNtybS YpOnpSNyByCCYN8Y11StaSWSntkUz5m5UoHPrmyKO1o5yGwBQ8IibQLwYs1OY0PA FNr0Y/Dq9HHuTofjcan0yVflLl8cebsjqodEV+m9NU1Bu0soo5iyG9kLFwfl9+qd 9XbXv8S2gVj/yP9kaWJ5rW4OH3/uHWnlt3Jxs/6lATWUVCvAUm2PVcTJ0rjLyjQI UYWg9by0F1jqClx6vWPGOi//lkkZhOpn2ASxYfQAW0q3nHE3GYV5v4GwxxMOdnE+ OoAGrgYWp421wsTL/0ClXI2lyTrtcoHKXJg80jQDdwj98ClZXSEIx2C/pHF7uNke gr4Jr2VvKKu/S7XuPghHJ6APbw+LP6yVGPO5DtxnVW5inkYO0QR4ynKudtml+LLf iAlhi+8kTtFZP1rUPcmTPCtk9YENFpb3ksP+MW/oKjJ0DvRMmEoYDjBU1cXrvMUV nuiZIesnKwkK2/HmcBhWuwzkvvnoEKQTkrgc4NtnHVMDpCKn3F2SEDzq//wbEBrD 2NCcnWXL0CsnMQMeNuE9dnUM/0Umud1RvCPHX9jYhxBAEg09ODfnRDwYwFMJZI// 1ZqmfHAuc1Uh6N//g7kdPjIe1qZ9LPFm6Vwdp6POXiUyK+OVrCoHzrQoeIY8Laad TdJ0MN1kURXbg4NR16/9M51NZg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B 3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT 79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs 8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG jjxDah2nGN59PRbxYvnKkKj9 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe 3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIID0DCCArigAwIBAgIQIKTEf93f4cdTYwcTiHdgEjANBgkqhkiG9w0BAQUFADCB gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTAxMDEwMDAw MDBaFw0zMDEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI 2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp +2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O nKVIrLsm9wIDAQABo0IwQDAdBgNVHQ4EFgQUC1jli8ZMFTekQKkwqSG+RzZaVv8w DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD ggEBAC/JxBwHO89hAgCx2SFRdXIDMLDEFh9sAIsQrK/xR9SuEDwMGvjUk2ysEDd8 t6aDZK3N3w6HM503sMZ7OHKx8xoOo/lVem0DZgMXlUrxsXrfViEGQo+x06iF3u6X HWLrp+cxEmbDD6ZLLkGC9/3JG6gbr+48zuOcrigHoSybJMIPIyaDMouGDx8rEkYl Fo92kANr3ryqImhrjKGsKxE5pttwwn1y6TPn/CbxdFqR5p2ErPioBhlG5qfpqjQi pKGfeq23sqSaM4hxAjwu1nqyH6LKwN0vEJT9s4yEIHlG1QXUEOTS22RPuFvuG8Ug R1uUq27UlTMdphVx8fiUylQ5PsE= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5 MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR 6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC 9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV /erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z +pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB /wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM 4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV 2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl 0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB NVOFBkpdn627G190 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEojCCA4qgAwIBAgIQRL4Mi1AAJLQR0zYlJWfJiTANBgkqhkiG9w0BAQUFADCB rjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3Qt Q2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbDAeFw05OTA3MDkxNzI4NTBa Fw0xOTA3MDkxNzM2NThaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAV BgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5l dHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UE AxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWls MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmFpPJ9q0E7YkY3rs3B YHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJkxIW9 hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6l L8/K2m2qL+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLm SGHGTPNpsaguG7bUMSAsvIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM 1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMeoYV+9Udly/hNVyh00jT/MLbu9mIwFIws 6wIDAQABo4G5MIG2MAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud DgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTBYBgNVHR8EUTBPME2gS6BJhkdodHRw Oi8vY3JsLnVzZXJ0cnVzdC5jb20vVVROLVVTRVJGaXJzdC1DbGllbnRBdXRoZW50 aWNhdGlvbmFuZEVtYWlsLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH AwQwDQYJKoZIhvcNAQEFBQADggEBALFtYV2mGn98q0rkMPxTbyUkxsrt4jFcKw7u 7mFVbwQ+zznexRtJlOTrIEy05p5QLnLZjfWqo7NK2lYcYJeA3IKirUq9iiv/Cwm0 xtcgBEXkzYABurorbs6q15L+5K/r9CYdFip/bDCVNy8zEqx/3cfREYxRmLLQo5HQ rfafnoOTHh1CuEava2bwm3/q4wMC5QJRwarVNZ1yQAOJujEdxRBoUp7fooXFXAim eOZTT7Hot9MUnpOmw2TjrH5xzbyf6QMbzPvprDHBr3wVdAKZw7JHpsIyYdfHb0gk USeh1YdV8nuPmD0Wnu51tvjQjvLzxq4oW6fw8zYX/MMF08oDSlQ= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMjAx MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlm aWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqflo I+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng o4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G A1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB zzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICMjCCAbegAwIBAgIQYUpJ6aqH9NWaPuIusq1bNzAKBggqhkjOPQQDAzBaMQsw CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTEwLwYDVQQDEyhT ZWN0aWdvIFB1YmxpYyBEb2N1bWVudCBTaWduaW5nIFJvb3QgRTQ2MB4XDTIxMDMy MjAwMDAwMFoXDTQ2MDMyMTIzNTk1OVowWjELMAkGA1UEBhMCR0IxGDAWBgNVBAoT D1NlY3RpZ28gTGltaXRlZDExMC8GA1UEAxMoU2VjdGlnbyBQdWJsaWMgRG9jdW1l bnQgU2lnbmluZyBSb290IEU0NjB2MBAGByqGSM49AgEGBSuBBAAiA2IABKiuwyAM 8izi5033qr0xDn7iXKFD1NLEV6rAH+S6QRhY7JLurmABBptfkPOB+b6aapMQ8RPX 3FqFt1QO5Y1tCSeuPS1uk+aLUL2IMqrfHkeXmPNKWwGe9gtl+iPgBuKwBKNCMEAw HQYDVR0OBBYEFIjTI5HUyTL7aCzd/q+HY54/MUdoMA4GA1UdDwEB/wQEAwIBhjAP BgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2kAMGYCMQDcF0HTJd8NlKjYxoLC BKT24EMgD+tPsU8szaO7Qfq5WhUoumyPLtlKczHHYUt8sakCMQCcqvN2n/G1Vcb6 qq7BtFnGjDFEZB8P4A70bYBbtP4rwMlTCTvF6cF6Z4Rc/k8cIUU= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFgTCCA2mgAwIBAgIRAPp8vuqLl6II0CumlEkEWJ8wDQYJKoZIhvcNAQEMBQAw WjELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDExMC8GA1UE AxMoU2VjdGlnbyBQdWJsaWMgRG9jdW1lbnQgU2lnbmluZyBSb290IFI0NjAeFw0y MTAzMjIwMDAwMDBaFw00NjAzMjEyMzU5NTlaMFoxCzAJBgNVBAYTAkdCMRgwFgYD VQQKEw9TZWN0aWdvIExpbWl0ZWQxMTAvBgNVBAMTKFNlY3RpZ28gUHVibGljIERv Y3VtZW50IFNpZ25pbmcgUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw ggIKAoICAQDlIUEdMIkysPnt6TfleH87uVXDoqkeUirhhx2Trzi9yfqV3/mYAwF4 YKnB+irckOPrAnqG675f32NXPWp8stzyb07DWc5+CQcBPalL2kywA8AlvpXDmT5V K/sWGRIBYVe8J5cyDSgf26jiqirYzkQuJkeZH0EIa109jFKQuYi/woN9wV9u83bJ EaCyRXCPHg64sntomsexRoxmGdG+BBuKUIrfsYIkMJYIFhVTnRBFM7OI4oudrYoK i14Q/+A4hdQp2QJa5mh2le8yDm3b/VhRLlDnEtuaaZ0iQ2zwKCFgsQF+60lw/QvX OgenHlFvuAF+cc8EW0/d0uJUaM9N0THvRmsXxpTGBMpw499BlmqNx26+MgcjbKQD SHk75Wu2cdN9ZQxuqd7WNnKeaF6I9Np/ILGShHH1gF4dVu2pAoZ5hXZuSko5rJeB dJSGyS9JiU9850L0WSAPLd3hmEdlo3qbsVxMYAyHId4zGrq/i/AOtPeqvJgyVX5R 9Uz/sJYj9AEiM+BWn5YWS+T3Kbrz6BcK6BV6Nu4HhCa0mQVZNX6olPRO2uHoLt5t BSqF4uQfNZLfmHrXItRQpD1VTXmDwcz35RIfvuElDB5Gc6ZADEvhzwtFOfqObxxe GuFSJ7gKCmXRCwkC8gwQC81LhV8VSMkCeETSh97nUaLE+ygENhAztwIDAQABo0Iw QDAdBgNVHQ4EFgQUsTh5urRikU6LxEsVH8XP78Ogp/cwDgYDVR0PAQH/BAQDAgGG MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAKnbmbZQgtZri1GI 3Q4K+Tea4S0K++c8RmSpvAWkwl26taGBFg723rpO5m8WvEqz16Errk8WZ1aw7h4b U7Ld4NcAsfo/+w9NVepOatmrtCsQWFeR1VVnK6tdx6X5IqV7jV9ylTKfIueRhc4E fewz9Py4o0Cyaskic1943pTyo+YyTj32Ra7A2naE/rz+tgLgT5foap2Y8ouGg8qx 9sFArX/7T7uqmVMGbfxFv3KmNUNzKvgkiW3vPUGeeJIjIO2G+i92tRxON7PNlydW WfKREM1f5CLTpj/xtaRS8hMUHphE5DYnLioIfeIKIJjztsxMO07+bbQFD1wiABpr V0FENcwsGu8SQ93dPPm17++zHEXdwKZ/1/t5Jiuf7PgJyZ0q07aBXEgShye4cUfL YUI3uEYKudw8MV/sRlFkSOIpgamnIsuO7rwhB+9HD5+Hp20CofxZtu2L+KSatV6l csaOljeMPDwXaKveUptkr93knja31gfaczlhhr54pQckph+CZk/MVTkuSb5Nyyvn fOyiFNYe4AWRkPGBC0pOe8wCX2afGAHkU6P1GMHZVfgee2NHk0m9cn5v3FCTkUa7 WiRB+a6jBLQec7noRg/9/qLZu36ZYMof2J7unVwoecZkMRoqSSIKAOPaYNyGlmNr 6ERdEctVuyQV+q+ezyL8ChSqfiVD -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICMTCCAbegAwIBAgIQbvXTp0GOoFlApzBr0kBlVjAKBggqhkjOPQQDAzBaMQsw CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTEwLwYDVQQDEyhT ZWN0aWdvIFB1YmxpYyBFbWFpbCBQcm90ZWN0aW9uIFJvb3QgRTQ2MB4XDTIxMDMy MjAwMDAwMFoXDTQ2MDMyMTIzNTk1OVowWjELMAkGA1UEBhMCR0IxGDAWBgNVBAoT D1NlY3RpZ28gTGltaXRlZDExMC8GA1UEAxMoU2VjdGlnbyBQdWJsaWMgRW1haWwg UHJvdGVjdGlvbiBSb290IEU0NjB2MBAGByqGSM49AgEGBSuBBAAiA2IABLinUpT1 PgWwG/YfsdN+ueQFZlSAzmylaH3kU1LbgvrEht9DePfIrRa8P3gyy2vTSdZE5bN+ n3umxizy4rbTibCaPEvOiUvGxss6SWAPRrxtTnqcyZuFewq2sEfCiOPU0aNCMEAw HQYDVR0OBBYEFC1OjKfCI7JXqQZrPmsrifPDXkfOMA4GA1UdDwEB/wQEAwIBhjAP BgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMQCSnRpZY0VYjhsW5H16 bDZIMB8rcueQMzT9JKLGBoxvOzJXWvj+xkkSU5rZELKZUXICMAUlKjMh/JPmIqLM cFUoNVaiB8QhhCMaTEyZUJmSFMtK3Fb79dOPaiz1cTr4izsDng== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFgDCCA2igAwIBAgIQHUSeuQ2DkXSu3fLriLemozANBgkqhkiG9w0BAQwFADBa MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTEwLwYDVQQD EyhTZWN0aWdvIFB1YmxpYyBFbWFpbCBQcm90ZWN0aW9uIFJvb3QgUjQ2MB4XDTIx MDMyMjAwMDAwMFoXDTQ2MDMyMTIzNTk1OVowWjELMAkGA1UEBhMCR0IxGDAWBgNV BAoTD1NlY3RpZ28gTGltaXRlZDExMC8GA1UEAxMoU2VjdGlnbyBQdWJsaWMgRW1h aWwgUHJvdGVjdGlvbiBSb290IFI0NjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC AgoCggIBAJHlG/qqbTcrdccuXxSl2yyXtixGj2nZ7JYt8x1avtMdI+ZoCf9KEXMa rmefdprS5+y42V8r+SZWUa92nan8F+8yCtAjPLosT0eD7J0FaEJeBuDV6CtoSJey +vOkcTV9NJsXi39NDdvcTwVMlGK/NfovyKccZtlxX+XmWlXKq/S4dxlFUEVOSqvb nmbBGbc3QshWpUAS+TPoOEU6xoSjAo4vJLDDQYUHSZzP3NHyJm/tMxwzZypFN9mF ZSIasbUQUglrA8YfcD2RxH2QPe1m+JD/JeDtkqKLMSmtnBJmeGOdV+z7C96O3IvL Oql39Lrl7DiMi+YTZqdpWMOCGhrN8Z/YU5JOSX2pRefxQyFatz5AzWOJz9m/x1AL 4bzniJatntQX2l3P4JH9phDUuQOBm2ms+4SogTXrG+tobHxgPsPfybSudB1Ird1u EYbhKmo2Fq7IzrzbWPxAk0DYjlOXwqwiOOWIMbMuoe/s4EIN6v+TVkoGpJtMAmhk j1ZQwYEF/cvbxdcV8mu1dsOj+TLOyrVKqRt9Gdx/x2p+ley2uI39lUqcoytti/Fw 5UcrAFzkuZ7U+NlYKdDL4ChibK6cYuLMvDaTQfXv/kZilbBXSnQsR1Ipnd2ioU9C wpLOLVBSXowKoffYncX4/TaHTlf9aKFfmYMc8LXd6JLTZUBVypaFAgMBAAGjQjBA MB0GA1UdDgQWBBSn15V360rDJ82TvjdMJoQhFH1dmDAOBgNVHQ8BAf8EBAMCAYYw DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQwFAAOCAgEANNLxFfOTAdRyi/Cr CB8TPHO0sKvoeNlsupqvJuwQgOUNUzHd4/qMUSIkMze4GH46+ljoNOWM4KEfCUHS Nz/Mywk1Qojp/BHXz0KqpHC2ccFTvcV0r8QiJGPPYoJ9yctRwYiQbVtcvvuZqLq2 hrDpZgvlG2uv6iuGp9+oI0yWP09XQhgVg0Pxhia3KgPOC53opWgejG+9heMbUY/n Fy8r0NZ4wi3dcojUZZ76mdR+55cKkgGapamEOgwqdD0zGMiH9+ik9YZCOf1rdSn8 AAasoqUaVI7pUEkXZq9LBC2blIClVKuMVxdEnw/WaGRytEseAcfZm5TZg5mvEgUR o5gi0vJXyiT5ujgVEki6Yzv8i5V41nIHVszN/J0c0MVkO2M0zwSZircweXq28sbV 2VR6hwt+TveE7BTziBYS8dWuChoJ7oat5av9rsMpeXTDAV8Rm991mcZK95uPbEns IS+0AlmzLdBykLoLFHR4S8/BX1VyjlQrE876WAzTuyzZqZFh+PjxtnvevKnMkgTM S2tfc4C2Ie1QT9d2h27O39K3vWKhfVhiaEVStj/eEtvtBGmedoiqAW3ahsdgG8NS rDfsUHGAciohRQpTRzwZ643SWQTeJbDrHzVvYH3Xtca7CyeN4E1U5c8dJgFuOzXI IBKJg/DS7Vg7NJ27MfUy/THzVho= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICOjCCAcGgAwIBAgIQQvLM2htpN0RfFf51KBC49DAKBggqhkjOPQQDAzBfMQsw CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1T ZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcN MjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEYMBYG A1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBT ZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA IgNiAAR2+pmpbiDt+dd34wc7qNs9Xzjoq1WmVk/WSOrsfy2qw7LFeeyZYX8QeccC WvkEN/U0NSt3zn8gj1KjAIns1aeibVvjS5KToID1AZTc8GgHHs3u/iVStSBDHBv+ 6xnOQ6OjQjBAMB0GA1UdDgQWBBTRItpMWfFLXyY4qp3W7usNw/upYTAOBgNVHQ8B Af8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjAn7qRa qCG76UeXlImldCBteU/IvZNeWBj7LRoAasm4PdCkT0RHlAFWovgzJQxC36oCMB3q 4S6ILuH5px0CMk7yn2xVdOOurvulGu7t0vzCAxHrRVxgED1cf5kDW21USAGKcw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFijCCA3KgAwIBAgIQdY39i658BwD6qSWn4cetFDANBgkqhkiG9w0BAQwFADBf MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQD Ey1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYw HhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEY MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1Ymxp YyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB AQUAA4ICDwAwggIKAoICAQCTvtU2UnXYASOgHEdCSe5jtrch/cSV1UgrJnwUUxDa ef0rty2k1Cz66jLdScK5vQ9IPXtamFSvnl0xdE8H/FAh3aTPaE8bEmNtJZlMKpnz SDBh+oF8HqcIStw+KxwfGExxqjWMrfhu6DtK2eWUAtaJhBOqbchPM8xQljeSM9xf iOefVNlI8JhD1mb9nxc4Q8UBUQvX4yMPFF1bFOdLvt30yNoDN9HWOaEhUTCDsG3X ME6WW5HwcCSrv0WBZEMNvSE6Lzzpng3LILVCJ8zab5vuZDCQOc2TZYEhMbUjUDM3 IuM47fgxMMxF/mL50V0yeUKH32rMVhlATc6qu/m1dkmU8Sf4kaWD5QazYw6A3OAS VYCmO2a0OYctyPDQ0RTp5A1NDvZdV3LFOxxHVp3i1fuBYYzMTYCQNFu31xR13NgE SJ/AwSiItOkcyqex8Va3e0lMWeUgFaiEAin6OJRpmkkGj80feRQXEgyDet4fsZfu +Zd4KKTIRJLpfSYFplhym3kT2BFfrsU4YjRosoYwjviQYZ4ybPUHNs2iTG7sijbt 8uaZFURww3y8nDnAtOFr94MlI1fZEoDlSfB1D++N6xybVCi0ITz8fAr/73trdf+L HaAZBav6+CuBQug4urv7qv094PPK306Xlynt8xhW6aWWrL3DkJiy4Pmi1KZHQ3xt zwIDAQABo0IwQDAdBgNVHQ4EFgQUVnNYZJX5khqwEioEYnmhQBWIIUkwDgYDVR0P AQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAC9c mTz8Bl6MlC5w6tIyMY208FHVvArzZJ8HXtXBc2hkeqK5Duj5XYUtqDdFqij0lgVQ YKlJfp/imTYpE0RHap1VIDzYm/EDMrraQKFz6oOht0SmDpkBm+S8f74TlH7Kph52 gDY9hAaLMyZlbcp+nv4fjFg4exqDsQ+8FxG75gbMY/qB8oFM2gsQa6H61SilzwZA Fv97fRheORKkU55+MkIQpiGRqRxOF3yEvJ+M0ejf5lG5Nkc/kLnHvALcWxxPDkjB JYOcCj+esQMzEhonrPcibCTRAUH4WAP+JWgiH5paPHxsnnVI84HxZmduTILA7rpX DhjvLpr3Etiga+kFpaHpaPi8TD8SHkXoUsCjvxInebnMMTzD9joiFgOgyY9mpFui TdaBJQbpdqQACj7LzTWb4OE4y2BThihCQRxEV+ioratF4yUQvNs+ZUH7G6aXD+u5 dHn5HrwdVw1Hr8Mvn4dGp+smWg9WY7ViYG4A++MnESLn/pmPNPW56MORcr3Ywx65 LvKRRFHQV80MNNVIIb/bE/FmJUNS0nAiNs2fxBx1IK1jcmMGDw4nztJqDby1ORrp 0XZ60Vzk50lJLVU3aPAaOpg+VBeHVOmmJ1CJeyAvP/+/oYtKR5j/K3tJPsMpRmAY QqszKbrAKbkTidOIijlBO8n9pu0f9GBj39ItVQGL -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICKzCCAbGgAwIBAgIQVWKmxZS9D8nZwdZJtffjFTAKBggqhkjOPQQDAzBXMQsw CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMS4wLAYDVQQDEyVT ZWN0aWdvIFB1YmxpYyBUaW1lIFN0YW1waW5nIFJvb3QgRTQ2MB4XDTIxMDMyMjAw MDAwMFoXDTQ2MDMyMTIzNTk1OVowVzELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1Nl Y3RpZ28gTGltaXRlZDEuMCwGA1UEAxMlU2VjdGlnbyBQdWJsaWMgVGltZSBTdGFt cGluZyBSb290IEU0NjB2MBAGByqGSM49AgEGBSuBBAAiA2IABNyiD7Sl1t4p03wW ByX1PBd702QZC2WxghlJwr4YXAfE48F84LhBns77yP5KSCqZo+dtvK7/MhSh4k5I CLdCR2JwDQbN28S1ypkwT0e4hXM0etMtOotYSlxf8N3ClyGjt6NCMEAwHQYDVR0O BBYEFMxHPqoV3ZI2JS+wAd/PbkXBXd8qMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMB Af8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMECx3XLh2pJo9kD1/Cukj9yf5Uml MuxgVfxVVvUlYGGz3v4sOgSRDHvy6mzE2WsaVAIxAI4DpnVIJ0Yr/nI9+bExuc8l lPov4BAdnS880mtVlyBYc/s7+vZpK+XBTnzXXeZgOw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFejCCA2KgAwIBAgIQeD0FbPqDLn5p+FYidp8CuTANBgkqhkiG9w0BAQwFADBX MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMS4wLAYDVQQD EyVTZWN0aWdvIFB1YmxpYyBUaW1lIFN0YW1waW5nIFJvb3QgUjQ2MB4XDTIxMDMy MjAwMDAwMFoXDTQ2MDMyMTIzNTk1OVowVzELMAkGA1UEBhMCR0IxGDAWBgNVBAoT D1NlY3RpZ28gTGltaXRlZDEuMCwGA1UEAxMlU2VjdGlnbyBQdWJsaWMgVGltZSBT dGFtcGluZyBSb290IFI0NjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB AIid2LlFZ50d3ei5JoGaVFTAfEkFm8xaFQ/ZlBBEtEFAgXcUmanU5HYsyAhTXiDQ kiUvpVdYqZ1uYoZEMgtHES1l1Cc6HaqZzEbOOp6YiTx63ywTon434aXVydmhx7Dx 4IBrAou7hNGsKioIBPy5GMN7KmgYmuu4f92sKKjbxqohUSfjk1mJlAjthgF7Hjx4 vvyVDQGsd5KarLW5d73E3ThobSkob2SL48LpUR/O627pDchxll+bTSv1gASn/hp6 IuHJorEu6EopoB1CNFp/+HpTXeNARXUmdRMKbnXWflq+/g36NJXB35ZvxQw6zid6 1qmrlD/IbKJA6COw/8lFSPQwBP1ityZdwuCysCKZ9ZjczMqbUcLFyq6KdOpuzVDR 3ZUwxDKL1wCAxgL2Mpz7eZbrb/JWXiOcNzDpQsmwGQ6Stw8tTCqPumhLRPb7YkzM 8/6NnWH3T9ClmcGSF22LEyJYNWCHrQqYubNeKolzqUbCqhSqmr/UdUeb49zYHr7A LL8bAJyPDmubNqMtuaobKASBqP84uhqcRY/pjnYd+V5/dcu9ieERjiRKKsxCG1t6 tG9oj7liwPddXEcYGOUiWLm742st50jGwTzxbMpepmOP1mLnJskvZaN5e45NuzAH teORlsSuDt5t4BBRCJL+5EZnnw0ezntk9R8QJyAkL6/bAgMBAAGjQjBAMB0GA1Ud DgQWBBT2d2rdP/0BE/8WoWyCAi/QCj0UJTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0T AQH/BAUwAwEB/zANBgkqhkiG9w0BAQwFAAOCAgEACv68sZqZvmHk7JoU7AfTEZ7b X45u40OrLX/6vzHQAwDg1TB00bWbiwj+7+we60BP8AMsw1h5NCXWxeyvrEVC54Mi rwVrcF6SFGjRwRoelRuiaZ5FDO4oWhaePjZx3/jkQ7j653CA5WscYqlneLXBEZiY o6rRNqnsZHZTQ606mlkNpsy3TFMADv5whZmilVEZ83OvydfH2DNL3FTkpZG7+lHS 1DFHMSUB5UtSSeSRg2UWTXwU5oObGjFk/35fC/dlF+nJIXdqsw0TZSS86bi5GRCJ VjqjnkpZ0Jut7ucEv4PNOIU8ijkMRj17QPjHMtdy+WxBDDSdas/UFTVB/GF+Fofn OD3iZ4tXxFjPU3EWRcMWx8fcGyzlBfcjeoPNbNC7wfyV9Qkzfk2Bd48jGxG7OThY Wolc56vmBHqDEfguDwYc9AeWirMVRDi+WYlsktzAEObiFoPqs+LWU5q7+Q1+nEcs tNuDIedeBRcHmtjL2hV3luuEWwDSnRhSjhPLPXzqpJ1rG3r4yqm1NjKg5A5QO9Az veHqRQldluTSKuu96oPEPusL2oF+4MxkJ+SQMGFWTw/PNCblUN8GXeL5+mR20diP 5LiJMq8U3IpM/0Q7OFFQ+lXuYFIuDvUprWBPsp5La2WhL2+iLVVXItSl7up5yQqX XftzTXTX48FRiJ6PA9o= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFWjCCA0KgAwIBAgIQT9Irj/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBH MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBF eHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwHhcNMTUwMzEzMDAwMDAwWhcNMzgxMjMx MDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNV BAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIiMA0GCSqGSIb3DQEB AQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrsiWog D4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvS sPGP2KxFRv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aop O2z6+I9tTcg1367r3CTueUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dk sHYf5BA1FxvyDrFspCqjc/wJHx4yGVMR59mzLC52LqGj3n5qiAno8geK+LLNEOfi c0CTuwjRP+H8C5SzJe98ptfRr5//lpr1kXuYC3fUfugH0mK1lTnj8/FtDw5lhIpj VMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhTA8ykADNkUVkLo4KRel7sFsLz KuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fVUbGAIAEBtHoIppB/ TuDvB0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfblLkWU41G sx2VYVdWf6/wFlthWG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs 1+lvK9JKBZP8nm9rZ/+I8U6laUpSNwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQD fwIDAQABo0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS3H5aBZ8eNJr34RQwDwYDVR0T AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBADaN l8xCFWQpN5smLNb7rhVpLGsaGvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAUR ap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZLcpHIojG5qtr8nR/zXUACE/xOHAbKsxSQ VBcZEhrxH9cMaVr2cXj0lH2RC47skFSOvG+hTKv8dGT9cZr4QQehzZHkPJrgmzI5 c6sq1WnIeJEmMX3ixzDx/BR4dxIOE/TdFpS/S2d7cFOFyrC78zhNLJA5wA3CXWvp 4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb+7lsq+KePRXBOy5nAliRn+/4Qh8s t2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOWF3sGPjLtx7dCvHaj 2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwiGpWO vpaQXUJXxPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2C xR9GUeOcGMyNm43sSet1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmx cmtpzyKEC2IPrNkZAJSidjzULZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbM fjKaiJUINlK73nZfdklJrX+9ZSCyycErdhh2n1ax -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFRjCCAy6gAwIBAgIQXd+x2lqj7V2+WmUgZQOQ7zANBgkqhkiG9w0BAQsFADA9 MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBH bG9iYWwgRzIgUm9vdDAeFw0xNjAzMTEwMDAwMDBaFw00MDEyMzEwMDAwMDBaMD0x CzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlUcnVzdDEbMBkGA1UEAwwSVUNBIEds b2JhbCBHMiBSb290MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxeYr b3zvJgUno4Ek2m/LAfmZmqkywiKHYUGRO8vDaBsGxUypK8FnFyIdK+35KYmToni9 kmugow2ifsqTs6bRjDXVdfkX9s9FxeV67HeToI8jrg4aA3++1NDtLnurRiNb/yzm VHqUwCoV8MmNsHo7JOHXaOIxPAYzRrZUEaalLyJUKlgNAQLx+hVRZ2zA+te2G3/R VogvGjqNO7uCEeBHANBSh6v7hn4PJGtAnTRnvI3HLYZveT6OqTwXS3+wmeOwcWDc C/Vkw85DvG1xudLeJ1uK6NjGruFZfc8oLTW4lVYa8bJYS7cSN8h8s+1LgOGN+jIj tm+3SJUIsUROhYw6AlQgL9+/V087OpAh18EmNVQg7Mc/R+zvWr9LesGtOxdQXGLY D0tK3Cv6brxzks3sx1DoQZbXqX5t2Okdj4q1uViSukqSKwxW/YDrCPBeKW4bHAyv j5OJrdu9o54hyokZ7N+1wxrrFv54NkzWbtA+FxyQF2smuvt6L78RHBgOLXMDj6Dl NaBa4kx1HXHhOThTeEDMg5PXCp6dW4+K5OXgSORIskfNTip1KnvyIvbJvgmRlld6 iIis7nCs+dwp4wwcOxJORNanTrAmyPPZGpeRaOrvjUYG0lZFWJo8DA+DuAUlwznP O6Q0ibd5Ei9Hxeepl2n8pndntd978XplFeRhVmUCAwEAAaNCMEAwDgYDVR0PAQH/ BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIHEjMz15DD/pQwIX4wV ZyF0Ad/fMA0GCSqGSIb3DQEBCwUAA4ICAQATZSL1jiutROTL/7lo5sOASD0Ee/oj L3rtNtqyzm325p7lX1iPyzcyochltq44PTUbPrw7tgTQvPlJ9Zv3hcU2tsu8+Mg5 1eRfB70VVJd0ysrtT7q6ZHafgbiERUlMjW+i67HM0cOU2kTC5uLqGOiiHycFutfl 1qnN3e92mI0ADs0b+gO3joBYDic/UvuUospeZcnWhNq5NXHzJsBPd+aBJ9J3O5oU b3n09tDh05S60FdRvScFDcH9yBIw7m+NESsIndTUv4BFFJqIRNow6rSn4+7vW4LV PtateJLbXDzz2K36uGt/xDYotgIVilQsnLAXc47QN6MUPJiVAAwpBVueSUmxX8fj y88nZY41F7dXyDDZQVu5FLbowg+UMaeUmMxq67XhJ/UQqAHojhJi6IjMtX9Gl8Cb EGY4GjZGXyJoPd/JxhMnq1MGrKI8hgZlb7F+sSlEmqO6SWkoaY/X5V+tBIZkbxqg DMUIYs6Ao9Dz7GjevjPHF1t/gMRMTLGmhIrDO7gJzRSBuhjjVFc2/tsvfEehOjPI +Vg7RE+xygKJBJYoaMVLuCaJu9YzL1DV/pqJuhgyklTGW+Cd+V7lDSKb9triyCGy YiGqhkCyLmTTX8jjfhFnRR8F/uOi77Oos/N9j/gMHyIfLXC0uAE0djAA5SN4p1bX UB+K+wb1whnw0A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEijCCAvKgAwIBAgINAJCud3YAAAAAVx3QbzANBgkqhkiG9w0BAQsFADBcMQsw CQYDVQQGEwJTSTEcMBoGA1UEChMTUmVwdWJsaWthIFNsb3ZlbmlqYTEXMBUGA1UE YRMOVkFUU0ktMTc2NTk5NTcxFjAUBgNVBAMTDVNJLVRSVVNUIFJvb3QwHhcNMTYw NDI1MDczODE3WhcNMzcxMjI1MDgwODE3WjBcMQswCQYDVQQGEwJTSTEcMBoGA1UE ChMTUmVwdWJsaWthIFNsb3ZlbmlqYTEXMBUGA1UEYRMOVkFUU0ktMTc2NTk5NTcx FjAUBgNVBAMTDVNJLVRSVVNUIFJvb3QwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAw ggGKAoIBgQDTy5wtwuAwQ2UxJP9LsDjZqVPXNdHbt0uTtHKN8cuV0lMrdJsymqQv PgIG3a9wFaGqzxGHimZ7y8wdcERcj6zK5sNbJ7SNo44Qv25UdAhwiiPoysd0xGaR IN1L6KWEdaWYlYKLG+EgJAdGqwxlNkBni3XuqdmRKRvtby1FwtbiYAGx8045Kztv P4W+CPZTK3uiyUWhRIGAZppgOhvEvgzMMBB/ETY4SuaboZZTnJTMEcYETKJVS/+A 4a+MHDX8uZM33/ldPdzrDSdsRMlZZitWb/8EG/f1acNdwxj+vafZZC+in2DZcmw9 PHXyJSeYLjq4yd1Ndb2rsCJhWAE3KKYgnS5gXPuQvEZDuP5t2MBmIiRrNHgi5bni WOlIOO5MvQF7bj5A6tHCCkKTZ8MmLz8HW8+v4x3oOuJl4YSRP/VmAP2qM0ZC7BY+ 0hNlLw4JU/bkKnUUnBkzFppF4dtXz8841Kf37VhD5A6YXMTgMT+UpG9LSqLVSo0m qR1kJQg1DecCAwEAAaNLMEkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC AQYwEwYDVR0jBAwwCoAITKPDaF4IAmMwEQYDVR0OBAoECEyjw2heCAJjMA0GCSqG SIb3DQEBCwUAA4IBgQAmI4W7XUEZbpKDiu4BiwQ1GX+rj9zWM8H5eZZeI/Xwzt3q 22E7Wq/dWOlCiUDv+dlnEX9N8e3pEXuxQQ/tpNIWtu/B/Yv2ESss7/wHBkYMzwIL 7Tvejwm5M6smgFREQmXX56/NUA7KyIihEpwqlTs+VDxIc/Z8eNSb/5P3ReQphGP8 +n4a51zgclewL3gdMMYT/YhfsWWI2l6XE4F7/h7Pe79XMMFwkkOmmfBVn5jFI0K9 dBwxjhKl2UVqKlrIWM291t0+NQsZfwMczgcPh0WTFaFrvTQc4N711LjlkRxLBbUn JrzP0QmYFsbh8VVLOntt3sZntsE3LZ+ojlnHt6bF798W4u3esrfzojakKDI6CpTL P17+blntujayk9bGwxn+9Zl460dH5a1Ceuy8e8kuQU5NDwQOikszh9zxdnxaGIyc ChLXorPChYeubTFQYjIhoGgWX5Q1dFUp0nGBCErh112qVAGzG3xZrr6sDMq4QGRn W53qBgYR1tAwcx7jvCs= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1 MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1 czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYG CSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIwMTAxMDMwMTAxMDMwWhgPMjAzMDEy MTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNl ZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBS b290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUy euuOF0+W2Ap7kaJjbMeMTC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvO bntl8jixwKIy72KyaOBhU8E2lf/slLo2rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIw WFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw93X2PaRka9ZP585ArQ/d MtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtNP2MbRMNE 1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYD VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/ zQas8fElyalL1BSZMEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYB BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEF BQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+RjxY6hUFaTlrg4wCQiZrxTFGGV v9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqMlIpPnTX/dqQG E5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIW iAYLtqZLICjU3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/v GVCJYMzpJJUPwssd8m92kMfMdcGWxZ0= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICQDCCAcagAwIBAgIQdvhIHq7wPHAf4D8lVAGD1TAKBggqhkjOPQQDAzBRMQsw CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSgwJgYDVQQDDB9T U0wuY29tIENsaWVudCBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzAzMloX DTQ2MDgxOTE2MzAzMVowUTELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jw b3JhdGlvbjEoMCYGA1UEAwwfU1NMLmNvbSBDbGllbnQgRUNDIFJvb3QgQ0EgMjAy MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABC1Tfp+LPrM2ulDizOvcuiaK04wGP2cP 7/UX5dSumkYqQQEHaedncfHCAzbG8CtSjs8UkmikPnBREmmNeKKCyikUwOSUIrJE kmBvyASkZ9Wi0PPQ1+qOPA+60kBHkDTufaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAf BgNVHSMEGDAWgBS3/i1ixYFTzVIaL11goMNd+7IcHDAdBgNVHQ4EFgQUt/4tYsWB U81SGi9dYKDDXfuyHBwwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2gAMGUC ME0HES0R+7kmwyHdcuEX/MHPFOpJznGHjtZT3BHNXVSKr9kt9IxR6rxmR+J/lYNg ZQIxAIwhTE+75bBQ35BiSebMkdv4P11xkQiOT5LJf6Zc6hN+7W3E6MMqb1wR4aXz alqaTQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFjzCCA3egAwIBAgIQdq/uiJMVRbZQU5uAnKTfmjANBgkqhkiG9w0BAQsFADBR MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSgwJgYDVQQD DB9TU0wuY29tIENsaWVudCBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzEw N1oXDTQ2MDgxOTE2MzEwNlowUTELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBD b3Jwb3JhdGlvbjEoMCYGA1UEAwwfU1NMLmNvbSBDbGllbnQgUlNBIFJvb3QgQ0Eg MjAyMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALhY20Yw+8k/48jw ATM04tpIqBjpIG6a1wHh1SmPMLQjauTLYrC+4p8gvT5UoDlox4Y3ZnQGBu90K9rc n4SpUi+Q0u5+fPulIq1vcEZnlj0p1KO7VnsUBFnBIWNEHrIfElyQh2UNiPYeiCLi Y1S78zb41n/c2v8pNanGbg5pWz/YvoKHFXBdsMdcEg9jpjjNz3O5ww6JJjcbP2Ic MmnRm9n/VZAx3rFj3c/FdHf874ghU78AMRomLAAwpV9s4+T2AIrKmIecdAN6i2bs fv2jjzUlXHils6T7PW2pivBsiIKL/UrQb+TXo7SONEk4vs5F5dIcyl7CNxSLzWZW Mzed5WvsQ5JkoELadW/AFez5ab00uYp7+hb7Vf5SIOgEBFZWZfU3RJjIikbpt6y4 6L5ijlQ2W/c7cL9d7i26X95CGYbwf4vrCMvYvuoOQkKgNnNXF+0y6tCN6Acbm5no xJpiBA5I9zwSuvdYwZqM6cewIzZWNB3LbNq6B4Qd/dGsn+bCie/DuWwYs2mHV1+1 DDhbpyEkKjunNJGetFTqKE/TwaOL5OYr1fKdv5thACLd1ktEHz9dVv7enHjMmVuq 5L2620NLrUwmTKNNNIpsdDYT22L8m7IFgf+uPwzN9hui9DnnyvVMXPtUdzWAWsAS oRMBM2c9nYGhqfWFJFiIeOf042hVAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8w HwYDVR0jBBgwFoAU8DhClDSpPAB/Uu45pfdLDbxqfSMwHQYDVR0OBBYEFPA4QpQ0 qTwAf1LuOaX3Sw28an0jMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOC AgEAmU/b8OrWEfoq/cirbeQOc2LSQp8V/nxwUj9kh4IxP0VALuEinwZmKfyW0y2N tjjH2fMnwVkpoIz2cyQPKCLXTmHdE93bnzJSk/tPzOo4PJhqA6sWryHRQq59RSvq xM+KWZ+CcHY6+GImyRCXWEAkpC25LymAJ+GJa3LKSQhxN1MF8YDO00IC0vzC0ZQG 7gfi9oPif5/nu1bDW7/dlZMJHiTBzybNraSuwrRp56q17TeU6d3RY4VrmnpKVnbc GYUo1OTGpNi4lkF30LRZ8UYFh4cCH2m5ghjQQ9km2hpnqNZ1durybQ5C/4gmom6E /n5iG/DGPe3AHGrHkda4ADdJm7mEBaHNbjHWROpTi7pTmB2hkIrphfgb8pNYw8jc miZPPiDPT0PzEIx/EGF6NsqqC33Mn0dEWa6llcaZU+MHaz1JELAY/10OhUMUS+dr 00q1smBh3GlJAiNd6JJxw5yfRWd5HtwyhrqqVTxkbzK1EEAV3nJAeOBucLtu6wno OdmsupJ13UPKugGVrRqBKzrw48UvDBhNEMauwO3+BVJ/GQXLqa81CAw4IuT+VuVT Pr/k1rPZCMM91TMygSTFqeFlEbgyMzBxGEkdGkXGmhSKWDkobvPLUblJJmR4A8eR EYOpuZA0tm+qBZ6FKFeZvn8nBkliTaH8CeErRglMFJtWj0U= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICSzCCAdKgAwIBAgIQbo7kWxBMyQx+tNiIj+XsZDAKBggqhkjOPQQDAzBXMQsw CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMS4wLAYDVQQDDCVT U0wuY29tIENvZGUgU2lnbmluZyBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2 MzEzNVoXDTQ2MDgxOTE2MzEzNFowVzELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NT TCBDb3Jwb3JhdGlvbjEuMCwGA1UEAwwlU1NMLmNvbSBDb2RlIFNpZ25pbmcgRUND IFJvb3QgQ0EgMjAyMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABHbIrNTWlZJ8FzLl y2tB+Sm7seuidrU22GxLjeU+SlcmJsefO19GZidRwCxjHHTdrDnTbz0OlL6+KzCS zqJCVg1Q1KQscfQnYduggT/VTVYWtcwcN8szNBFoxzx7DemUzaNjMGEwDwYDVR0T AQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRYXhbDLbPm6qNJs6W+1t6ueZVrjTAdBgNV HQ4EFgQUWF4Wwy2z5uqjSbOlvtbernmVa40wDgYDVR0PAQH/BAQDAgGGMAoGCCqG SM49BAMDA2cAMGQCMFOMczFOgFy3njsPCFgTvtlA9vG/ffeZoOvMgAANqnA27TYj e0G4FBVWdtOW4xWFZAIwJOT2+L0Tbjq3P9y/zXjfJoBXEq9oZ0//8iuxoqGZtMOT G456y3y/FI7r6rj+4QNf -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFmzCCA4OgAwIBAgIQEJfEnIwlQyi7pui5m6tPoTANBgkqhkiG9w0BAQsFADBX MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMS4wLAYDVQQD DCVTU0wuY29tIENvZGUgU2lnbmluZyBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgy NTE2MzIwOFoXDTQ2MDgxOTE2MzIwN1owVzELMAkGA1UEBhMCVVMxGDAWBgNVBAoM D1NTTCBDb3Jwb3JhdGlvbjEuMCwGA1UEAwwlU1NMLmNvbSBDb2RlIFNpZ25pbmcg UlNBIFJvb3QgQ0EgMjAyMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB AIx1IMiM3E6RUQa1W+9Fu9n+YOtKk4fs/5ePYJOecWFA6u9Ly5JY2GsW3N4tiPLz 0wSWwCVnIeUd259SgfYAK2aQ8aweqE9hJN12LwPHNcg2rIFTYCLAUZKZ7+gmLplU zQmPX1w88KvnO7OnqwbGMZe+TO30BoExgktQELWgEXncWMvA5R6zwW9IXK2XCrMe rC5X2L2+OFBE4zP918G1v6JO+3i0OziYKOlWLVSAi2t+HeOVhqeeF1RGW17/n+Zr NYpRpaZ7XAoiDcLXgy/aPD3yih79Hj6h2BxPbghSbk+sH8n+n5lNu1JUsZKDW0AT 7xS1M5E8gqSr9apIaum4+4BABvzlHn4/vAqrJuLFqwcE1014tevaa1NbU4qm8tde USJNH8yqi7rADoLZFLrZ8i33JbjLqUPSTEQeFnXMteRwHymBVTSyPv7/0XgaQJIn KmgltdKe77z4FEtvUiMWaxCJ1N+63MwYWXGp5svYkHG9IPSkaiZJlZ1GGEUWiR8V XahDsGCXntc22jqyb0tyTpl21zA396adu9tdpu58GOxC+RXoDrjbbEJrEF1EDNbU zoKM7yswi3HhCPJBkWPj/uDAqKWNmQBBYs5CRqGdyuWanFHbYHpEVQ4qKnCkmf8q fmC0HZZXujv827/GMYCqOgAZL4gfSaTrd0D3TIPugpEvAgMBAAGjYzBhMA8GA1Ud EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUx/bIC2LtFAyjF7aquR7R4INWoV0wHQYD VR0OBBYEFMf2yAti7RQMoxe2qrke0eCDVqFdMA4GA1UdDwEB/wQEAwIBhjANBgkq hkiG9w0BAQsFAAOCAgEAYlDeMj/rNjV4jYl3SA8Po10HqLr2Uj82Us61wHlM610r +BKsQ9vne4wpKp9rOtN89RV3lzv9If3zyFzJPgWUr3ur6I3irw3AoBvfrwu6qrRF VYHIYZlhuLCa6FnMCRPZp1YHhu7toOyNAWWamcwjosCRHV0G3Q2n+jzExFkixps6 wB1pPSy2sR6Kvj2CD2sxcmBXkAtUit5VCh51SQBstkoz70bY1svE8XxsCZbpqeEY /a//tM9nb38HpUiNBRCWOZB5Wpa34+Y3ODKxxjEBJHQCxMsLz7p2vlyKIMPpdGfr bRKcOT3gitUrSyTjeYxInJGr14IhOL/Es8EH7pA9rfqivilbUjGqbLMcdfPmoNiM A5aIuvjKUTNhCx3Va5wTGS4Wz88Nh0uXxAfZC6uYkeq6B4OYkkAKIM24a5r3gP47 yeL5Q8go502XF8B38zDqJoQb1VO8MIVfae48tAnosZukOIK668BqjG0rKDB45DKr txvhUiQAkedLGtuhiAxu6l0cR5mNcU293t5AmQSzQOHDi6rEkhiXe/zMg4A82iny f87EaQCbYX1tltYVgoz1gyoc91N2ciXwKYDEMmRTD09U9FcN1gvc/nKItF9L2R4/ A4YvORA2pzHFJgeVi0hx8assBurSHE6VjecX6q2xRkXTNv3LxGFvCSJEMiena2g= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICVTCCAdqgAwIBAgIQWoi1lhkiJOVqkMoLutg6KzAKBggqhkjOPQQDAzBbMQsw CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTIwMAYDVQQDDClT U0wuY29tIERvY3VtZW50IFNpZ25pbmcgRUNDIFJvb3QgQ0EgMjAyMjAeFw0yMjA4 MjUxNjMyNDRaFw00NjA4MTkxNjMyNDNaMFsxCzAJBgNVBAYTAlVTMRgwFgYDVQQK DA9TU0wgQ29ycG9yYXRpb24xMjAwBgNVBAMMKVNTTC5jb20gRG9jdW1lbnQgU2ln bmluZyBFQ0MgUm9vdCBDQSAyMDIyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE5CEG sN4fEKXIsjo96FpRlkiFk8lKjmL/4JZ7ja26hQmOntNowtcZLiq1kGaeYMbNsXWQ A2vTdlEfS5/5WkWTdnFwvnl/I4cjT4KHCz3sqSgi9RoEGjt98NpnZdd7TW0ao2Mw YTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFDL71ZvLbZz9ga4TfdoMwzT1 Ok01MB0GA1UdDgQWBBQy+9Wby22c/YGuE33aDMM09TpNNTAOBgNVHQ8BAf8EBAMC AYYwCgYIKoZIzj0EAwMDaQAwZgIxAIzDPQCFYIsBxIGs7HIYfqEuLvObPWKiitUA RZgni3vt8H/zPxWGVS57mfUE27YpOAIxAMHZ+IkqBGxVbAw6Gd1eCmGRqedchl0P PPRiM3Ny9QpRMhWzfU3kzAeTSoQiuTx6GA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFozCCA4ugAwIBAgIQUNDVDa3dAX5V0WmQO9IfRjANBgkqhkiG9w0BAQsFADBb MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTIwMAYDVQQD DClTU0wuY29tIERvY3VtZW50IFNpZ25pbmcgUlNBIFJvb3QgQ0EgMjAyMjAeFw0y MjA4MjUxNjMzMThaFw00NjA4MTkxNjMzMTdaMFsxCzAJBgNVBAYTAlVTMRgwFgYD VQQKDA9TU0wgQ29ycG9yYXRpb24xMjAwBgNVBAMMKVNTTC5jb20gRG9jdW1lbnQg U2lnbmluZyBSU0EgUm9vdCBDQSAyMDIyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A MIICCgKCAgEAwzIJOxcnL09DUX76445xF0hw/xMf/UtM6pIrXCOEI7fNOCetJM3G JzcCSim1aHPE7RhOZRQ+52gDUvRNugEkt6lqhErQlxmSnOz5WJBkltgvVO6neTlX B+zXHlwmdskOOYfFzBqWEwtdLYVOYN/yqK0X0F0nHqQJXQuI/JHGyRgz1DLN1aGv +4qF0bcYQWxABqUMjs86IcN/h65Top3USSM2AR7aZHaT3qgQmTrhNgjqYAE1DRWM DpamrFT+UK4voG+nqKWX07y0uzaZLK3wFCj/FXUixv99Su+0yH5BrQFZxvnK3lBE mvIz1Tm91dQDEBDPZuLQCW8E8VWKz9+j+KTbyEQQNCe17tym/AZFLypc9VpxtED/ ZRRsBu3oMqm/m9/+1M0gorr6N2zyqrNhCGopUdfHfchhrplsMNfxeFlqaSASj8O1 ARVxbOXulYzxYjsUQ/1sygho/LCV4BgaT4R3Vbuuj6ht5g8xsWAvJrI7slFotMYN wgK7nMj7e3XA5xZtUAsBC4FaD9EH+ZcchCpNE353UpSicRlCezBD+w19uLTYznag 4RLugzfZbLddc7r72xKMcLmplR/7fpqoWvIL5SIxdQLzO3/fYumqWcvP3SPbBgB2 QlWQKrsYpNj4QqrMN4QhiAic9TCF7M2KFQJrIKy/aRE6+Zivp3/ef0UCAwEAAaNj MGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBQExh55Yoya0KeEs3t3m7HA hvNIHzAdBgNVHQ4EFgQUBMYeeWKMmtCnhLN7d5uxwIbzSB8wDgYDVR0PAQH/BAQD AgGGMA0GCSqGSIb3DQEBCwUAA4ICAQCMklOEZM1dPacyJ2EZ9H6nIVrpKJsrXXZA ofxaAO3Vumj4RH1Um/gW1m0mA9vdKxQQygaesc1mGC8oI5VCN2kgeT1/nokekZy0 GNdTG3ZlfwCSOZeeP1QbeM7dIzrxlPQiKEahk8L1aWztXHnrk2+RImMZSP5nesku jn+nE1wTLTDejqpCJaehzROpFQZCHgY8qiyqMWrDlyLnlDaXu4yPsR1N+pztvRa4 U1h6Ci95EPi8SJ1D8ippoHqBPwG35rWY4GCObg7RBMBd/JeWcZOQP0fwDsdYItGm skgZ2b9kI/rglTwD9PnLKge9ZsL+XCB0XZ4u0U+9kVJOJypHPLmOlduyhLA7vx2v F0CTppkqaWjoEH6D8WQoROrK/n48wVGTCJ1rxpOOCus4MvJ/ztQ8PwHBkugF6SuO lmpVOi6PzBUP9AZ7uc+8J6W4bMQ/Yoej/NOpUkZUKdeHW+2Y4BHDH33ovCDTFkc/ nLUK4tExzR3tnF4QM3mNtd5V+3oeeBHq/4pUAe0jS7QN4+/NPlLGESr+HA+tv5U2 OH9lsddqQYfpaXQM7Tt9/TQVsW+hC3rldwq7zzSxv4yVukl88Yw2fv0JBdF8A3AE q9/v2g9hdaXeZMvowao4zvBv1Im0sh5o/FMwNQRJyCrCaE/J0s7HmfAkuBOx/i3/ lA62O9pgAg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMC VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T U0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNTIzWhcNNDEwMjEyMTgx NTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NMLmNv bSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49 AgEGBSuBBAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMA VIbc/R/fALhBYlzccBYy3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1Kthku WnBaBu2+8KGwytAJKaNjMGEwHQYDVR0OBBYEFFvKXuXe0oGqzagtZFG22XKbl+ZP MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe5d7SgarNqC1kUbbZcpuX 5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJN+vp1RPZ ytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZg h5Mmm7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNV BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UE CgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2Vy dGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMB4XDTE3MDUzMTE4MTQzN1oXDTQy MDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4G A1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQD DC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvq M0fNTPl9fb69LT3w23jhhqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssuf OePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7wcXHswxzpY6IXFJ3vG2fThVUCAtZJycxa 4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTOZw+oz12WGQvE43LrrdF9 HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+B6KjBSYR aZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcA b9ZhCBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQ Gp8hLH94t2S42Oim9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQV PWKchjgGAGYS5Fl2WlPAApiiECtoRHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMO pgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+SlmJuwgUHfbSguPvuUCYHBBXtSu UDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48+qvWBkofZ6aY MBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa4 9QaAJadz20ZpqJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBW s47LCp1Jjr+kxJG7ZhcFUZh1++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5 Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nxY/hoLVUE0fKNsKTPvDxeH3jnpaAg cLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2GguDKBAdRUNf/ktUM 79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDzOFSz /bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXt ll9ldDz7CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEm Kf7GUmG6sXP/wwyc5WxqlD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKK QbNmC1r7fSOl8hqw/96bg5Qu0T/fkreRrwU7ZcegbLHNYhLDkBvjJc40vG93drEQ w/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1hlMYegouCRw2n5H9gooi S9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX9hwJ1C07 mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMC VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T U0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0 aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNDAzWhcNNDEwMjEyMTgxNDAz WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0 b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBS b290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB BAAiA2IABEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI 7Z4INcgn64mMU1jrYor+8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPg CemB+vNH06NjMGEwHQYDVR0OBBYEFILRhXMw5zUE044CkvvlpNHEIejNMA8GA1Ud EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTTjgKS++Wk0cQh6M0wDgYD VR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCWe+0F+S8T kdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+ gA0z5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE BhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQK DA9TU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYwMjEyMTczOTM5WhcNNDEwMjEyMTcz OTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcN AQEBBQADggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2R xFdHaxh3a3by/ZPkPQ/CFp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aX qhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcC C52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/geoeOy3ZExqysdBP+lSgQ3 6YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkpk8zruFvh /l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrF YD3ZfBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93E JNyAKoFBbZQ+yODJgUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVc US4cK38acijnALXRdMbX5J+tB5O2UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8 ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi81xtZPCvM8hnIk2snYxnP/Okm +Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4sbE6x/c+cCbqi M+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4G A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGV cpNxJK1ok1iOMq8bs3AD/CUrdIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBc Hadm47GUBwwyOabqG7B52B2ccETjit3E+ZUfijhDPwGFpUenPUayvOUiaPd7nNgs PgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAslu1OJD7OAUN5F7kR/ q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjqerQ0 cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jr a6x+3uxjMxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90I H37hVZkLId6Tngr75qNJvTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/Y K9f1JmzJBjSWFupwWRoyeXkLtoh/D1JIPb9s2KJELtFOt3JY04kTlf5Eq/jXixtu nLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406ywKBjYZC6VWg3dGq2ktuf oYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NIWuuA8ShY Ic2wBlX7Jz9TkHCpBB5XJ7k= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQsw CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxT U0wuY29tIFRMUyBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2 MDgxOTE2MzM0N1owTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jwb3Jh dGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgRUNDIFJvb3QgQ0EgMjAyMjB2MBAG ByqGSM49AgEGBSuBBAAiA2IABEUpNXP6wrgjzhR9qLFNoFs27iosU8NgCTWyJGYm acCzldZdkkAZDsalE3D07xJRKF3nzL35PIXBz5SQySvOkkJYWWf9lCcQZIxPBLFN SeR7T5v15wj4A4j3p8OSSxlUgaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME GDAWgBSJjy+j6CugFFR781a4Jl9nOAuc0DAdBgNVHQ4EFgQUiY8vo+groBRUe/NW uCZfZzgLnNAwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2gAMGUCMFXjIlbp 15IkWE8elDIPDAI2wv2sdDJO4fscgIijzPvX6yv/N33w7deedWo1dlJF4AIxAMeN b0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5Zn6g6g== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBO MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQD DBxTU0wuY29tIFRMUyBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloX DTQ2MDgxOTE2MzQyMVowTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jw b3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgUlNBIFJvb3QgQ0EgMjAyMjCC AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANCkCXJPQIgSYT41I57u9nTP L3tYPc48DRAokC+X94xI2KDYJbFMsBFMF3NQ0CJKY7uB0ylu1bUJPiYYf7ISf5OY t6/wNr/y7hienDtSxUcZXXTzZGbVXcdotL8bHAajvI9AI7YexoS9UcQbOcGV0ins S657Lb85/bRi3pZ7QcacoOAGcvvwB5cJOYF0r/c0WRFXCsJbwST0MXMwgsadugL3 PnxEX4MN8/HdIGkWCVDi1FW24IBydm5MR7d1VVm0U3TZlMZBrViKMWYPHqIbKUBO L9975hYsLfy/7PO0+r4Y9ptJ1O4Fbtk085zx7AGL0SDGD6C1vBdOSHtRwvzpXGk3 R2azaPgVKPC506QVzFpPulJwoxJF3ca6TvvC0PeoUidtbnm1jPx7jMEWTO6Af77w dr5BUxIzrlo4QqvXDz5BjXYHMtWrifZOZ9mxQnUjbvPNQrL8VfVThxc7wDNY8VLS +YCk8OjwO4s4zKTGkH8PnP2L0aPP2oOnaclQNtVcBdIKQXTbYxE3waWglksejBYS d66UNHsef8JmAOSqg+qKkK3ONkRN0VHpvB/zagX9wHQfJRlAUW7qglFA35u5CCoG AtUjHBPW6dvbxrB6y3snm/vg1UYk7RBLY0ulBY+6uB0rpvqR4pJSvezrZ5dtmi2f gTIFZzL7SAg/2SW4BCUvAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0j BBgwFoAU+y437uOEeicuzRk1sTN8/9REQrkwHQYDVR0OBBYEFPsuN+7jhHonLs0Z NbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAjYlt hEUY8U+zoO9opMAdrDC8Z2awms22qyIZZtM7QbUQnRC6cm4pJCAcAZli05bg4vsM QtfhWsSWTVTNj8pDU/0quOr4ZcoBwq1gaAafORpR2eCNJvkLTqVTJXojpBzOCBvf R4iyrT7gJ4eLSYwfqUdYe5byiB0YrrPRpgqU+tvT5TgKa3kSM/tKWTcWQA673vWJ DPFs0/dRa1419dvAJuoSc06pkZCmF8NsLzjUo3KUQyxi4U5cMj29TH0ZR6LDSeeW P4+a0zvkEdiLA9z2tmBVGKaBUfPhqBVq6+AL8BQx1rmMRTqoENjwuSfr98t67wVy lrXEj5ZzxOhWc5y8aVFjvO9nHEMaX3cZHxj4HCUp+UmZKbaSPaKDN7EgkaibMOlq bLQjk2UEqxHzDh1TJElTHaE/nUiSEeJ9DU/1172iWD54nR4fK/4huxoTtrEoZP2w AgDHbICivRZQIA9ygV/MlP+7mea6kMvq+cYMwq7FGc4zoWtcu358NFcXrfA/rs3q r5nsLFR+jM4uElZI7xc7P0peYNLcdDa8pUNjyw9bowJWCZ4kLOGGgYz+qxcs+sji Mho6/4UIyYOf8kpIEFR3N+2ivEC+5BB09+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU 98OwoX6EyneSMSy4kLGCenROmxMmtNVQZlR4rmA= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIINDCCBhygAwIBAgIRAP11BI16YIaTaUyqADxl0z0wDQYJKoZIhvcNAQELBQAw gaYxCzAJBgNVBAYTAkNIMTswOQYDVQQKEzJUaGUgRmVkZXJhbCBBdXRob3JpdGll cyBvZiB0aGUgU3dpc3MgQ29uZmVkZXJhdGlvbjERMA8GA1UECxMIU2VydmljZXMx IjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxIzAhBgNVBAMTGlN3 aXNzIEdvdmVybm1lbnQgUm9vdCBDQSBJMB4XDTExMDIxNTA5MDAwMFoXDTM1MDIx NTA4NTk1OVowgaYxCzAJBgNVBAYTAkNIMTswOQYDVQQKEzJUaGUgRmVkZXJhbCBB dXRob3JpdGllcyBvZiB0aGUgU3dpc3MgQ29uZmVkZXJhdGlvbjERMA8GA1UECxMI U2VydmljZXMxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxIzAh BgNVBAMTGlN3aXNzIEdvdmVybm1lbnQgUm9vdCBDQSBJMIICIjANBgkqhkiG9w0B AQEFAAOCAg8AMIICCgKCAgEAyA5y9AEvhnsLwmOwjWjtHz3euYObXKFdug82JxEE rQZUILceoObOvvCZaXIZNWRmMY0svY5CCp/GyqmQLNq8hTAD2TKWlvC+oCINJGzU xn9aTFEkLVRyCHwz6cwox2ZlI2lrlbTrvuOH52PX5PsHrRKS6+fkCkOyqd/HkLwm W5H5o7eHnJS5EI2IxVhcMrwW7A5XT/6nk3iP4MU5uweIYMFUZeuHvp8xl3E8+ovI g2xSluCswO/LaQiVW+Dgu68npMIX8VGfhHZh2CTi/mFtZDVJ6jnEIWK9zOIC/0hr OK9px7mSLYIRjb0LiYUq6re0ss1L69H6qvDgTAk8Td/2MR2GMKhBiFdwLCdR3s+L Tj8C8lClF+BnG3IMQTEfAaKWPjzbAradlOYCTvPwGYKyCCMT65HNUdOqRsJzmJg/ usPumvz6za9yCjcTj/mgULPq+z8svPpjVTX00ry4cdKR6+nKylzsUWaonlkFIi+j GttP4EViIzxdVfswlSs0os+ntEvAM8k0UZ3TsyvfxeosLMffRB+2jbn+81zNNy+w bJxKCL3o9db6cOVpMjdcXwvLP+SIAszKs3gvfb9IsyGwH4h5m1qKcdghhCkPSgQx Kr0NIUTOdJ0m00kd+Iao5RJ3xcBzDFCDapBrocr40JXZNYbHEaM7FMfLhlhWDfuD 9wECAwEAAaOCAlkwggJVMA8GA1UdEwEB/wQFMAMBAf8wgZsGA1UdIASBkzCBkDCB jQYIYIV0AREDAQAwgYAwQwYIKwYBBQUHAgEWN2h0dHA6Ly93d3cucGtpLmFkbWlu LmNoL2Nwcy9DUFNfMl8xNl83NTZfMV8xN18zXzFfMC5wZGYwOQYIKwYBBQUHAgIw LRorVGhpcyBpcyB0aGUgU3dpc3MgR292ZXJubWVudCBSb290IENBIEkgQ1BTLjCB jgYDVR0fBIGGMIGDMIGAoH6gfIZ6bGRhcDovL2FkbWluZGlyLmFkbWluLmNoOjM4 OS9jbj1Td2lzcyUyMEdvdmVybm1lbnQlMjBSb290JTIwQ0ElMjBJLG91PUNlcnRp ZmljYXRpb24lMjBBdXRob3JpdGllcyxvdT1TZXJ2aWNlcyxvPUFkbWluLGM9Q0gw HQYDVR0OBBYEFLUbg7s7T7LS++UDjtRhXdEajrCiMA4GA1UdDwEB/wQEAwIBBjCB 4wYDVR0jBIHbMIHYgBS1G4O7O0+y0vvlA47UYV3RGo6woqGBrKSBqTCBpjELMAkG A1UEBhMCQ0gxOzA5BgNVBAoTMlRoZSBGZWRlcmFsIEF1dGhvcml0aWVzIG9mIHRo ZSBTd2lzcyBDb25mZWRlcmF0aW9uMREwDwYDVQQLEwhTZXJ2aWNlczEiMCAGA1UE CxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEjMCEGA1UEAxMaU3dpc3MgR292 ZXJubWVudCBSb290IENBIEmCEQD9dQSNemCGk2lMqgA8ZdM9MA0GCSqGSIb3DQEB CwUAA4ICAQAl2t94sCbcn5nrM5zJRbpcY1KNbgNzqnRIxQ0L0hcMLAvSxiWD1FTN B4FUL2d2Jafp13+WR3ekHZtF//HY9p5HDnSME8TyvtYHKBg8mHXB2+uSiCbmBmSO +dL94pk1gdHYdRe1c+rd6BgilRYZClkqItyGWkNPJWg2qdiTAI9excNhhvDSFAmV UcR+2FLusI2KiHGl1yin9NwGWCVexFUYCJV0fLgB507Y1vZ8IENIDaPg3lTEqF8A SUPTRTuCZW7ui6MBIlaa8c4p5QzEa+3nTvixVYGtcf+E+whX5kfKrYf4Rvj68DWE 7bTYiJcid6SPFsg8Z9HhbgSse482zd6lCKwqjfWnHZ/Hw5EhQqOGgbkq2LHpOB1U CJg5ChHKMg4zzfRM6qhKBukYPkHGz6D24CtrII6nIALrMEGBsOjkrqQYiSvfFPAS KW14+k1E+7I05a/zjjX3w84sCxi00HmPE78Di2a4tWHUrA79eD0JrbXSLE9WQZmI RAx+Z+Nkn/paKlh3UWmxzSyapzQQBXT6bkVjy4tSrUeRohLIoiYExdAiHgOzspI3 VFf9iYN1A20tO7PxpKIQfJyTjaNQhDmLlVlB9gJ2Boq8DpDn2TrrrSZeV1PRb8h1 4KuRe2uhf/kbUKjc/k0G4RWKpBDrHgbPVEgVlii2Ix8a43ylj/o3Vw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8 76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+ bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c 6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7 lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn 8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6 45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5 O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a 77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3 92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFwTCCA6mgAwIBAgIITrIAZwwDXU8wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEjMCEGA1UEAxMaU3dpc3NTaWdu IFBsYXRpbnVtIENBIC0gRzIwHhcNMDYxMDI1MDgzNjAwWhcNMzYxMDI1MDgzNjAw WjBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMSMwIQYDVQQD ExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQAD ggIPADCCAgoCggIBAMrfogLi2vj8Bxax3mCq3pZcZB/HL37PZ/pEQtZ2Y5Wu669y IIpFR4ZieIbWIDkm9K6j/SPnpZy1IiEZtzeTIsBQnIJ71NUERFzLtMKfkr4k2Htn IuJpX+UFeNSH2XFwMyVTtIc7KZAoNppVRDBopIOXfw0enHb/FZ1glwCNioUD7IC+ 6ixuEFGSzH7VozPY1kneWCqv9hbrS3uQMpe5up1Y8fhXSQQeol0GcN1x2/ndi5ob jM89o03Oy3z2u5yg+gnOI2Ky6Q0f4nIoj5+saCB9bzuohTEJfwvH6GXp43gOCWcw izSC+13gzJ2BbWLuCB4ELE6b7P6pT1/9aXjvCR+htL/68++QHkwFix7qepF6w9fl +zC8bBsQWJj3Gl/QKTIDE0ZNYWqFTFJ0LwYfexHihJfGmfNtf9dng34TaNhxKFrY zt3oEBSa/m0jh26OWnA81Y0JAKeqvLAxN23IhBQeW71FYyBrS3SMvds6DsHPWhaP pZjydomyExI7C3d3rLvlPClKknLKYRorXkzig3R3+jVIeoVNjZpTxN94ypeRSCtF KwH3HBqi7Ri6Cr2D+m+8jVeTO9TUps4e8aCxzqv9KyiaTxvXw3LbpMS/XUz13XuW ae5ogObnmLo2t/5u7Su9IPhlGdpVCX4l3P5hYnL5fhgC72O00Puv5TtjjGePAgMB AAGjgawwgakwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O BBYEFFCvzAeHFUdvOMW0ZdHelarp35zMMB8GA1UdIwQYMBaAFFCvzAeHFUdvOMW0 ZdHelarp35zMMEYGA1UdIAQ/MD0wOwYJYIV0AVkBAQEBMC4wLAYIKwYBBQUHAgEW IGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0GCSqGSIb3DQEBBQUA A4ICAQAIhab1Fgz8RBrBY+D5VUYI/HAcQiiWjrfFwUF1TglxeeVtlspLpYhg0DB0 uMoI3LQwnkAHFmtllXcBrqS3NQuB2nEVqXQXOHtYyvkv+8Bldo1bAbl93oI9ZLi+ FHSjClTTLJUYFzX1UWs/j6KWYTl4a0vlpqD4U99REJNi54Av4tHgvI42Rncz7Lj7 jposiU0xEQ8mngS7twSNC/K5/FqdOxa3L8iYq/6KUFkuozv8KV2LwUvJ4ooTHbG/ u0IdUt1O2BReEMYxB+9xJ/cbOQncguqLs5WGXv312l0xpuAxtpTmREl0xRbl9x8D YSjFyMsSoEJL+WuICI20MhjzdZ/EfwBPBZWcoxcCw7NTm6ogOSkrZvqdr16zktK1 puEa+S1BaYEUtLS17Yk9zvupnTVCRLEcFHOBzyoBNZox1S2PbYTfgE1X4z/FhHXa icYwu+uPyyIIoK6q8QNsOktNCaUOcsZWayFCTiMlFGiudgp8DAdwZPmaL/YFOSbG DI8Zf0NebvRbFS/bYV3mZy8/CJT5YLSYMdp08YSTcU1f+2BY0fvEwW2JorsgH51x kcsymxM9Pn2SUjWskpSi0xjCfMfqr3YFFt1nJ8J+HAciIfNAChs0B0QTwoRqjt8Z Wr9/6x3iGjjRXK9HkmuAtTClyY3YqzGBH9/CZjfTk6mFhnll0g== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFlzCCA3+gAwIBAgIURg7UAXGQoBqDLEpCECgV0mEbrTIwDQYJKoZIhvcNAQEL BQAwUzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEtMCsGA1UE AxMkU3dpc3NTaWduIFJTQSBTTUlNRSBSb290IENBIDIwMjIgLSAxMB4XDTIyMDYw ODEwNTMxM1oXDTQ3MDYwODEwNTMxM1owUzELMAkGA1UEBhMCQ0gxFTATBgNVBAoT DFN3aXNzU2lnbiBBRzEtMCsGA1UEAxMkU3dpc3NTaWduIFJTQSBTTUlNRSBSb290 IENBIDIwMjIgLSAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1Pv6 P4aimXAJOsnWoU4Bzka1LSRIDUXprMka1zKApObTytbyKTfsmizWgc7mG52xD0Hf WNNfqqB5WQuMrfnF+Rz7w+k1QHTDwQzLZ/ucXgwj+dAv+kyCRRy19R/4GW7ak7dO aIN+Yi0djJUfcNnOWowhXai+CKlWbdn3uZCZxzvXvZ4uyWdXLiHO8DKD+wQB+beC RA2yy3oJoUg+T8ALahsb7M8dnn8GkKwoBQuo5lQ7oqcsOROZqPs06/XwvQHYiBHI rroZAkkC3IostL1hYOydeFxqiy8Xhl7yT5MAa13FsqmlGOrmbX5XBfsH/Lx8oUOx ZhyoZ/urN/aqqrh6Qfc51YyfrnI2J+RixkOZ8aFB6f+Jnw9Jr8kUBhcnZDkNpbQq W+w8+5/FX8Y7XSYZ8oQpuJVECVL9bDDQYo8opYGWK5QvJnXkCYwK3zjzfl04joKa jNyers4SQjoi8jWNT9IayEkzC/o2P/8sa2ogcUzNrRA/aTKEjlzuU4hE4t3MAzCS hnmQKkt1+1JixPRvTffbI6EY3UVTF5pjJEiJIs1+mwEcgCgDj1sr+h/jfBm95o+x QHag8sc3sjKUEDLNpxOX8TssejQie3Q6QOKvgvjBwXj8X+Q1f8D0TPBMsuqHA3Il WYMqCKRR3s/uqOfoQD+I8DarCU7YoKh/8+EJ27kCAwEAAaNjMGEwDwYDVR0TAQH/ BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHwYDVR0jBBgwFoAUzC6tiYyD40CjJWml 6pJ90jc6x8YwHQYDVR0OBBYEFMwurYmMg+NAoyVppeqSfdI3OsfGMA0GCSqGSIb3 DQEBCwUAA4ICAQAAB2YWpe3Hub+8yJGtWO1eEgWz9kabe+SEEC8HsVpeMm5tAPBe x5piOYdN5Dzzvva6alNshG0H1GHKZ2a+mz5FMJ1R0tdaQq6dkg4jq9AVlD6omsqb 7cHCXyGjmYD8uaZhDlCAgCfH6H2g1JR6mAPn7kKL81JQXO++sHZaHAmhv4PAHnZl 0CVBW2mRk3f5jEvwLNubBgAXg/palLSGie+8CgsS+AZN0nPikThduWpLT6ev2iYl kiMafB8nDZGE7xdy9kbrazs3qdTVmmO6XnmMKrWbojS1zJYn+XkIPH9t4P983MUm r8OhemkW3Yc1c8ZrMWtWAS1PmdnuyuHQg962hecW+NGuM0j7Gs9dX4qEYXQHbxmw USGyoQSxe1OP76JFrR+Y3flqBGyqNsWvjOopSUrn/1ezxjwRSRgX5maF4egj8osO PJPEP3ZOfmKiKcsWMN4saa+Rp+JX5TNMv9iOB6J/oTVGaUqoICn/694glVmxrk0w a9iatAMfwjjkINUO1howTGicjODtoQ+OQl3rgCoSeaYXF7SVKo40kae90ayoGkMh i97v4KxGJWUKxiuhmz4i6Bg4tSb2LMoIIN4w0a1U/dxIFZ/Np0HXNziFME8SiEM0 g9cqTdQAV1zlyvDd4ZIoKxh1vUekQhPpVlqNSl7ODnU1gHMZDywpi7uVuA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFkzCCA3ugAwIBAgIUQ/oMX04bgBhE79G0TzUfRPSA7cswDQYJKoZIhvcNAQEL BQAwUTELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzErMCkGA1UE AxMiU3dpc3NTaWduIFJTQSBUTFMgUm9vdCBDQSAyMDIyIC0gMTAeFw0yMjA2MDgx MTA4MjJaFw00NzA2MDgxMTA4MjJaMFExCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxT d2lzc1NpZ24gQUcxKzApBgNVBAMTIlN3aXNzU2lnbiBSU0EgVExTIFJvb3QgQ0Eg MjAyMiAtIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDLKmjiC8NX vDVjvHClO/OMPE5Xlm7DTjak9gLKHqquuN6orx122ro10JFwB9+zBvKK8i5VUXu7 LCTLf5ImgKO0lPaCoaTo+nUdWfMHamFk4saMla+ju45vVs9xzF6BYQ1t8qsCLqSX 5XH8irCRIFucdFJtrhUnWXjyCcplDn/L9Ovn3KlMd/YrFgSVrpxxpT8q2kFC5zyE EPThPYxr4iuRR1VPuFa+Rd4iUU1OKNlfGUEGjw5NBuBwQCMBauTLE5tzrE0USJIt /m2n+IdreXXhvhCxqohAWVTXz8TQm0SzOGlkjIHRI36qOTw7D59Ke4LKa2/KIj4x 0LDQKhySio/YGZxH5D4MucLNvkEM+KRHBdvBFzA4OmnczcNpI/2aDwLOEGrOyvi5 KaM2iYauC8BPY7kGWUleDsFpswrzd34unYyzJ5jSmY0lpx+Gs6ZUcDj8fV3oT4MM 0ZPlEuRU2j7yrTrePjxF8CgPBrnh25d7mUWe3f6VWQQvdT/TromZhqwUtKiE+shd OxtYk8EXlFXIC+OCeYSf8wCENO7cMdWP8vpPlkwGqnj73mSiI80fPsWMvDdUDrta clXvyFu1cvh43zcgTFeRc5JzrBh3Q4IgaezprClG5QtO+DdziZaKHG29777YtvTK wP1H8K4LWCDFyB02rpeNUIMmJCn3nTsPBQIDAQABo2MwYTAPBgNVHRMBAf8EBTAD AQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBRvjmKLk0Ow4UD2p8P98Q+4 DxU4pTAdBgNVHQ4EFgQUb45ii5NDsOFA9qfD/fEPuA8VOKUwDQYJKoZIhvcNAQEL BQADggIBAKwsKUF9+lz1GpUYvyypiqkkVHX1uECry6gkUSsYP2OprphWKwVDIqO3 10aewCoSPY6WlkDfDDOLazeROpW7OSltwAJsipQLBwJNGD77+3v1dj2b9l4wBlgz Hqp41eZUBDqyggmNzhYzWUUo8aWjlw5DI/0LIICQ/+Mmz7hkkeUFjxOgdg3XNwwQ iJb0Pr6VvfHDffCjw3lHC1ySFWPtUnWK50Zpy1FVCypM9fJkT6lc/2cyjlUtMoIc gC9qkfjLvH4YoiaoLqNTKIftV+Vlek4ASltOU8liNr3CjlvrzG4ngRhZi0Rjn9UM ZfQpZX+RLOV/fuiJz48gy20HQhFRJjKKLjpHE7iNvUcNCfAWpO2Whi4Z2L6MOuhF LhG6rlrnub+xzI/goP+4s9GFe3lmozm1O2bYQL7Pt2eLSMkZJVX8vY3PXtpOpvJp zv1/THfQwUY1mFwjmwJFQ5Ra3bxHrSL+ul4vkSkphnsh3m5kt8sNjzdbowhq6/Td Ao9QAwKxuDdollDruF/UKIqlIgyKhPBZLtU30WHlQnNYKoH3dtvi4k0NX/a3vgW0 rk4N3hY9A4GzJl5LuEsAz/+MF7psYC0nhzck5npgL7XTgwSqT0N1osGDsieYK7EO gLrAhV5Cud+xYJHT6xh+cHiudoO+cVrQkOPKwRYlZ0rwtnu64ZzZ -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH 6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/ c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6 5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9 xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ 2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8 aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/ OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+ hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFjTCCA3WgAwIBAgIQQAE0jMIAAAAAAAAAATzyxjANBgkqhkiG9w0BAQwFADBQ MQswCQYDVQQGEwJUVzESMBAGA1UEChMJVEFJV0FOLUNBMRAwDgYDVQQLEwdSb290 IENBMRswGQYDVQQDExJUV0NBIENZQkVSIFJvb3QgQ0EwHhcNMjIxMTIyMDY1NDI5 WhcNNDcxMTIyMTU1OTU5WjBQMQswCQYDVQQGEwJUVzESMBAGA1UEChMJVEFJV0FO LUNBMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJUV0NBIENZQkVSIFJvb3Qg Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDG+Moe2Qkgfh1sTs6P 40czRJzHyWmqOlt47nDSkvgEs1JSHWdyKKHfi12VCv7qze33Kc7wb3+szT3vsxxF avcokPFhV8UMxKNQXd7UtcsZyoC5dc4pztKFIuwCY8xEMCDa6pFbVuYdHNWdZsc/ 34bKS1PE2Y2yHer43CdTo0fhYcx9tbD47nORxc5zb87uEB8aBs/pJ2DFTxnk684i JkXXYJndzk834H/nY62wuFm40AZoNWDTNq5xQwTxaWV4fPMf88oon1oglWa0zbfu j3ikRRjpJi+NmykosaS3Om251Bw4ckVYsV7r8Cibt4LK/c/WMw+f+5eesRycnupf Xtuq3VTpMCEobY5583WSjCb+3MX2w7DfRFlDo7YDKPYIMKoNM+HvnKkHIuNZW0CP 2oi3aQiotyMuRAlZN1vH4xfyIutuOVLF3lSnmMlLIJXcRolftBL5hSmO68gnFSDA S9TMfAxsNAwmmyYxpjyn9tnQS6Jk/zuZQXLB4HCX8SS7K8R0IrGsayIyJNN4KsDA oS/xUgXJP+92ZuJF2A09rZXIx4kmyA+upwMu+8Ff+iDhcK2wZSA3M2Cw1a/XDBzC kHDXShi8fgGwsOsVHkQGzaRP6AzRwyAQ4VRlnrZR0Bp2a0JaWHY06rc3Ga4udfmW 5cFZ95RXKSWNOkyrTZpB0F8mAwIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYD VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSdhWEUfMFib5do5E83QOGt4A1WNzAd BgNVHQ4EFgQUnYVhFHzBYm+XaORPN0DhreANVjcwDQYJKoZIhvcNAQEMBQADggIB AGSPesRiDrWIzLjHhg6hShbNcAu3p4ULs3a2D6f/CIsLJc+o1IN1KriWiLb73y0t tGlTITVX1olNc79pj3CjYcya2x6a4CD4bLubIp1dhDGaLIrdaqHXKGnK/nZVekZn 68xDiBaiA9a5F/gZbG0jAn/xX9AKKSM70aoK7akXJlQKTcKlTfjF/biBzysseKNn TKkHmvPfXvt89YnNdJdhEGoHK4Fa0o635yDRIG4kqIQnoVesqlVYL9zZyvpoBJ7t RCT5dEA7IzOrg1oYJkK2bVS1FmAwbLGg+LhBoF1JSdJlBTrq/p1hvIbZv97Tujqx f36SNI7JAG7cmL3c7IAFrQI932XtCwP39xaEBDG6k5TY8hL4iuO/Qq+n1M0RFxbI Qh0UqEL20kCGoE8jypZFVmAGzbdVAaYBlGX+bgUJurSkquLvWL69J1bY73NxW0Qz 8ppy6rBePm6pUlvscG21h483XjyMnM7k8M4MZ0HMzvaAq07MTFb1wWFZk7Q+ptq4 NxKfKjLji7gh7MMrZQzvIt6IKTtM1/r+t+FHvpw+PoP7UV31aPcuIYXcv/Fa4nzX xeSDwWrruoBa3lwtcHb4yOWHh8qgnaHlIhInD0Q9HWzq1MKLL295q39QpsQZp6F6 t5b5wR9iWqJDB0BeJsas7a5wFsWqynKKTbDPAYsDP27X -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcx EjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMT VFdDQSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5 NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsT B1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqG SIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2CnJfF 10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz 0ALfUPZVr2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfCh MBwqoJimFb3u/Rk28OKRQ4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbH zIh1HrtsBv+baz4X7GGqcXzGHaL3SekVtTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc 46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1WKKD+u4ZqyPpcC1jcxkt2 yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99sy2sbZCi laLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYP oA/pyJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQA BDzfuBSO6N+pjWxnkjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcE qYSjMq+u7msXi7Kx/mzhkIyIqJdIzshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm 4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB /zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6gcFGn90xHNcgL 1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WF H6vPNOw/KP4M8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNo RI2T9GRwoD2dKAXDOXC4Ynsg/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+ nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlglPx4mI88k1HtQJAH32RjJMtOcQWh 15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryPA9gK8kxkRr05YuWW 6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3mi4TW nsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5j wa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWz aGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmy KwbQBM0= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFlTCCA32gAwIBAgIQQAE0jMIAAAAAAAAAAZdY9DANBgkqhkiG9w0BAQwFADBU MQswCQYDVQQGEwJUVzESMBAGA1UEChMJVEFJV0FOLUNBMRAwDgYDVQQLEwdSb290 IENBMR8wHQYDVQQDExZUV0NBIEdsb2JhbCBSb290IENBIEcyMB4XDTIyMTEyMjA2 NDIyMVoXDTQ3MTEyMjE1NTk1OVowVDELMAkGA1UEBhMCVFcxEjAQBgNVBAoTCVRB SVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEfMB0GA1UEAxMWVFdDQSBHbG9iYWwg Um9vdCBDQSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKoO1SCS Aa2C+QwIkTRrihbQRhb/A7jYjeqTNPv/K739bqrcm/KGgVX1iRzEjXVqWHiREx4C E3A9774K5wCPuDHldMUwvv991pnlwkKjzyHWswh/kdVh5qKVEA3vXpcLSTjVIrDX i1lvnzWbf9KRzHp/u6Cf3lUz9kuNCup9CcB53L1E4v4c52QhKM8ESuK0v4Z5KrsO k8mPXqwwOVKQB7nqnCZCFMRnRv7RGmihPlAZoyYKJymQwva063OaeB7hmPRlDDUh BvgL3mLlTcGzXdm5+mGXKuPqx0RVJJL+Eqc/xHfgLQKBB9X7feYQnjq0qO/s+1Dq Nc/MfrtCuURsUum/KnIfP96bcOncWsU7u7/wWYWvL8GwFHkFrHWfJfURJwZgIcdt Zb6oiZzlrEbf+F1EA41gvfexDcwv70FUL+5rlblOfDTfO/l3nX3NBz0cBjMSgOxy nPItgtrVO8TH+QTDZAJ89TVgp7RGKS4b76VYgC56iVE4Njz9oXe4gDDQit6NpzQm 7CO7GFUYNkXu7QEGqk2/ZAzKmJcaMQJm+HhoW4jfCajnm/o0bXAcIa0Ii/Khtqx2 ar/xgCUAvjweTa65PLaVY71rfkcSkFVFEY3sFx/BvieBk1djaQAmd4vDWeV70Q1E 8qjw94WaBffCLnCak4XYlZAxkFSm7AufN0UPAgMBAAGjYzBhMA4GA1UdDwEB/wQE AwIBBjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFJKM1DbRW0dTxHENhN1k KvU2ZEDnMB0GA1UdDgQWBBSSjNQ20VtHU8RxDYTdZCr1NmRA5zANBgkqhkiG9w0B AQwFAAOCAgEAJfxL2pC02nXnQTqB0ab+oGrzGHFiaiQIi6l6TclVzs8QKC4EGZYF z10CICo7s1U/Ac1CzbJ37f9183x325alz4xnBvSkm3L2IUkJmKMyXndaYwnvYkOX Aji16jwYUGj8WVvZedTx5FZIE1bY03ELXniUOBFF+gUX9Q51HmJSYUa6LhmthrSI D7FQ5kAANBqVnZPgUfnUVUbplTwlhi6X1wExGETsHGDpfWmvMviXQCUkto0aVTzF t/e8BlI7cTBwPnEXfvFmBF5dvIoxQ6aSHXtU0qU2i2+N1l7a1MMuHd85VWCCMJ4n /46A3WNMplU12NAzqYBtPl6dzKhngGb6mVcMUsoZdbA4NVUqgcWMHlbXX5DyINja 4GZx6bJ4q2e5JG5rNnL8b439f3I5KGdSkQUfV2XSo6cNYfqh59U1RpXJBof2MOwy UamsVsAhTqMUdAU6vOO/bT1OP16lpG0pv4RRdVOOhhr1UXAqDRxOQOH9o+OlK2eQ ksdsroW/OpsXFcqcKpPUTTkNvCAIo42IbAkNjK5EIU3JcezYJtcXni0RGDyjIn24 J1S/aMg7QsyPXk7n3MLF+mpED41WiHrfiYRsoLM+PfFlAAmI6irrQM6zXawyF67B m+nQwfVJlN2nznxaB+uuIJwXMJJpk3Lzmltxm/5q33owaY6zLtsPLN0= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES MBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz WhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlm aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFE AcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HH K3XLfJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeX RfwZVzsrb+RH9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/z rX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx 3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkq hkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeC MErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdls XebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62D lhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvn aspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIE5DCCA8ygAwIBAgIBATANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJteTEL MAkGA1UECgwCVE0xNDAyBgNVBAsMK1RNIEFwcGxpZWQgQnVzaW5lc3MgQ2VydGlm aWNhdGlvbiBBdXRob3JpdHkxLTArBgNVBAMMJFRNIEFwcGxpZWQgQnVzaW5lc3Mg Um9vdCBDZXJ0aWZpY2F0ZTAeFw0xMTEwMTAwNjIzMzlaFw0zMTEwMTAwNjUzMzla MH8xCzAJBgNVBAYTAm15MQswCQYDVQQKDAJUTTE0MDIGA1UECwwrVE0gQXBwbGll ZCBCdXNpbmVzcyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEtMCsGA1UEAwwkVE0g QXBwbGllZCBCdXNpbmVzcyBSb290IENlcnRpZmljYXRlMIIBIDANBgkqhkiG9w0B AQEFAAOCAQ0AMIIBCAKCAQEAxbd1GV7r9EIJjbFqbG4ydqQFBw+PK2Q672vHtxtX WiUzwGEYo4IdgHft7RxkskC6yMJVtV+Owt2RbvPF56M5m0wvfqPm948VXH0bWrqW lpOgYXIgRIgnq0FHdz5eMKWLNegwRqBY6k4CbT1iDTnzZK5m7twSfhlL0b/CgkT6 +deZSOyzDPRiZzWbnUZoR5emIl4TVgALUfX7ZF9b4L/yb+9F1K7Gr9ycH+0UHbKm 7wc45wh3Nqq5qDw5GuWRaKqQjsGYGeTqbYWTGwbm3FELoQDsxK5ypxxpEXI+3M7z OFfXGhpXFE2LUHZFVXMwI29Lr0pIQpNCX/nx2jlcBtUPyQIBA6OCAWswggFnMIGr BgNVHSMEgaMwgaCAFEAa+7SWN5aD3yw7FO0cxsveIG0IoYGEpIGBMH8xCzAJBgNV BAYTAm15MQswCQYDVQQKDAJUTTE0MDIGA1UECwwrVE0gQXBwbGllZCBCdXNpbmVz cyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEtMCsGA1UEAwwkVE0gQXBwbGllZCBC dXNpbmVzcyBSb290IENlcnRpZmljYXRlggEBMB0GA1UdDgQWBBRAGvu0ljeWg98s OxTtHMbL3iBtCDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zB3BgNV HR8EcDBuMGygaqBohmZsZGFwOi8vbGRhcC50bWNhLmNvbS5teTozODkvY249YXJs MWRwMSxvdT1BUkwsb3U9VE0gQXBwbGllZCBCdXNpbmVzcyBDZXJ0aWZpY2F0aW9u IEF1dGhvcml0eSxvPVRNLGM9bXkwDQYJKoZIhvcNAQELBQADggEBAECJXpdECqtm MStt3E6m5y2xR/9SefPt26eB6To8VWf1RdHuGXn9N+CupCiiGDjez9KXkqQ5vFSD 7x2hgWfIjCZlhrrKbwBCWE26GWa3G0BRJZLQghWIbGIy4vFAEt2+wO8Q8iaEJfX0 ag9ZPyMZHb0NvDk6vNrcbj8OjCaRJDPM/TM5jF2iu0eX5xAqhCZUsSt+X/mqf+3H /sojplW/38pe4Ps+p1LWKjqle2PyhfwhNCvBrvBBkBg/RcQjjbw7ht2qRmdphyGi Vxamp3w7/okgRxj61XL9XDpotTvhPMIrS3hTVVqy9oa+wD3bSP/wwHoQ1B7f5LYu whrUDnpqoHY= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFdDCCA1ygAwIBAgIPAWdfJ9b+euPkrL4JWwWeMA0GCSqGSIb3DQEBCwUAMEQx CzAJBgNVBAYTAkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UE AwwQVGVsaWEgUm9vdCBDQSB2MjAeFw0xODExMjkxMTU1NTRaFw00MzExMjkxMTU1 NTRaMEQxCzAJBgNVBAYTAkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZ MBcGA1UEAwwQVGVsaWEgUm9vdCBDQSB2MjCCAiIwDQYJKoZIhvcNAQEBBQADggIP ADCCAgoCggIBALLQPwe84nvQa5n44ndp586dpAO8gm2h/oFlH0wnrI4AuhZ76zBq AMCzdGh+sq/H1WKzej9Qyow2RCRj0jbpDIX2Q3bVTKFgcmfiKDOlyzG4OiIjNLh9 vVYiQJ3q9HsDrWj8soFPmNB06o3lfc1jw6P23pLCWBnglrvFxKk9pXSW/q/5iaq9 lRdU2HhE8Qx3FZLgmEKnpNaqIJLNwaCzlrI6hEKNfdWV5Nbb6WLEWLN5xYzTNTOD n3WhUidhOPFZPY5Q4L15POdslv5e2QJltI5c0BE0312/UqeBAMN/mUWZFdUXyApT 7GPzmX3MaRKGwhfwAZ6/hLzRUssbkmbOpFPlob/E2wnW5olWK8jjfN7j/4nlNW4o 6GwLI1GpJQXrSPjdscr6bAhR77cYbETKJuFzxokGgeWKrLDiKca5JLNrRBH0pUPC TEPlcDaMtjNXepUugqD0XBCzYYP2AgWGLnwtbNwDRm41k9V6lS/eINhbfpSQBGq6 WT0EBXWdN6IOLj3rwaRSg/7Qa9RmjtzG6RJOHSpXqhC8fF6CfaamyfItufUXJ63R DolUK5X6wK0dmBR4M0KGCqlztft0DbcbMBnEWg4cJ7faGND/isgFuvGqHKI3t+ZI pEYslOqodmJHixBTB0hXbOKSTbauBcvcwUpej6w9GU7C7WB1K9vBykLVAgMBAAGj YzBhMB8GA1UdIwQYMBaAFHKs5DN5qkWH9v2sHZ7Wxy+G2CQ5MB0GA1UdDgQWBBRy rOQzeapFh/b9rB2e1scvhtgkOTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw AwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAoDtZpwmUPjaE0n4vOaWWl/oRrfxn83EJ 8rKJhGdEr7nv7ZbsnGTbMjBvZ5qsfl+yqwE2foH65IRe0qw24GtixX1LDoJt0nZi 0f6X+J8wfBj5tFJ3gh1229MdqfDBmgC9bXXYfef6xzijnHDoRnkDry5023X4blMM A8iZGok1GTzTyVR8qPAs5m4HeW9q4ebqkYJpCh3DflminmtGFZhb069GHWLIzoBS SRE/yQQSwxN8PzuKlts8oB4KtItUsiRnDe+Cy748fdHif64W1lZYudogsYMVoe+K TTJvQS8TUoKU1xrBeKJR3Stwbbca+few4GeXVtt8YVMJAygCQMez2P2ccGrGKMOF 6eLtGpOg3kuYooQ+BXcBlj37tCAPnHICehIv1aO6UXivKitEZU61/Qrowc15h2Er 3oBXRb9n8ZuRXqWk7FlIEA04x7D6w0RtBPV4UBySllva9bguulvP5fBqnUsvWHMt Ty3EHD70sz+rFQ47GUGKpMFXEmZxTPpT41frYpUJnlTd0cI8Vzy9OK2YZLe4A5pT VmBds9hCG1xLEooc6+t9xnppxyd/pPiL8uSUZodL6ZQHCRJ5irLrdATczvREWeAW ysUsWNc8e89ihmpQfTU2Zqf7N+cox9jQraVplI/owd8k+BsHMYeB2F326CjYSlKA rBPuUBQemMc= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw NzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv b3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD VQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2 MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+6yfwIaPzaSZVfp3F VRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA3GV1 7CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+X Z75Ljo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+ /jXh7VB7qTCNGdMJjmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs 81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkm dtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3F0fUTPHSiXk+TT2YqGHe Oh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJoWjiUIMu sDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fs slESl1MpWtTwEhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQ arMCpgKIv7NHfirZ1fpoeDVNAgMBAAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYD VR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qWDNXr+nuqF+gTEjANBgkqhkiG 9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNmzqjMDfz1mgbl dxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx 0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1Tj TQpgcmLNkQfWpb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBed Y2gea+zDTYa4EzAvXUYNR0PVG6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7 Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpcc41teyWRyu5FrgZLAMzTsVlQ2jqI OylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOTJsjrDNYmiLbAJM+7 vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2qReW t88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcn HL/EVlP6Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVx SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGgTCCBGmgAwIBAgIEUVLFjDANBgkqhkiG9w0BAQ0FADCBzzELMAkGA1UEBhMC VEgxSTBHBgNVBAoMQEVsZWN0cm9uaWMgVHJhbnNhY3Rpb25zIERldmVsb3BtZW50 IEFnZW5jeSAoUHVibGljIE9yZ2FuaXphdGlvbikxNzA1BgNVBAsMLlRoYWlsYW5k IE5hdGlvbmFsIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxPDA6BgNVBAMM M1RoYWlsYW5kIE5hdGlvbmFsIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg LSBHMTAeFw0xMzAzMjcwOTQwMjJaFw0zNjAzMjcxMDEwMjJaMIHPMQswCQYDVQQG EwJUSDFJMEcGA1UECgxARWxlY3Ryb25pYyBUcmFuc2FjdGlvbnMgRGV2ZWxvcG1l bnQgQWdlbmN5IChQdWJsaWMgT3JnYW5pemF0aW9uKTE3MDUGA1UECwwuVGhhaWxh bmQgTmF0aW9uYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTE8MDoGA1UE AwwzVGhhaWxhbmQgTmF0aW9uYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 eSAtIEcxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1rpK5Izxmi6J F8JA84IAMf4TAnplygjYqyKxAppxNEpkWYLlQkbrI/aLWiKxzzbnc20UbfdJlF7v 5zRZZ/aoz1ZZI4RV4vsaEcqj+YqrZx6CE9CLOZq/D8IPPNZh2OqbzxUOvtTwzD9z nAT0onFzfYCwnTHxBvmwE+WISTD2Fn2IVyk6LKKMkJjOERbOTVEP/MeyzPJmGCGA BYitudDFC3gB/k7SCIs28VbPbrpzJgvW96VGamlOlranBlbM5i4xn26L7ZwAVUf0 e6Z6tt8BHUgEC6tCwnBKlL38rFHyqz/W62DfCP/1ErKJKnq5RZklfXzvzxXQSCwQ 1tS8CCe1hinU49PEKpAS9qIq+YuvFv8C83puz6LLarTgcgv7PoV/4ofgL0Mj+IXJ merWQN6g++fedv+PgDnrZxITpvvlo/wmgFlj8tIj6x/GSHNRnbezoFuraoj5v/tx UdxutnbvsFvyy4gwugbbG0HTVbSttOogIfzUd7Y9W6EMLSUhUiNS1zRTbRYEUmb4 1erxLFjyO7HxfkO13IK4XuOH4aOkX+eJDryc6Sk6JafYT2qH1JZElxgWh8JxUoXO eoytHme+ui2/oyEnxecw6QaZG7AM475SZZNNYUvyOOaPGPECUpgupg4dBc8m7AEj Bzb24BM3qUeIA4dHy92yAR9fZBsEm8UCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB /zAOBgNVHQ8BAf8EBAMCAQYwHwYDVR0jBBgwFoAUfyN2t4Mqcfcs0YgP3UxfMgpo u38wHQYDVR0OBBYEFH8jdreDKnH3LNGID91MXzIKaLt/MA0GCSqGSIb3DQEBDQUA A4ICAQANZRxaB6merEzJX0/dMWzZ4lMdP5GNWrOMvTSeLk3KWNOvWWJJNnOwYXYR vos2x5Sq+DZpByDfXC8L9o4CFu9SBjjd7TRgqodeF844bVBN5d/lUb4dBJb03Orl 2eqO3p90y4KUU4Fs+14s1aF1lk37MFzNYaCeocyCuVJyC4djYXthNHS2Lt3i4Ye1 SRRhFUdKSz53uQjSNk9YZ0KJgHhaEiPtRTvdvyAmVPxbP2ABGEHjZ3UTtyoVcMzL edIU+PPC4CoQ9/lC2NzaCtMBBdtXmMm26wyZCsqMfe87FijA91/hR1HT+AZFB/AL usKcmOzSf01+/Qb8c8LCVRJi0CNE3yLk+HnnpRBOPsmOqoPpNuqrecYFhM2WaHx0 rD8y/67JQOyPUL9QqLdO1a02atcnM/rn2C3ZN5iFG6YM6nsQE3AenojF3D6OuQ1V 3wHO0El2UdsQYnhBrWljpZUJtxgGb/0EZ9QQD07bO18MY3zrZL1uSwCogfqSMoYw jAm/fVg/ZQ2pN9FF42ZpxGj0YqmoHjfZLplJoLAGjEB/hbH18UxLOKAIzCrZlsDs wA08LkVXw++V2rbL7ltlqCsyr8kn+RVTN3VYH0vql6IiXGdW4qDMNcSswzFAuZwD er3JSA7qahXanLx4b8kV52QD2UkTZkVLLfSEmbPqpxKV5ZMu/A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDlRydXN0Q29y IEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oXDTI5MTIzMTE3MjgwN1owgZwxCzAJBgNV BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3Ig RUNBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb 3w9U73NjKYKtR8aja+3+XzP4Q1HpGjORMRegdMTUpwHmspI+ap3tDvl0mEDTPwOA BoJA6LHip1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23xFUfJ3zSCNV2HykVh0A5 3ThFEXXQmqc04L/NyFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmcp0yJF4Ou owReUoCLHhIlERnXDH19MURB6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/ wZ0+fyCMgMsq2JdiyIMzkX2woloPV+g7zPIlstR8L+xNxqE6FXrntl019fZISjZF ZtS6mFjBAgMBAAGjYzBhMB0GA1UdDgQWBBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAf BgNVHSMEGDAWgBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAPBgNVHRMBAf8EBTADAQH/ MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEABT41XBVwm8nHc2Fv civUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u/ukZMjgDfxT2 AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11F hcCF5yWPldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50 soIipX1TH0XsJ5F95yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BI WJZpTdwHjFGTot+fDz2LYLSCjaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1Wi tJ/X5g== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYD VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29y IFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0MTIzMjE2WhcNMjkxMjMxMTcyMzE2WjCB pDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFtYTEUMBIGA1UEBwwLUGFuYW1h IENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4gZGUgUi5MLjEnMCUG A1UECwweVHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYDVQQDDBZU cnVzdENvciBSb290Q2VydCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAv463leLCJhJrMxnHQFgKq1mqjQCj/IDHUHuO1CAmujIS2CNUSSUQIpid RtLByZ5OGy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4pQa81QBeCQryJ3pS/C3V seq0iWEk8xoT26nPUu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0JEsq1pme 9J7+wH5COucLlVPat2gOkEz7cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CV EY4hgLW9oHPY0LJ3xEXqWib7ZnZ2+AYfYW0PVcWDtxBWcgYHpfOxGgMFZA6dWorW hnAbJN7+KIor0Gqw/Hqi3LJ5DotlDwIDAQABo2MwYTAdBgNVHQ4EFgQU7mtJPHo/ DeOxCbeKyKsZn3MzUOcwHwYDVR0jBBgwFoAU7mtJPHo/DeOxCbeKyKsZn3MzUOcw DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQAD ggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5mDo4Nvu7Zp5I /5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yf ke+Ri7fc7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZ yonnMlo2HD6CqFqTvsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djts L1Ac59v2Z3kf9YKVmgenFK+P3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdN zl/HHk484IkzlQsPpTLWPFp5LBk= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNV BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEfMB0GA1UEAwwWVHJ1c3RDb3Ig Um9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEyMzExNzI2MzlaMIGk MQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEg Q2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYD VQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRy dXN0Q29yIFJvb3RDZXJ0IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK AoICAQCnIG7CKqJiJJWQdsg4foDSq8GbZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+ QVqedd2NyuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9NkRvRUqdw6VC0xK5mC8tkq 1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1oYxOdqHp 2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nK DOObXUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFapRBF37120Hape az6LMvYHL1cEksr1/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTCHWKF 3wP+TfSvPd9cW436cOGlfifHhi5qjxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88 oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQPeSghYA2FFn3XVDjxklb9tTNM g9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+CtgrKAmrhQhJ8Z3 mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh 8N0JqSDIvgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAd BgNVHQ4EFgQU2f4hQG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6U nrybPZx9mCAZ5YwwYrIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYw DQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/hOsh80QA9z+LqBrWyOrsGS2h60COX dKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnpkpfbsEZC89NiqpX+ MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv2wnL /V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RX CI/hOWB3S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYa ZH9bDTMJBzN7Bj8RpFxwPIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW 2dCFmU2Umw9Lje4AWkcdEQOsQRivh7dvDDqPys/cA8GiCcjl/YBeyGBCARsaU1q7 N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JMLiI+h2IYURpFHmygk71dSTlxCnKr3 Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8hAs/hCBcNANExdqtvArB As8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp 5KeXRKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/D1Fu 1uwJ -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGWDCCBECgAwIBAgIRAI5ZQFi3WJ+9F4SSs8w6x5MwDQYJKoZIhvcNAQELBQAw gbQxCzAJBgNVBAYTAlpBMRAwDgYDVQQIDAdHYXV0ZW5nMRUwEwYDVQQHDAxKb2hh bm5lc2J1cmcxHTAbBgNVBAoMFFRydXN0RmFjdG9yeShQdHkpTHRkMSQwIgYDVQQL DBtUcnVzdEZhY3RvcnkgUEtJIE9wZXJhdGlvbnMxNzA1BgNVBAMMLlRydXN0RmFj dG9yeSBDbGllbnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTcxMjA1 MTE0ODM2WhcNNDcxMTI4MTE0ODM2WjCBtDELMAkGA1UEBhMCWkExEDAOBgNVBAgM B0dhdXRlbmcxFTATBgNVBAcMDEpvaGFubmVzYnVyZzEdMBsGA1UECgwUVHJ1c3RG YWN0b3J5KFB0eSlMdGQxJDAiBgNVBAsMG1RydXN0RmFjdG9yeSBQS0kgT3BlcmF0 aW9uczE3MDUGA1UEAwwuVHJ1c3RGYWN0b3J5IENsaWVudCBSb290IENlcnRpZmlj YXRlIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOrA ZChzgke2wM6tiNzS4e5IUvMQ504IhuAv7zgmShfwe0MbqlFNIjIHU3YKt2Cxqj9H Gkv+mMrz1KhbeN6Tnvw0JXSQ6BbmnWNVPn9Vc6YSb/eoc82WkjGutMQBSF0Rf/Z9 gr5dDemjK+sxLjnmWkqe3AZsKJj2cfzwWkL2u8BBJub5z0Gg+H5swZPF42Pn9pRC JNhrZ9HndRsAjgoEJ8fgGze7XuAuyaUEcw369dY4pKTWBpYWK4AQd9D3afFpkqmq /MMhtv0TMQk4/8P1b+NHsyHo9mXUuNNbLnzdCk+6Sd9qj7BCbLZHaa6zaWuYKGLz /Hf3H3Y0Rji3Ixe51C3aVxgDCaVVnaHyDAC8JTlih9FAB8AOy87UC3pQke+QJw7Y VwCIkuIXyWnBNR6kb8CphjQ3RFK8Q7J9iY+lo1nA0DiMp8tW/RlbwZW15UC9+YLE ySLUMp2Fo+9KdKcVBj5wIkgrDCOs0GJcuXz3hdmN+MXTl49e6vAM0LGaCE+ZBoHk Gil8pPoWJ5tzUanFJPYlGKizMtdK59Na2ZvCMjsEho1Yc1WQLmhISVQ6O+4loJni XANmU8xu1A0RHXmq1PFlC4/NT1QBEAw/XY0AZDQfBiDsodaSC8m+tmKHVAn8/hpz eSERZVye1bOQxaSWviOrfYFZ8TqbV69dgW760UuxAgMBAAGjYzBhMB0GA1UdDgQW BBQ8tpw4Wuy11CILQL5jDwiLKO4MGTAfBgNVHSMEGDAWgBQ8tpw4Wuy11CILQL5j DwiLKO4MGTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG 9w0BAQsFAAOCAgEABTcWLooTAcR8JmnoMwVS/QhaghKNzwoTWXg3usVEFzriFT/z j8zcVy0Toz7leLsrkZ0+4UJsVXVuaCyUP5uCN/w8L34cZvFVyYPSiMCbrJP+2WAv OlMkv7UvVV9hs1NPBNtuNqsdLyjD1SK7GKQnHiun0XxRfoIrd/91dZuJgefQwdvz Gb9LbAcSBA7iBgspSGY6NSbUveEFdCGK9cbPFlArFMVk6hb8TSFVjCjvHMzqEJtN GKqOTdwBxkVN8cdu+0eApzDHJ/ytCoGb91ZV2rsflfdfEHgji6OgZVAEY/M+QXOH FNxagyc40CMPpegsjhYmmevld5V+6Y+Fj0EUkP88icflXIrXYwxpc6U4HW2pYxyV f/filBDQ7VagR6FAJR+5sry6as1eNoAOslWLPEvmgcHKJ2nfsy44/L+zqh2ybSBS 3Iw/G4N6rBt506ToKTAU73iM6T5Y4tnP9XvTYbkcATaw7DCIW5+zGDpG+hbly4S4 OQSXTiQAR10g84zxpG8yA+BKZeWMuhXUVFi8sVB6cC6sQwoN5qbwIi5fShoAbHGT 2xpk7hlxfQW2mIzfgN2KqDooNUMU/vMEOo8hOA9OE4OO39v72drg5fdGPO/a6G5M ngH6MmW7UhMgaTubG3+TzzAzjrOKI/wH02lgEvdEvQMvqPBHFXcn2GG3kLU= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGUTCCBDmgAwIBAgIQaF3MJjngI2bkSp1k044ENTANBgkqhkiG9w0BAQsFADCB sTELMAkGA1UEBhMCWkExEDAOBgNVBAgMB0dhdXRlbmcxFTATBgNVBAcMDEpvaGFu bmVzYnVyZzEdMBsGA1UECgwUVHJ1c3RGYWN0b3J5KFB0eSlMdGQxJDAiBgNVBAsM G1RydXN0RmFjdG9yeSBQS0kgT3BlcmF0aW9uczE0MDIGA1UEAwwrVHJ1c3RGYWN0 b3J5IFNTTCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNzEyMDUxMDU5 MjlaFw00NzExMjgxMDU5MjlaMIGxMQswCQYDVQQGEwJaQTEQMA4GA1UECAwHR2F1 dGVuZzEVMBMGA1UEBwwMSm9oYW5uZXNidXJnMR0wGwYDVQQKDBRUcnVzdEZhY3Rv cnkoUHR5KUx0ZDEkMCIGA1UECwwbVHJ1c3RGYWN0b3J5IFBLSSBPcGVyYXRpb25z MTQwMgYDVQQDDCtUcnVzdEZhY3RvcnkgU1NMIFJvb3QgQ2VydGlmaWNhdGUgQXV0 aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAldFHKO7wVLzr vdWrBn4lpAOq/WB6zje5adopeXdsPX+CNMJd/kKkDUFaANKDpGptweXIUWL6a9XG R9w4bhGQjGgVz+m6WOaai4WBEC3P51NJ6aM3Igy8dLK2JVIRz6IhPImg16QdIxBr HVk7N/RdNjhAtXVCry0aB7yNYxTYSvgime/AWklvq5I/S+ykahg/US7TIOdPLoMG Ol5/FYvP+jUuU7lqGs+n+Dy5yXMXOv2tDVjNknXqP/+5hvP+1aD1Zepj1vqGEbR0 1bVYhKotXUoXvuymJNegvbcYOBZnbhGFW19gUovRz+VC0Jxe9Y6FvfKGbKhV3Osd ev2sKPDE0sepB9ddPhdWlEbum8rEsIwaatfPm86mTC2A+J3xI0CaQCs4VR41A911 2zHUToonb5eOnMx2mR1WrjJMF9kZr6ikzAvKAnUBTj28FPSqO5vQT7fn/lrEztYM czOsqc0six0NIflh5qF24q7wdEkB/DnfqBOSyGOJXrUQ8R0h9tMY+3dMaeJqzOB5 rE6bZM/o4vMiooeenhskDHFm5el25GRUm80N9lF9u58AWh50tNCrjR2rCO8rwtu9 g2HXyWS8D24XxjLfDPOmXu7sIAwqz3pFUHsY1vsSduGvWR+B2jSCNkW/kslVpdZ1 BlmHm6SD3q14eWw8qI+d7lzsPOOJoisCAwEAAaNjMGEwHQYDVR0OBBYEFEI6XjZa 3Buq0KLq9fFEf3Qlc+m9MB8GA1UdIwQYMBaAFEI6XjZa3Buq0KLq9fFEf3Qlc+m9 MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUA A4ICAQAGOiJqHPwbet1ov9VKqL4LYthqZ0k0YBxbs+0lvjYOIFd1A4foZnesd9V3 YZRt6HRxVGv0/Lbyi4pnXx0ECD/+gSDtjzzXR3ZYQtFqxzF0fjRNpntFUXAT+EZE R88N2pYUxoJWPoUa6LKln3/ND2yDguIYB9xmXIrKXaiEL1SMg/DFPEAgMuJP6Fbr lcLkxlD+IuivAVIrla6GVpWnex7GN+419vf7NtDgKt0wMsNtFCXHVdJrI2+QKgpj lnpm6N2Asnn/k2htD7EUU+XOe0zQwSMLOoPkzI773C7ZdFLgUL26Sfh2NBYfaSv0 KIYdTDQVF9p0qHCWXT/CHccEh1Wia7Gy9TVWYru79UfsgrRmahNIeFRjz1+A7JhG xEnJ9KQrlSXHwKPbVly9qva5N+LaROUNS4d5naadH60P/c7pZq3xBJRVSNerJ5Zh Vfk23TXfiFY19mqxk1hYZSq0pd0PTYsHGb2CqnW0QsxVWd6nciiBfqyrG+yAHJhX EhnftyYpMdL6kA1cHjAvKoYuRWPVnuV8cH8CZS4Z9AFG3ty4V52+eT5Ufy6DTnLF zVlhPfegtpOUa10JMCZzOFb8V3iH7+04wg1WMISJmxaOegi1fyYSw1D1Gyqyb5A4 NuA1EUzZHh774biMRaxg4fm1uey/wQl6KSXD6SHL0O+DrCI8aA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBF MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQL ExNUcnVzdGlzIEZQUyBSb290IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTEx MzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1RydXN0aXMgTGltaXRlZDEc MBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQRUN+ AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihH iTHcDnlkH5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjj vSkCqPoc4Vu5g6hBSLwacY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA 0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zto3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlB OrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEAAaNTMFEwDwYDVR0TAQH/ BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAdBgNVHQ4E FgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01 GX2cGE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmW zaD+vkAMXBJV+JOCyinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP4 1BIy+Q7DsdwyhEQsb8tGD+pmQQ9P8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZE f1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHVl/9D7S3B2l0pKoU/rGXuhg8F jZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYliB6XzCGcKQEN ZetX2fNXlrtIzYE= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEJzCCAw+gAwIBAgIHAI4X/iQggTANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UE BhMCVFIxDzANBgNVBAcMBkFua2FyYTFNMEsGA1UECgxEVMOcUktUUlVTVCBCaWxn aSDEsGxldGnFn2ltIHZlIEJpbGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkg QS7Fni4xQjBABgNVBAMMOVTDnFJLVFJVU1QgRWxla3Ryb25payBTZXJ0aWZpa2Eg SGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSBINTAeFw0xMzA0MzAwODA3MDFaFw0yMzA0 MjgwODA3MDFaMIGxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMU0wSwYD VQQKDERUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8 dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLjFCMEAGA1UEAww5VMOcUktUUlVTVCBF bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIEg1MIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCUZ4WWe60ghUEoI5RHwWrom /4NZzkQqL/7hzmAD/I0Dpe3/a6i6zDQGn1k19uwsu537jVJp45wnEFPzpALFp/kR Gml1bsMdi9GYjZOHp3GXDSHHmflS0yxjXVW86B8BSLlg/kJK9siArs1mep5Fimh3 4khon6La8eHBEJ/rPCmBp+EyCNSgBbGM+42WAA4+Jd9ThiI7/PS98wl+d+yG6w8z 5UNP9FR1bSmZLmZaQ9/LXMrI5Tjxfjs1nQ/0xVqhzPMggCTTV+wVunUlm+hkS7M0 hO8EuPbJbKoCPrZV4jI3X/xml1/N1p7HIL9Nxqw/dV8c7TKcfGkAaZHjIxhT6QID AQABo0IwQDAdBgNVHQ4EFgQUVpkHHtOsDGlktAxQR95DLL4gwPswDgYDVR0PAQH/ BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJ5FdnsX SDLyOIspve6WSk6BGLFRRyDN0GSxDsnZAdkJzsiZ3GglE9Rc8qPoBP5yCccLqh0l VX6Wmle3usURehnmp349hQ71+S4pL+f5bFgWV1Al9j4uPqrtd3GqqpmWRgqujuwq URawXs3qZwQcWDD1YIq9pr1N5Za0/EKJAWv2cMhQOQwt1WbZyNKzMrcbGW3LM/nf peYVhDfwwvJllpKQd/Ct9JDpEXjXk4nAPQu6KfTomZ1yju2dL+6SfaHx/126M2CF Yv4HAqGEVka+lgqaE9chTLd8B59OTj+RdPsnnRHM3eaxynFNExc5JsUpISuTKWqW +qtB4Uu2NQvAmxU= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO 0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj 7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS 8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB /zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3 6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/ 3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR 3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3 dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6 38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4 qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0 eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ O+7ETPTsJ3xCwnR8gooJybQDJbw= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa /FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7 sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIF2jCCA8KgAwIBAgIMBfcOhtpJ80Y1LrqyMA0GCSqGSIb3DQEBCwUAMIGIMQsw CQYDVQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28x ITAfBgNVBAoMGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1 c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMx OTM0MTJaFw00MjA4MjMxOTM0MTJaMIGIMQswCQYDVQQGEwJVUzERMA8GA1UECAwI SWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2ZSBI b2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB ALldUShLPDeS0YLOvR29zd24q88KPuFd5dyqCblXAj7mY2Hf8g+CY66j96xz0Xzn swuvCAAJWX/NKSqIk4cXGIDtiLK0thAfLdZfVaITXdHG6wZWiYj+rDKd/VzDBcdu 7oaJuogDnXIhhpCujwOl3J+IKMujkkkP7NAP4m1ET4BqstTnoApTAbqOl5F2brz8 1Ws25kCI1nsvXwXoLG0R8+eyvpJETNKXpP7ScoFDB5zpET71ixpZfR9oWN0EACyW 80OzfpgZdNmcc9kYvkHHNHnZ9GLCQ7mzJ7Aiy/k9UscwR7PJPrhq4ufogXBeQotP JqX+OsIgbrv4Fo7NDKm0G2x2EOFYeUY+VM6AqFcJNykbmROPDMjWLBz7BegIlT1l RtzuzWniTY+HKE40Cz7PFNm73bZQmq131BnW2hqIyE4bJ3XYsgjxroMwuREOzYfw hI0Vcnyh78zyiGG69Gm7DIwLdVcEuE4qFC49DxweMqZiNu5m4iK4BUBjECLzMx10 coos9TkpoNPnG4CELcU9402x/RpvumUHO1jsQkUm+9jaJXLE9gCxInm943xZYkqc BW89zubWR2OZxiRvchLIrH+QtAuRcOi35hYQcRfO3gZPSEF9NUqjifLJS3tBEW1n twiYTOURGa5CgNz7kAXU+FDKvuStx8KU1xad5hePrzb7AgMBAAGjQjBAMA8GA1Ud EwEB/wQFMAMBAf8wHQYDVR0OBBYEFJngGWcNYtt2s9o9uFvo/ULSMQ6HMA4GA1Ud DwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAmHNw4rDT7TnsTGDZqRKGFx6W 0OhUKDtkLSGm+J1WE2pIPU/HPinbbViDVD2HfSMF1OQc3Og4ZYbFdada2zUFvXfe uyk3QAUHw5RSn8pk3fEbK9xGChACMf1KaA0HZJDmHvUqoai7PF35owgLEQzxPy0Q lG/+4jSHg9bP5Rs1bdID4bANqKCqRieCNqcVtgimQlRXtpla4gt5kNdXElE1GYhB aCXUNxeEFfsBctyV3lImIJgm4nb1J2/6ADtKYdkNy1GTKv0WBpanI5ojSP5RvbbE sLFUzt5sQa0WZ37b/TjNuThOssFgy50X31ieemKyJo90lZvkWx3SD92YHJtZuSPT MaCm/zjdzyBP6VhWOmfD0faZmZ26NraAL4hHT4a/RDqA5Dccprrql5gR0IRiR2Qe qu5AvzSxnI9O4fKSTx+O856X3vOmeWqJcU9LJxdI/uz0UA9PSX3MReO9ekDFQdxh VicGaeVyQYHTtgGJoC86cnn+OjC/QezHYj6RS8fZMXZC+fc8Y+wmjHMMfRod6qh8 h6jCJ3zhM0EPz8/8AKAigJ5Kp28AsEFFtyLKaEjFQqKu3R3y4G5OBVixwJAWKqQ9 EEC+j2Jjg6mcgn0tAumDMHzLJ8n9HmYAsC7TIS+OMxZsmO0QqAfWzJPP29FpHOTK yeC2nOnOcXHebD8WpHk= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYD VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x NzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYDVQQGEwJVUzERMA8G A1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0 d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF Q0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqG SM49AwEHA0IABH77bOYj43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoN FWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqmP62jQzBBMA8GA1UdEwEB/wQFMAMBAf8w DwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt0UrrdaVKEJmzsaGLSvcw CgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjzRM4q3wgh DDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICnTCCAiSgAwIBAgIMCL2Fl2yZJ6SAaEc7MAoGCCqGSM49BAMDMIGRMQswCQYD VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 YXZlIEdsb2JhbCBFQ0MgUDM4NCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x NzA4MjMxOTM2NDNaFw00MjA4MjMxOTM2NDNaMIGRMQswCQYDVQQGEwJVUzERMA8G A1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0 d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF Q0MgUDM4NCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTB2MBAGByqGSM49AgEGBSuB BAAiA2IABGvaDXU1CDFHBa5FmVXxERMuSvgQMSOjfoPTfygIOiYaOs+Xgh+AtycJ j9GOMMQKmw6sWASr9zZ9lCOkmwqKi6vr/TklZvFe/oyujUF5nQlgziip04pt89ZF 1PKYhDhloKNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0G A1UdDgQWBBRVqYSJ0sEyvRjLbKYHTsjnnb6CkDAKBggqhkjOPQQDAwNnADBkAjA3 AZKXRRJ+oPM+rRk6ct30UJMDEr5E0k9BpIycnR+j9sKS50gU/k6bpZFXrsY3crsC MGclCrEMXu6pY5Jv5ZAL/mYiykf9ijH3g/56vxC+GCsej/YpHpRZ744hN8tRmKVu Sw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h 2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq 299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3 LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd 7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw ++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt 398znM/jra6O1I7mT1GvFpLgXPYHDw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIID+TCCAuGgAwIBAgIQW1fXqEywr9nTb0ugMbTW4jANBgkqhkiG9w0BAQUFADB5 MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xKjAoBgNVBAMTIVZpc2EgSW5m b3JtYXRpb24gRGVsaXZlcnkgUm9vdCBDQTAeFw0wNTA2MjcxNzQyNDJaFw0yNTA2 MjkxNzQyNDJaMHkxCzAJBgNVBAYTAlVTMQ0wCwYDVQQKEwRWSVNBMS8wLQYDVQQL EyZWaXNhIEludGVybmF0aW9uYWwgU2VydmljZSBBc3NvY2lhdGlvbjEqMCgGA1UE AxMhVmlzYSBJbmZvcm1hdGlvbiBEZWxpdmVyeSBSb290IENBMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyREA4R/QkkfpLx0cYjga/EhIPZpchH0MZsRZ FfP6C2ITtf/Wc+MtgD4yTK0yoiXvni3d+aCtEgK3GDvkdgYrgF76ROJFZwUQjQ9l x42gRT05DbXvWFoy7dTglCZ9z/Tt2Cnktv9oxKgmkeHY/CyfpCBg1S8xth2JlGMR 0ug/GMO5zANuegZOv438p5Lt5So+du2Gl+RMFQqEPwqN5uJSqAe0VtmB4gWdQ8on Bj2ZAM2R73QW7UW0Igt2vA4JaSiNtaAG/Y/58VXWHGgbq7rDtNK1R30X0kJV0rGA ib3RSwB3LpG7bOjbIucV5mQgJoVjoA1e05w6g1x/KmNTmOGRVwIDAQABo30wezAP BgNVHRMBAf8EBTADAQH/MDkGA1UdIAQyMDAwLgYFZ4EDAgEwJTAVBggrBgEFBQcC ARYJMS4yLjMuNC41MAwGCCsGAQUFBwICMAAwDgYDVR0PAQH/BAQDAgEGMB0GA1Ud DgQWBBRPitp2/2d3I5qmgH1924h1hfeBejANBgkqhkiG9w0BAQUFAAOCAQEACUW1 QdUHdDJydgDPmYt+telnG/Su+DPaf1cregzlN43bJaJosMP7NwjoJY/H2He4XLWb 5rXEkl+xH1UyUwF7mtaUoxbGxEvt8hPZSTB4da2mzXgwKvXuHyzF5Qjy1hOB0/pS WaF9ARpVKJJ7TOJQdGKBsF2Ty4fSCLqZLgfxbqwMsd9sysXI3rDXjIhekqvbgeLz PqZr+pfgFhwCCLSMQWl5Ll3u7Qk9wR094DZ6jj6+JCVCRUS3HyabH4OlM0Vc2K+j INsF/64Or7GNtRf9HYEJvrPxHINxl3JVwhYj4ASeaO4KwhVbwtw94Tc/XrGcexDo c5lC3rAi4/UZqweYCw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICWjCCAeCgAwIBAgIPUT6WAAAA3NMGmIxynPplMAoGCCqGSM49BAMDMG8xCzAJ BgNVBAYTAlVTMQ0wCwYDVQQKDARWSVNBMS8wLQYDVQQLDCZWaXNhIEludGVybmF0 aW9uYWwgU2VydmljZSBBc3NvY2lhdGlvbjEgMB4GA1UEAwwXVmlzYSBQdWJsaWMg RUNDIFJvb3QgQ0EwHhcNMjEwMzE2MDAwMDAwWhcNNDEwMzE1MDAwMDAwWjBvMQsw CQYDVQQGEwJVUzENMAsGA1UECgwEVklTQTEvMC0GA1UECwwmVmlzYSBJbnRlcm5h dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xIDAeBgNVBAMMF1Zpc2EgUHVibGlj IEVDQyBSb290IENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEhFb4Pzn95xzPYebJ Lj8eCAPseZ3vHwACobJQ2/lehY9sZumXnw8nPFQX1nFrf1IVffEGWXTkM5Esiw4b 9jGbyCzaMfGykOapi1kKwNftW5Z2AwwirBUhoY/uRdTOVGtNo0IwQDAdBgNVHQ4E FgQUlw0DKwCi65Hv55kDEk4ggy3pR+4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B Af8EBAMCAQYwCgYIKoZIzj0EAwMDaAAwZQIwUFCsnvzNRPPmknNwNVd8LFrTWIRM W6NO7u8dFg74hJP/yUQOphQW8erBKYkcGE7NAjEA6vLFmPljz1/tyPWOMR8myFiW L2TdKUoXrLrVVkZ/ysfOiYXBY/lQlyqNnaCySor9 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFqTCCA5GgAwIBAgIPUT6WAAAA20Qn7qzgvuFIMA0GCSqGSIb3DQEBCwUAMG8x CzAJBgNVBAYTAlVTMQ0wCwYDVQQKDARWSVNBMS8wLQYDVQQLDCZWaXNhIEludGVy bmF0aW9uYWwgU2VydmljZSBBc3NvY2lhdGlvbjEgMB4GA1UEAwwXVmlzYSBQdWJs aWMgUlNBIFJvb3QgQ0EwHhcNMjEwMzE2MDAwMDAwWhcNNDEwMzE1MDAwMDAwWjBv MQswCQYDVQQGEwJVUzENMAsGA1UECgwEVklTQTEvMC0GA1UECwwmVmlzYSBJbnRl cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xIDAeBgNVBAMMF1Zpc2EgUHVi bGljIFJTQSBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA 2WEbXLS3gI6LOY93bP7Kz6EO9L1QXlr8l+fTkJWZldJ6QuwZ1cv4369tfjeJ8O5w SJiDcVw7eNdOP73LfAtwHlTnUnb0e9ILTTipc5bkNnAevocrJACsrpiQ8jBI9ttp cqKUeJgzW4Ie25ypirKroVD42b4E0iICK2cZ5QfD4BSzUnftp4Bqh8AfpGvG1lre CaD53qrsy5SUadY/NaeUGOkqdPvDSNoDIdrbExwnZaSFUmjQT1svKwMqGo2GFrgJ 4cULEp4NNj5rga8YTTZ7Xo5MblHrLpSPOmJev30KWi/BcbvtCNYNWBTg7UMzP3cK MQ1pGLvG2PgvFTZSRvH3QzngJRgrDYYOJ6kj9ave+6yOOFqj80ZCuH0Nugt2mMS3 c3+Nksaw+6H3cQPsE/Gv5zjfsKleRhEFtE1gyrdUg1DMgu8o/YhKM7FAqkXUn74z woRFgx3Mi5OaGTQbg+NlwJgR4sVHXCV4s9b8PjneLhzWMn353SFARF9dnO7LDBqq tT6WltJu1z9x2Ze0UVNZvxKGcyCkLody29O8j9/MGZ8SOSUu4U6NHrebKuuf9Fht n6PqQ4ppkhy6sReXeV5NVGfVpDYY5ZAKEWqTYgMULWpQ2Py4BGpFzBe07jXkyulR poKvz14iXeA0oq16c94DrFYX0jmrWLeU4a/TCZQLFIsCAwEAAaNCMEAwHQYDVR0O BBYEFEtNpg77oBHorQvi8PMKAC+sixb7MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P AQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQC5BU9qQSZYPcgCp2x0Juq59kMm XuBly094DaEnPqvtCgwwAirkv8x8/QSOxiWWiu+nveyuR+j6Gz/fJaV4u+J5QEDy cfk605Mw3HIcJOeZvDgk1eyOmQwUP6Z/BdQTNJmZ92Z8dcG5yWCxLBrqPH7ro3Ss jhYq9duIJU7jfizCJCN4W8tp0D2pWBe1/CYNswP4GMs5jQ5+ZQKN/L5JFdwVTu7X Pt8b5zfgbmmQpVmUn0oFwm3OI++Z6gEpNmW5bd/2oUIZoG96Qff2fauVMAYiWQvN nL3y1gkRguTOSMVUCCiGfdvwu5ygowillvV2nHb7+YibQ9N5Z2spP0o9Zlfzoat2 7WFpyK47TiUdu/4toarLKGZP+hbA/F4xlnM/8EfZkE1DeTTI0lhN3O8yEsHrtRl1 OuQZ/IexHO8UGU6jvn4TWo10HYeXzrGckL7oIXfGTrjPzfY62T5HDW/BAEZS+9Tk ijz25YM0fPPz7IdlEG+k4q4YwZ82j73Y9kDEM5423mrWorq/Bq7I5Y8v0LTY9GWH YrpElYf0WdOXAbsfwQiT6qnRio+p82VyqlY8Jt6VVA6CDy/iHKwcj1ELEnDQfVv9 hedoxmnQ6xe/nK8czclu9hQJRv5Lh9gk9Q8DKK2nmgzZ8SSQ+lr3mSSeY8JOMRlE +RKdOQIChWthTJKh7w== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIF7DCCA9SgAwIBAgIIAlQaqVDXzh8wDQYJKoZIhvcNAQELBQAwYTELMAkGA1UE BhMCQkUxJDAiBgNVBAoMG1pFVEVTIFNBIChWQVRCRS0wNDA4NDI1NjI2KTEMMAoG A1UEBRMDMDAxMR4wHAYDVQQDDBVaRVRFUyBUU1AgUk9PVCBDQSAwMDEwHhcNMTYw NTIwMTMyMzM4WhcNMzYwNTIwMTMyMzM4WjBhMQswCQYDVQQGEwJCRTEkMCIGA1UE CgwbWkVURVMgU0EgKFZBVEJFLTA0MDg0MjU2MjYpMQwwCgYDVQQFEwMwMDExHjAc BgNVBAMMFVpFVEVTIFRTUCBST09UIENBIDAwMTCCAiIwDQYJKoZIhvcNAQEBBQAD ggIPADCCAgoCggIBAKv5lg6EKHY1gSpWPwLt1fFwkQ5AlyJcu5bmmh4OPCuZPC9r NGGrB8xKJhVlngsozAA4D1v2rEZMxVwiiI4j1lYoXnXixE9S4zkEczk55k/386my IOoMJ9LH9HRzO+wkzmFsGpXb3FVCsRaUMfmmfIwU+DiifaC1OZzX1l+VL4VzUb+s qYgcHMkybDgAw6KwK9aPsobKujk4bGeDykeHV4udVqR/dk1IFRazwJeKwgz6ZLAg Q1aMaofDLSEXPl7gCKoat6qEPVYjK4Mx49MC2RIDBcI5r29TVhcDqyMcevC8CheV lyaB73ggPebf9Nq+jl9f0R79mXz3IW1ctwSWYsPTbh3K9++mRZNT3yZ75NRE121/ sFSZfrYn4sO+SmdCBa5qSvLulwZdZ56Bvl/oAFpUSrZM2RUuCPZCGiUZPiuBe1rc GfRqJwLdj5QCl+zilge0VubkLu/dLBaFCPoc9wCWfg7koPopgJC2RFN9O3UV71lG 4crc2JcbkElDly5YBXK0XTEGfTnhdP8aTE2VMuiNpa/0PHv/IBzL8LD3MvPmEsWh 1+SSGelJZ8A8f5u4gt4E8RVX1rAJHjk6a6bi+KafIXCZqLBZeRK6SEbm9XLMzNQP s7dMw6PfLpd4yF97KyEitT6yHNlrQ1GL2yBJjtpqEzQLO071a46HG07GSgArAgMB AAGjgacwgaQwHQYDVR0OBBYEFDi8XDBU3OK7IO/ub0GgMW5c/Yt1MA8GA1UdEwEB /wQFMAMBAf8wHwYDVR0jBBgwFoAUOLxcMFTc4rsg7+5vQaAxblz9i3UwQQYDVR0g BDowODA2BgRVHSAAMC4wLAYIKwYBBQUHAgEWIGh0dHBzOi8vcmVwb3NpdG9yeS50 c3AuemV0ZXMuY29tMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEA nDEKHd7KpKBSsJYq4Pws5aF23BQ4ZYazLtWll/NzYK5GaHWHsTPIEo3ZKaPqH71u /ronUIHhcWzOqzCcJppRcXBnH9FEpxQ0zUbdK+MOZb3GTkNoU7K4sT3wZD0Hh7H5 hzIEepbkQrswKMeaXStrx1AKIbaGIvYSrS4V8LtTqTDKLesCoZRnYxHYt+bzpwsG H5J5ofKrU3s/o0gITPtEAAP/yQDCbMJKxYbEs+pZXA595T+2qU+S4xEEXbd3xjXD sjFz2nfXP38QGa0AIt1DyOASfkSYOFHSOMi2QxpMUV2cOovIPHm43LAe693l5p5E m+lQPcsRvFX+x3RlZQgNpKp3PRwTtpyfFSr5TuE0gnA2c9I0GYRV8w3AT43/Vhaa W2US8DJBnBtYv72vMhB21y0PxTdx5hr9Mea0Nhhs+0v1qjWwbFAt51siSuD6nTkg QcYuACXkkd+bONMFm5z9BGiRuA6CXNg192LcyWAFi5XMP3zrj8b9mp+pbzIBVJpk pN3lxUVe6lXt4UPLreIebgqejjLk4668AdBTBA6dQk02+5nlGukH1FPwRQdCE8dr IT6Et/fFiVdTH/jzTlFb/mcyw1n2kRmIDYBs4d5FCkaZej/MPvAgbPi8z653LPtu 9QsRdouZzq6OM5F4CqUMJLNTD2sR6bOwHWQBLpQdIdU= -----END CERTIFICATE----- osslsigncode-2.9/get_code_signing_ca.py000077500000000000000000000027461464004761700204110ustar00rootroot00000000000000#!/usr/bin/python3 # © 2024 Michal Trojnara # This script downloads Microsoft code signing certificates # Tor is required for this script to work # Redirect the script output to a PEM file from sys import stderr from time import sleep from csv import reader from requests import get from requests.exceptions import RequestException from concurrent.futures import ThreadPoolExecutor def download_cert(hash): for attempt in range(10): if attempt > 0: sleep(10) try: creds = f'{attempt}{hash}:{attempt}{hash}' resp = get(f'https://crt.sh/?d={hash}', proxies=dict(https=f'socks5://{creds}@127.0.0.1:9050')) resp.raise_for_status() print('.', file=stderr, end='') stderr.flush() return resp.content.decode('utf-8') except RequestException as e: print(f'\nAttempt {attempt}: {e}', file=stderr) print('\nGiving up on', hash, file=stderr) resp = get('https://ccadb-public.secure.force.com/microsoft/IncludedCACertificateReportForMSFTCSV') resp.raise_for_status() lines = resp.content.decode('utf-8').splitlines()[1:] hashes = [row[4] for row in reader(lines) if row[0] != 'Disabled' or row[4] == 'F38406E540D7A9D90CB4A9479299640FFB6DF9E224ECC7A01C0D9558D8DAD77D'] with ThreadPoolExecutor(max_workers=20) as executor: certs = executor.map(download_cert, hashes) for cert in certs: if cert is not None: print(cert) print('\nDone', file=stderr) osslsigncode-2.9/helpers.c000066400000000000000000000602101464004761700156760ustar00rootroot00000000000000/* * osslsigncode support library * * Copyright (C) 2021-2023 Michał Trojnara * Author: Małgorzata Olszówka */ #include "osslsigncode.h" #include "helpers.h" /* Prototypes */ static SpcSpOpusInfo *spc_sp_opus_info_create(FILE_FORMAT_CTX *ctx); static int spc_indirect_data_content_create(u_char **blob, int *len, FILE_FORMAT_CTX *ctx); static int pkcs7_signer_info_add_spc_sp_opus_info(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx); static int pkcs7_signer_info_add_signing_time(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx); static int pkcs7_signer_info_add_purpose(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx); static int pkcs7_signer_info_add_sequence_number(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx); static STACK_OF(X509) *X509_chain_get_sorted(FILE_FORMAT_CTX *ctx, int signer); static int X509_compare(const X509 *const *a, const X509 *const *b); /* * Common functions */ /* * [in] infile * [returns] file size */ uint32_t get_file_size(const char *infile) { int ret; #ifdef _WIN32 struct _stat64 st; ret = _stat64(infile, &st); #else struct stat st; ret = stat(infile, &st); #endif if (ret) { fprintf(stderr, "Failed to open file: %s\n", infile); return 0; } if (st.st_size < 4) { fprintf(stderr, "Unrecognized file type - file is too short: %s\n", infile); return 0; } if (st.st_size > UINT32_MAX) { fprintf(stderr, "Unsupported file - too large: %s\n", infile); return 0; } return (uint32_t)st.st_size; } /* * [in] infile: starting address for the new mapping * [returns] pointer to the mapped area */ char *map_file(const char *infile, const size_t size) { char *indata = NULL; #ifdef WIN32 HANDLE fhandle, fmap; (void)size; fhandle = CreateFile(infile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL); if (fhandle == INVALID_HANDLE_VALUE) { return NULL; } fmap = CreateFileMapping(fhandle, NULL, PAGE_READONLY, 0, 0, NULL); CloseHandle(fhandle); if (fmap == NULL) { return NULL; } indata = (char *)MapViewOfFile(fmap, FILE_MAP_READ, 0, 0, 0); CloseHandle(fmap); #else #ifdef HAVE_SYS_MMAN_H int fd = open(infile, O_RDONLY); if (fd < 0) { return NULL; } indata = mmap(0, size, PROT_READ, MAP_PRIVATE, fd, 0); if (indata == MAP_FAILED) { close(fd); return NULL; } close(fd); #else fprintf(stderr, "No file mapping function\n"); return NULL; #endif /* HAVE_SYS_MMAN_H */ #endif /* WIN32 */ return indata; } /* * [in] indata: starting address space * [in] size: mapped area length * [returns] none */ void unmap_file(char *indata, const size_t size) { if (!indata) return; #ifdef WIN32 (void)size; UnmapViewOfFile(indata); #else munmap(indata, size); #endif /* WIN32 */ } /* * Retrieve a decoded PKCS#7 structure * [in] data: encoded PEM or DER data * [in] size: data size * [returns] pointer to PKCS#7 structure */ PKCS7 *pkcs7_read_data(char *data, uint32_t size) { PKCS7 *p7 = NULL; BIO *bio; const char pemhdr[] = "-----BEGIN PKCS7-----"; bio = BIO_new_mem_buf(data, (int)size); if (size >= sizeof pemhdr && !memcmp(data, pemhdr, sizeof pemhdr - 1)) { /* PEM format */ p7 = PEM_read_bio_PKCS7(bio, NULL, NULL, NULL); } else { /* DER format */ p7 = d2i_PKCS7_bio(bio, NULL); } BIO_free_all(bio); return p7; } /* * [in, out] ctx: structure holds input and output data * [out] outdata: BIO outdata file * [in] p7: PKCS#7 signature * [returns] 1 on error or 0 on success */ int data_write_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) { int ret; (void)BIO_reset(outdata); if (ctx->options->output_pkcs7) { /* PEM format */ ret = !PEM_write_bio_PKCS7(outdata, p7); } else { /* default DER format */ ret = !i2d_PKCS7_bio(outdata, p7); } if (ret) { fprintf(stderr, "Unable to write pkcs7 object\n"); } return ret; } /* * Allocate, set type, add content and return a new PKCS#7 signature * [in] ctx: structure holds input and output data * [returns] pointer to PKCS#7 structure */ PKCS7 *pkcs7_create(FILE_FORMAT_CTX *ctx) { int i, signer = -1; PKCS7 *p7; PKCS7_SIGNER_INFO *si = NULL; STACK_OF(X509) *chain = NULL; p7 = PKCS7_new(); PKCS7_set_type(p7, NID_pkcs7_signed); PKCS7_content_new(p7, NID_pkcs7_data); if (ctx->options->cert != NULL) { /* * the private key and corresponding certificate are parsed from the PKCS12 * structure or loaded from the security token, so we may omit to check * the consistency of a private key with the public key in an X509 certificate */ si = PKCS7_add_signature(p7, ctx->options->cert, ctx->options->pkey, ctx->options->md); if (si == NULL) return NULL; /* FAILED */ } else { /* find the signer's certificate located somewhere in the whole certificate chain */ for (i=0; ioptions->certs); i++) { X509 *signcert = sk_X509_value(ctx->options->certs, i); if (X509_check_private_key(signcert, ctx->options->pkey)) { si = PKCS7_add_signature(p7, signcert, ctx->options->pkey, ctx->options->md); signer = i; break; } } if (si == NULL) { fprintf(stderr, "Failed to checking the consistency of a private key: %s\n", ctx->options->keyfile); fprintf(stderr, " with a public key in any X509 certificate: %s\n\n", ctx->options->certfile); return NULL; /* FAILED */ } } if (!pkcs7_signer_info_add_signing_time(si, ctx)) { return NULL; /* FAILED */ } if (!pkcs7_signer_info_add_purpose(si, ctx)) { return NULL; /* FAILED */ } if ((ctx->options->desc || ctx->options->url) && !pkcs7_signer_info_add_spc_sp_opus_info(si, ctx)) { fprintf(stderr, "Couldn't allocate memory for opus info\n"); return NULL; /* FAILED */ } if ((ctx->options->nested_number >= 0) && !pkcs7_signer_info_add_sequence_number(si, ctx)) { return NULL; /* FAILED */ } /* create X509 chain sorted in ascending order by their DER encoding */ chain = X509_chain_get_sorted(ctx, signer); if (chain == NULL) { fprintf(stderr, "Failed to create a sorted certificate chain\n"); return NULL; /* FAILED */ } /* add sorted certificate chain */ for (i=0; ioptions->crls) { for (i=0; ioptions->crls); i++) PKCS7_add_crl(p7, sk_X509_CRL_value(ctx->options->crls, i)); } sk_X509_free(chain); return p7; /* OK */ } /* * PE, MSI, CAB and APPX file specific * Add "1.3.6.1.4.1.311.2.1.4" SPC_INDIRECT_DATA_OBJID signed attribute * [in, out] p7: new PKCS#7 signature * [returns] 0 on error or 1 on success */ int add_indirect_data_object(PKCS7 *p7) { STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_SIGNER_INFO *si; signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return 0; /* FAILED */ si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return 0; /* FAILED */ if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, OBJ_txt2obj(SPC_INDIRECT_DATA_OBJID, 1))) return 0; /* FAILED */ return 1; /* OK */ } /* * PE, MSI, CAB and APPX format specific * Sign the MS Authenticode spcIndirectDataContent blob. * The spcIndirectDataContent structure is used in Authenticode signatures * to store the digest and other attributes of the signed file. * [in, out] p7: new PKCS#7 signature * [in] content: spcIndirectDataContent * [returns] 0 on error or 1 on success */ int sign_spc_indirect_data_content(PKCS7 *p7, ASN1_OCTET_STRING *content) { int len, inf, tag, class; long plen; const u_char *data, *p; PKCS7 *td7; p = data = ASN1_STRING_get0_data(content); len = ASN1_STRING_length(content); inf = ASN1_get_object(&p, &plen, &tag, &class, len); if (inf != V_ASN1_CONSTRUCTED || tag != V_ASN1_SEQUENCE || !pkcs7_sign_content(p7, p, (int)plen)) { fprintf(stderr, "Failed to sign spcIndirectDataContent\n"); return 0; /* FAILED */ } td7 = PKCS7_new(); if (!td7) { fprintf(stderr, "PKCS7_new failed\n"); return 0; /* FAILED */ } td7->type = OBJ_txt2obj(SPC_INDIRECT_DATA_OBJID, 1); td7->d.other = ASN1_TYPE_new(); td7->d.other->type = V_ASN1_SEQUENCE; td7->d.other->value.sequence = ASN1_STRING_new(); ASN1_STRING_set(td7->d.other->value.sequence, data, len); if (!PKCS7_set_content(p7, td7)) { fprintf(stderr, "PKCS7_set_content failed\n"); PKCS7_free(td7); return 0; /* FAILED */ } return 1; /* OK */ } /* * Add encapsulated content to signed PKCS7 structure. * [in] content: spcIndirectDataContent * [returns] new PKCS#7 signature with encapsulated content */ PKCS7 *pkcs7_set_content(ASN1_OCTET_STRING *content) { PKCS7 *p7, *td7; p7 = PKCS7_new(); if (!p7) { return NULL; /* FAILED */ } if (!PKCS7_set_type(p7, NID_pkcs7_signed)) { PKCS7_free(p7); return NULL; /* FAILED */ } if (!PKCS7_content_new(p7, NID_pkcs7_data)) { PKCS7_free(p7); return NULL; /* FAILED */ } td7 = PKCS7_new(); if (!td7) { PKCS7_free(p7); return NULL; /* FAILED */ } td7->type = OBJ_txt2obj(SPC_INDIRECT_DATA_OBJID, 1); td7->d.other = ASN1_TYPE_new(); td7->d.other->type = V_ASN1_SEQUENCE; td7->d.other->value.sequence = content; if (!PKCS7_set_content(p7, td7)) { PKCS7_free(td7); PKCS7_free(p7); return NULL; /* FAILED */ } return p7; } /* * Return spcIndirectDataContent. * [in] hash: message digest BIO * [in] ctx: structure holds input and output data * [returns] content */ ASN1_OCTET_STRING *spc_indirect_data_content_get(BIO *hash, FILE_FORMAT_CTX *ctx) { ASN1_OCTET_STRING *content; u_char mdbuf[5 * EVP_MAX_MD_SIZE + 24]; int mdlen, hashlen, len = 0; u_char *data, *p = NULL; content = ASN1_OCTET_STRING_new(); if (!content) { return NULL; /* FAILED */ } if (!spc_indirect_data_content_create(&p, &len, ctx)) { ASN1_OCTET_STRING_free(content); return NULL; /* FAILED */ } hashlen = ctx->format->hash_length_get(ctx); if (hashlen > EVP_MAX_MD_SIZE) { /* APPX format specific */ mdlen = BIO_read(hash, (char*)mdbuf, hashlen); } else { mdlen = BIO_gets(hash, (char*)mdbuf, EVP_MAX_MD_SIZE); } data = OPENSSL_malloc((size_t)(len + mdlen)); memcpy(data, p, (size_t)len); OPENSSL_free(p); memcpy(data + len, mdbuf, (size_t)mdlen); if (!ASN1_OCTET_STRING_set(content, data, len + mdlen)) { ASN1_OCTET_STRING_free(content); OPENSSL_free(data); return NULL; /* FAILED */ } OPENSSL_free(data); return content; } /* * Signs the data and place the signature in p7 * [in, out] p7: new PKCS#7 signature * [in] data: content data * [in] len: content length */ int pkcs7_sign_content(PKCS7 *p7, const u_char *data, int len) { BIO *p7bio; if ((p7bio = PKCS7_dataInit(p7, NULL)) == NULL) { fprintf(stderr, "PKCS7_dataInit failed\n"); return 0; /* FAILED */ } BIO_write(p7bio, data, len); (void)BIO_flush(p7bio); if (!PKCS7_dataFinal(p7, p7bio)) { fprintf(stderr, "PKCS7_dataFinal failed\n"); BIO_free_all(p7bio); return 0; /* FAILED */ } BIO_free_all(p7bio); return 1; /* OK */ } /* Return the header length (tag and length octets) of the ASN.1 type * [in] p: ASN.1 data * [in] len: ASN.1 data length * [returns] header length */ int asn1_simple_hdr_len(const u_char *p, int len) { if (len <= 2 || p[0] > 0x31) return 0; return (p[1]&0x80) ? (2 + (p[1]&0x7f)) : 2; } /* * [in, out] hash: BIO with message digest method * [in] indata: starting address space * [in] idx: offset * [in] fileend: the length of the hashed area * [returns] 0 on error or 1 on success */ int bio_hash_data(BIO *hash, char *indata, size_t idx, size_t fileend) { while (idx < fileend) { size_t want, written; want = fileend - idx; if (want > SIZE_64K) want = SIZE_64K; if (!BIO_write_ex(hash, indata + idx, want, &written)) return 0; /* FAILED */ idx += written; } return 1; /* OK */ } /* * [in] descript1, descript2: descriptions * [in] mdbuf: message digest * [in] len: message digest length * [returns] none */ void print_hash(const char *descript1, const char *descript2, const u_char *mdbuf, int len) { char *hexbuf = NULL; int size, i, j = 0; size = 2 * len + 1; hexbuf = OPENSSL_malloc((size_t)size); for (i = 0; i < len; i++) { #ifdef WIN32 j += sprintf_s(hexbuf + j, size - j, "%02X", mdbuf[i]); #else j += sprintf(hexbuf + j, "%02X", mdbuf[i]); #endif /* WIN32 */ } printf("%s: %s %s\n", descript1, hexbuf, descript2); OPENSSL_free(hexbuf); } /* * [in] p7: new PKCS#7 signature * [in] objid: Microsoft OID Authenticode * [returns] 0 on error or 1 on success */ int is_content_type(PKCS7 *p7, const char *objid) { ASN1_OBJECT *indir_objid; int ret; indir_objid = OBJ_txt2obj(objid, 1); ret = p7 && PKCS7_type_is_signed(p7) && !OBJ_cmp(p7->d.sign->contents->type, indir_objid) && (p7->d.sign->contents->d.other->type == V_ASN1_SEQUENCE || p7->d.sign->contents->d.other->type == V_ASN1_OCTET_STRING); ASN1_OBJECT_free(indir_objid); return ret; } /* * [in] p7: new PKCS#7 signature * [returns] pointer to MsCtlContent structure */ MsCtlContent *ms_ctl_content_get(PKCS7 *p7) { ASN1_STRING *value; const u_char *data; if (!is_content_type(p7, MS_CTL_OBJID)) { fprintf(stderr, "Failed to find MS_CTL_OBJID\n"); return NULL; /* FAILED */ } value = p7->d.sign->contents->d.other->value.sequence; data = ASN1_STRING_get0_data(value); return d2i_MsCtlContent(NULL, &data, ASN1_STRING_length(value)); } /* * [in] attribute: catalog attribute * [returns] catalog content */ ASN1_TYPE *catalog_content_get(CatalogAuthAttr *attribute) { ASN1_STRING *value; STACK_OF(ASN1_TYPE) *contents; ASN1_TYPE *content; const u_char *contents_data; value = attribute->contents->value.sequence; contents_data = ASN1_STRING_get0_data(value); contents = d2i_ASN1_SET_ANY(NULL, &contents_data, ASN1_STRING_length(value)); if (!contents) return 0; /* FAILED */ content = sk_ASN1_TYPE_value(contents, 0); sk_ASN1_TYPE_free(contents); return content; } /* * PE and CAB format specific * [in] none * [returns] pointer to SpcLink */ SpcLink *spc_link_obsolete_get(void) { const u_char obsolete[] = { 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x4f, 0x00, 0x62, 0x00, 0x73, 0x00, 0x6f, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x74, 0x00, 0x65, 0x00, 0x3e, 0x00, 0x3e, 0x00, 0x3e }; SpcLink *link = SpcLink_new(); link->type = 2; link->value.file = SpcString_new(); link->value.file->type = 0; link->value.file->value.unicode = ASN1_BMPSTRING_new(); ASN1_STRING_set(link->value.file->value.unicode, obsolete, sizeof obsolete); return link; } /* * [in] mdbuf, cmdbuf: message digests * [in] mdtype: message digest algorithm type * [returns] 0 on error or 1 on success */ int compare_digests(u_char *mdbuf, u_char *cmdbuf, int mdtype) { int mdlen = EVP_MD_size(EVP_get_digestbynid(mdtype)); int mdok = !memcmp(mdbuf, cmdbuf, (size_t)mdlen); printf("Message digest algorithm : %s\n", OBJ_nid2sn(mdtype)); print_hash("Current message digest ", "", mdbuf, mdlen); print_hash("Calculated message digest ", mdok ? "\n" : " MISMATCH!!!\n", cmdbuf, mdlen); return mdok; } /* * Helper functions */ /* * [in] ctx: FILE_FORMAT_CTX structure * [returns] pointer to SpcSpOpusInfo structure */ static SpcSpOpusInfo *spc_sp_opus_info_create(FILE_FORMAT_CTX *ctx) { SpcSpOpusInfo *info = SpcSpOpusInfo_new(); if (ctx->options->desc) { info->programName = SpcString_new(); info->programName->type = 1; info->programName->value.ascii = ASN1_IA5STRING_new(); ASN1_STRING_set((ASN1_STRING *)info->programName->value.ascii, ctx->options->desc, (int)strlen(ctx->options->desc)); } if (ctx->options->url) { info->moreInfo = SpcLink_new(); info->moreInfo->type = 0; info->moreInfo->value.url = ASN1_IA5STRING_new(); ASN1_STRING_set((ASN1_STRING *)info->moreInfo->value.url, ctx->options->url, (int)strlen(ctx->options->url)); } return info; } /* * [out] blob: SpcIndirectDataContent data * [out] len: SpcIndirectDataContent data length * [in] ctx: FILE_FORMAT_CTX structure * [returns] 0 on error or 1 on success */ static int spc_indirect_data_content_create(u_char **blob, int *len, FILE_FORMAT_CTX *ctx) { u_char *p = NULL; int mdtype, hashlen, l = 0; void *hash; SpcIndirectDataContent *idc = SpcIndirectDataContent_new(); if (!ctx->format->data_blob_get || !ctx->format->hash_length_get) { return 0; /* FAILED */ } if (ctx->format->md_get) { /* APPX file specific - use a hash algorithm specified in the AppxBlockMap.xml file */ mdtype = EVP_MD_nid(ctx->format->md_get(ctx)); } else { mdtype = EVP_MD_nid(ctx->options->md); } idc->data->value = ASN1_TYPE_new(); idc->data->value->type = V_ASN1_SEQUENCE; idc->data->value->value.sequence = ASN1_STRING_new(); idc->data->type = ctx->format->data_blob_get(&p, &l, ctx); idc->data->value->value.sequence->data = p; idc->data->value->value.sequence->length = l; idc->messageDigest->digestAlgorithm->algorithm = OBJ_nid2obj(mdtype); idc->messageDigest->digestAlgorithm->parameters = ASN1_TYPE_new(); idc->messageDigest->digestAlgorithm->parameters->type = V_ASN1_NULL; hashlen = ctx->format->hash_length_get(ctx); hash = OPENSSL_zalloc((size_t)hashlen); ASN1_OCTET_STRING_set(idc->messageDigest->digest, hash, hashlen); OPENSSL_free(hash); *len = i2d_SpcIndirectDataContent(idc, NULL); *blob = OPENSSL_malloc((size_t)*len); p = *blob; i2d_SpcIndirectDataContent(idc, &p); SpcIndirectDataContent_free(idc); *len -= hashlen; return 1; /* OK */ } /* * [in, out] si: PKCS7_SIGNER_INFO structure * [in] ctx: FILE_FORMAT_CTX structure * [returns] 0 on error or 1 on success */ static int pkcs7_signer_info_add_spc_sp_opus_info(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx) { SpcSpOpusInfo *opus; ASN1_STRING *astr; int len; u_char *p = NULL; opus = spc_sp_opus_info_create(ctx); if ((len = i2d_SpcSpOpusInfo(opus, NULL)) <= 0 || (p = OPENSSL_malloc((size_t)len)) == NULL) { SpcSpOpusInfo_free(opus); return 0; /* FAILED */ } i2d_SpcSpOpusInfo(opus, &p); p -= len; astr = ASN1_STRING_new(); ASN1_STRING_set(astr, p, len); OPENSSL_free(p); SpcSpOpusInfo_free(opus); return PKCS7_add_signed_attribute(si, OBJ_txt2nid(SPC_SP_OPUS_INFO_OBJID), V_ASN1_SEQUENCE, astr); } /* * Add a custom, non-trusted time to the PKCS7 structure to prevent OpenSSL * adding the _current_ time. This allows to create a deterministic signature * when no trusted timestamp server was specified, making osslsigncode * behaviour closer to signtool.exe (which doesn't include any non-trusted * time in this case.) * [in, out] si: PKCS7_SIGNER_INFO structure * [in] ctx: structure holds input and output data * [returns] 0 on error or 1 on success */ static int pkcs7_signer_info_add_signing_time(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx) { if (ctx->options->time == INVALID_TIME) /* -time option was not specified */ return 1; /* SUCCESS */ return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime, V_ASN1_UTCTIME, ASN1_TIME_adj(NULL, ctx->options->time, 0, 0)); } /* * [in, out] si: PKCS7_SIGNER_INFO structure * [in] ctx: structure holds input and output data * [returns] 0 on error or 1 on success */ static int pkcs7_signer_info_add_purpose(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx) { static const u_char purpose_ind[] = { 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x15 }; static const u_char purpose_comm[] = { 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x16 }; ASN1_STRING *purpose = ASN1_STRING_new(); if (ctx->options->comm) { ASN1_STRING_set(purpose, purpose_comm, sizeof purpose_comm); } else { ASN1_STRING_set(purpose, purpose_ind, sizeof purpose_ind); } return PKCS7_add_signed_attribute(si, OBJ_txt2nid(SPC_STATEMENT_TYPE_OBJID), V_ASN1_SEQUENCE, purpose); } /* * [in, out] si: PKCS7_SIGNER_INFO structure * [in] ctx: structure holds input and output data * [returns] 0 on error or 1 on success */ static int pkcs7_signer_info_add_sequence_number(PKCS7_SIGNER_INFO *si, FILE_FORMAT_CTX *ctx) { ASN1_INTEGER *number = ASN1_INTEGER_new(); if (!number) return 0; /* FAILED */ if (!ASN1_INTEGER_set(number, ctx->options->nested_number + 1)) { ASN1_INTEGER_free(number); return 0; /* FAILED */ } return PKCS7_add_signed_attribute(si, OBJ_txt2nid(PKCS9_SEQUENCE_NUMBER), V_ASN1_INTEGER, number); } /* * Create certificate chain sorted in ascending order by their DER encoding. * [in] ctx: structure holds input and output data * [in] signer: signer's certificate number in the certificate chain * [returns] sorted certificate chain */ static STACK_OF(X509) *X509_chain_get_sorted(FILE_FORMAT_CTX *ctx, int signer) { int i; STACK_OF(X509) *chain = sk_X509_new(X509_compare); /* add the signer's certificate */ if (ctx->options->cert != NULL && !sk_X509_push(chain, ctx->options->cert)) { sk_X509_free(chain); return NULL; } if (signer != -1 && !sk_X509_push(chain, sk_X509_value(ctx->options->certs, signer))) { sk_X509_free(chain); return NULL; } /* add the certificate chain */ for (i=0; ioptions->certs); i++) { if (i == signer) continue; if (!sk_X509_push(chain, sk_X509_value(ctx->options->certs, i))) { sk_X509_free(chain); return NULL; } } /* add all cross certificates */ if (ctx->options->xcerts) { for (i=0; ioptions->xcerts); i++) { if (!sk_X509_push(chain, sk_X509_value(ctx->options->xcerts, i))) { sk_X509_free(chain); return NULL; } } } /* sort certificate chain using the supplied comparison function */ sk_X509_sort(chain); return chain; } /* * X.690-compliant certificate comparison function * Windows requires catalog files to use PKCS#7 * content ordering specified in X.690 section 11.6 * https://support.microsoft.com/en-us/topic/october-13-2020-kb4580358-security-only-update-d3f6eb3c-d7c4-a9cb-0de6-759386bf7113 * This algorithm is different from X509_cmp() * [in] a_ptr, b_ptr: pointers to X509 certificates * [returns] certificates order */ static int X509_compare(const X509 *const *a, const X509 *const *b) { u_char *a_data, *b_data, *a_tmp, *b_tmp; size_t a_len, b_len; int ret; a_len = (size_t)i2d_X509(*a, NULL); a_tmp = a_data = OPENSSL_malloc(a_len); i2d_X509(*a, &a_tmp); b_len = (size_t)i2d_X509(*b, NULL); b_tmp = b_data = OPENSSL_malloc(b_len); i2d_X509(*b, &b_tmp); ret = memcmp(a_data, b_data, MIN(a_len, b_len)); OPENSSL_free(a_data); OPENSSL_free(b_data); if (ret == 0 && a_len != b_len) /* identical up to the length of the shorter DER */ ret = a_len < b_len ? -1 : 1; /* shorter is smaller */ return ret; } /* Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: */ osslsigncode-2.9/helpers.h000066400000000000000000000026341464004761700157110ustar00rootroot00000000000000/* * osslsigncode support library * * Copyright (C) 2021-2023 Michał Trojnara * Author: Małgorzata Olszówka */ /* Common functions */ uint32_t get_file_size(const char *infile); char *map_file(const char *infile, const size_t size); void unmap_file(char *indata, const size_t size); PKCS7 *pkcs7_read_data(char *indata, uint32_t size); int data_write_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); PKCS7 *pkcs7_create(FILE_FORMAT_CTX *ctx); int add_indirect_data_object(PKCS7 *p7); int sign_spc_indirect_data_content(PKCS7 *p7, ASN1_OCTET_STRING *content); PKCS7 *pkcs7_set_content(ASN1_OCTET_STRING *content); ASN1_OCTET_STRING *spc_indirect_data_content_get(BIO *hash, FILE_FORMAT_CTX *ctx); int pkcs7_sign_content(PKCS7 *p7, const u_char *data, int len); int asn1_simple_hdr_len(const u_char *p, int len); int bio_hash_data(BIO *hash, char *indata, size_t idx, size_t fileend); void print_hash(const char *descript1, const char *descript2, const u_char *hashbuf, int length); int is_content_type(PKCS7 *p7, const char *objid); MsCtlContent *ms_ctl_content_get(PKCS7 *p7); ASN1_TYPE *catalog_content_get(CatalogAuthAttr *attribute); SpcLink *spc_link_obsolete_get(void); int compare_digests(u_char *mdbuf, u_char *cmdbuf, int mdtype); /* Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: */ osslsigncode-2.9/misc/000077500000000000000000000000001464004761700150245ustar00rootroot00000000000000osslsigncode-2.9/misc/pagehash.py000066400000000000000000000061541464004761700171640ustar00rootroot00000000000000#!/usr/bin/python import struct import sys import hashlib from pyasn1.type import univ from pyasn1.codec.ber import encoder, decoder f = open(sys.argv[1], 'rb') filehdr = f.read(1024) if filehdr[0:2] != 'MZ': print "Not a DOS file." sys.exit(0) pepos = struct.unpack('config.py < * Author: Małgorzata Olszówka * * Reference specifications: * http://en.wikipedia.org/wiki/Compound_File_Binary_Format * https://msdn.microsoft.com/en-us/library/dd942138.aspx * https://github.com/microsoft/compoundfilereader */ #include "osslsigncode.h" #include "helpers.h" #define MAXREGSECT 0xfffffffa /* maximum regular sector number */ #define DIFSECT 0xfffffffc /* specifies a DIFAT sector in the FAT */ #define FATSECT 0xfffffffd /* specifies a FAT sector in the FAT */ #define ENDOFCHAIN 0xfffffffe /* end of a linked chain of sectors */ #define NOSTREAM 0xffffffff /* terminator or empty pointer */ #define FREESECT 0xffffffff /* empty unallocated free sectors */ #define DIR_UNKNOWN 0 #define DIR_STORAGE 1 #define DIR_STREAM 2 #define DIR_ROOT 5 #define RED_COLOR 0 #define BLACK_COLOR 1 #define DIFAT_IN_HEADER 109 #define MINI_STREAM_CUTOFF_SIZE 0x00001000 /* 4096 bytes */ #define HEADER_SIZE 0x200 /* 512 bytes, independent of sector size */ #define MAX_SECTOR_SIZE 0x1000 /* 4096 bytes */ #define HEADER_SIGNATURE 0x00 /* 0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1 */ #define HEADER_CLSID 0x08 /* reserved and unused */ #define HEADER_MINOR_VER 0x18 /* SHOULD be set to 0x003E */ #define HEADER_MAJOR_VER 0x1a /* MUST be set to either 0x0003 (version 3) or 0x0004 (version 4) */ #define HEADER_BYTE_ORDER 0x1c /* 0xfe 0xff == Intel Little Endian */ #define HEADER_SECTOR_SHIFT 0x1e /* MUST be set to 0x0009, or 0x000c */ #define HEADER_MINI_SECTOR_SHIFT 0x20 /* MUST be set to 0x0006 */ #define RESERVED 0x22 /* reserved and unused */ #define HEADER_DIR_SECTORS_NUM 0x28 #define HEADER_FAT_SECTORS_NUM 0x2c #define HEADER_DIR_SECTOR_LOC 0x30 #define HEADER_TRANSACTION 0x34 #define HEADER_MINI_STREAM_CUTOFF 0x38 /* 4096 bytes */ #define HEADER_MINI_FAT_SECTOR_LOC 0x3c #define HEADER_MINI_FAT_SECTORS_NUM 0x40 #define HEADER_DIFAT_SECTOR_LOC 0x44 #define HEADER_DIFAT_SECTORS_NUM 0x48 #define HEADER_DIFAT 0x4c #define DIRENT_SIZE 0x80 /* 128 bytes */ #define DIRENT_MAX_NAME_SIZE 0x40 /* 64 bytes */ #define DIRENT_NAME 0x00 #define DIRENT_NAME_LEN 0x40 /* length in bytes incl 0 terminator */ #define DIRENT_TYPE 0x42 #define DIRENT_COLOUR 0x43 #define DIRENT_LEFT_SIBLING_ID 0x44 #define DIRENT_RIGHT_SIBLING_ID 0x48 #define DIRENT_CHILD_ID 0x4c #define DIRENT_CLSID 0x50 #define DIRENT_STATE_BITS 0x60 #define DIRENT_CREATE_TIME 0x64 #define DIRENT_MODIFY_TIME 0x6c #define DIRENT_START_SECTOR_LOC 0x74 #define DIRENT_FILE_SIZE 0x78 static const u_char msi_magic[] = { 0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1 }; static const u_char digital_signature[] = { 0x05, 0x00, 0x44, 0x00, 0x69, 0x00, 0x67, 0x00, 0x69, 0x00, 0x74, 0x00, 0x61, 0x00, 0x6C, 0x00, 0x53, 0x00, 0x69, 0x00, 0x67, 0x00, 0x6E, 0x00, 0x61, 0x00, 0x74, 0x00, 0x75, 0x00, 0x72, 0x00, 0x65, 0x00, 0x00, 0x00 }; static const u_char digital_signature_ex[] = { 0x05, 0x00, 0x4D, 0x00, 0x73, 0x00, 0x69, 0x00, 0x44, 0x00, 0x69, 0x00, 0x67, 0x00, 0x69, 0x00, 0x74, 0x00, 0x61, 0x00, 0x6C, 0x00, 0x53, 0x00, 0x69, 0x00, 0x67, 0x00, 0x6E, 0x00, 0x61, 0x00, 0x74, 0x00, 0x75, 0x00, 0x72, 0x00, 0x65, 0x00, 0x45, 0x00, 0x78, 0x00, 0x00, 0x00 }; static const u_char msi_root_entry[] = { 0x52, 0x00, 0x6F, 0x00, 0x6F, 0x00, 0x74, 0x00, 0x20, 0x00, 0x45, 0x00, 0x6E, 0x00, 0x74, 0x00, 0x72, 0x00, 0x79, 0x00, 0x00, 0x00 }; static const u_char msi_zeroes[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; typedef struct { u_char signature[8]; /* 0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1 */ u_char unused_clsid[16]; /* reserved and unused */ uint16_t minorVersion; uint16_t majorVersion; uint16_t byteOrder; uint16_t sectorShift; /* power of 2 */ uint16_t miniSectorShift; /* power of 2 */ u_char reserved[6]; /* reserved and unused */ uint32_t numDirectorySector; uint32_t numFATSector; uint32_t firstDirectorySectorLocation; uint32_t transactionSignatureNumber; /* reserved */ uint32_t miniStreamCutoffSize; uint32_t firstMiniFATSectorLocation; uint32_t numMiniFATSector; uint32_t firstDIFATSectorLocation; uint32_t numDIFATSector; uint32_t headerDIFAT[DIFAT_IN_HEADER]; } MSI_FILE_HDR; typedef struct { u_char name[DIRENT_MAX_NAME_SIZE]; uint16_t nameLen; uint8_t type; uint8_t colorFlag; uint32_t leftSiblingID; uint32_t rightSiblingID; uint32_t childID; u_char clsid[16]; u_char stateBits[4]; u_char creationTime[8]; u_char modifiedTime[8]; uint32_t startSectorLocation; u_char size[8]; } MSI_ENTRY; typedef struct msi_dirent_struct { u_char name[DIRENT_MAX_NAME_SIZE]; uint16_t nameLen; uint8_t type; MSI_ENTRY *entry; STACK_OF(MSI_DIRENT) *children; struct msi_dirent_struct *next; /* for cycle detection */ } MSI_DIRENT; DEFINE_STACK_OF(MSI_DIRENT) typedef struct { const u_char *m_buffer; uint32_t m_bufferLen; MSI_FILE_HDR *m_hdr; uint32_t m_sectorSize; uint32_t m_minisectorSize; uint32_t m_miniStreamStartSector; } MSI_FILE; typedef struct { char *header; char *ministream; char *minifat; char *fat; char *difat; uint32_t dirtreeLen; uint32_t miniStreamLen; uint32_t minifatLen; uint32_t fatLen; uint32_t difatLen; uint32_t ministreamsMemallocCount; uint32_t minifatMemallocCount; uint32_t fatMemallocCount; uint32_t difatMemallocCount; uint32_t dirtreeSectorsCount; uint32_t minifatSectorsCount; uint32_t fatSectorsCount; uint32_t miniSectorNum; uint32_t sectorNum; uint32_t sectorSize; } MSI_OUT; struct msi_ctx_st { MSI_FILE *msi; MSI_DIRENT *dirent; u_char *p_msiex; /* MsiDigitalSignatureEx stream data */ uint32_t len_msiex; /* MsiDigitalSignatureEx stream data length */ uint32_t fileend; }; /* FILE_FORMAT method prototypes */ static FILE_FORMAT_CTX *msi_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata); static ASN1_OBJECT *msi_spc_sip_info_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx); static PKCS7 *msi_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md); static int msi_hash_length_get(FILE_FORMAT_CTX *ctx); static u_char *msi_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md); static int msi_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7); static PKCS7 *msi_pkcs7_extract(FILE_FORMAT_CTX *ctx); static PKCS7 *msi_pkcs7_extract_to_nest(FILE_FORMAT_CTX *ctx); static int msi_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static int msi_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static PKCS7 *msi_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash); static int msi_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); static void msi_bio_free(BIO *hash, BIO *outdata); static void msi_ctx_cleanup(FILE_FORMAT_CTX *ctx); static int msi_is_detaching_supported(void); FILE_FORMAT file_format_msi = { .ctx_new = msi_ctx_new, .data_blob_get = msi_spc_sip_info_get, .pkcs7_contents_get = msi_pkcs7_contents_get, .hash_length_get = msi_hash_length_get, .digest_calc = msi_digest_calc, .verify_digests = msi_verify_digests, .pkcs7_extract = msi_pkcs7_extract, .pkcs7_extract_to_nest = msi_pkcs7_extract_to_nest, .remove_pkcs7 = msi_remove_pkcs7, .process_data = msi_process_data, .pkcs7_signature_new = msi_pkcs7_signature_new, .append_pkcs7 = msi_append_pkcs7, .bio_free = msi_bio_free, .ctx_cleanup = msi_ctx_cleanup, .is_detaching_supported = msi_is_detaching_supported }; /* Prototypes */ static MSI_CTX *msi_ctx_get(char *indata, uint32_t filesize); static PKCS7 *msi_pkcs7_get_digital_signature(FILE_FORMAT_CTX *ctx, MSI_ENTRY *ds); static int recurse_entry(MSI_FILE *msi, uint32_t entryID, MSI_DIRENT *parent); static int msi_file_write(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p_msi, uint32_t len_msi, u_char *p_msiex, uint32_t len_msiex, BIO *outdata); static MSI_ENTRY *msi_signatures_get(MSI_DIRENT *dirent, MSI_ENTRY **dse); static int msi_file_read(MSI_FILE *msi, MSI_ENTRY *entry, uint32_t offset, char *buffer, uint32_t len); static int msi_dirent_delete(MSI_DIRENT *dirent, const u_char *name, uint16_t nameLen); static BIO *msi_digest_calc_bio(FILE_FORMAT_CTX *ctx, BIO *hash); static int msi_calc_MsiDigitalSignatureEx(FILE_FORMAT_CTX *ctx, BIO *hash); static int msi_check_MsiDigitalSignatureEx(FILE_FORMAT_CTX *ctx, MSI_ENTRY *dse, PKCS7 *p7); static int msi_hash_dir(MSI_FILE *msi, MSI_DIRENT *dirent, BIO *hash, int is_root); static MSI_ENTRY *msi_root_entry_get(MSI_FILE *msi); static void msi_file_free(MSI_FILE *msi); static MSI_FILE *msi_file_new(char *buffer, uint32_t len); static int msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent, MSI_DIRENT **ret); static void msi_dirent_free(MSI_DIRENT *dirent); static int msi_prehash_dir(MSI_DIRENT *dirent, BIO *hash, int is_root); static int msi_check_file(FILE_FORMAT_CTX *ctx); /* * FILE_FORMAT method definitions */ /* * Allocate and return a MSI file format context. * [in, out] options: structure holds the input data * [out] hash: message digest BIO * [in] outdata: outdata file BIO (unused) * [returns] pointer to MSI file format context */ static FILE_FORMAT_CTX *msi_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata) { FILE_FORMAT_CTX *ctx; MSI_CTX *msi_ctx; uint32_t filesize; /* squash the unused parameter warning */ (void)outdata; filesize = get_file_size(options->infile); if (filesize == 0) return NULL; /* FAILED */ options->indata = map_file(options->infile, filesize); if (!options->indata) { return NULL; /* FAILED */ } if (memcmp(options->indata, msi_magic, sizeof msi_magic)) { unmap_file(options->indata, filesize); return NULL; /* FAILED */ } msi_ctx = msi_ctx_get(options->indata, filesize); if (!msi_ctx) { unmap_file(options->indata, filesize); return NULL; /* FAILED */ } ctx = OPENSSL_malloc(sizeof(FILE_FORMAT_CTX)); ctx->format = &file_format_msi; ctx->options = options; ctx->msi_ctx = msi_ctx; if (hash) BIO_push(hash, BIO_new(BIO_s_null())); if (options->pagehash == 1) printf("Warning: -ph option is only valid for PE files\n"); if (options->jp >= 0) printf("Warning: -jp option is only valid for CAB files\n"); return ctx; } /* * Allocate and return SpcSipInfo object. * Subject Interface Package (SIP) is an internal Microsoft API for * transforming arbitrary files into a digestible stream. * These ClassIDs are found in the indirect data section and identify * the type of processor needed to validate the signature. * [out] p: SpcSipInfo data * [out] plen: SpcSipInfo data length * [in] ctx: structure holds input and output data (unused) * [returns] pointer to ASN1_OBJECT structure corresponding to SPC_SIPINFO_OBJID */ static ASN1_OBJECT *msi_spc_sip_info_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx) { const u_char SpcUUIDSipInfoMsi[] = { 0xf1, 0x10, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46 }; ASN1_OBJECT *dtype; SpcSipInfo *si = SpcSipInfo_new(); /* squash the unused parameter warning */ (void)ctx; ASN1_INTEGER_set(si->a, 1); ASN1_INTEGER_set(si->b, 0); ASN1_INTEGER_set(si->c, 0); ASN1_INTEGER_set(si->d, 0); ASN1_INTEGER_set(si->e, 0); ASN1_INTEGER_set(si->f, 0); ASN1_OCTET_STRING_set(si->string, SpcUUIDSipInfoMsi, sizeof SpcUUIDSipInfoMsi); *plen = i2d_SpcSipInfo(si, NULL); *p = OPENSSL_malloc((size_t)*plen); i2d_SpcSipInfo(si, p); *p -= *plen; dtype = OBJ_txt2obj(SPC_SIPINFO_OBJID, 1); SpcSipInfo_free(si); return dtype; /* OK */ } /* * Allocate and return a data content to be signed. * [in] ctx: structure holds input and output data * [in] hash: message digest BIO * [in] md: message digest algorithm * [returns] data content */ static PKCS7 *msi_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md) { ASN1_OCTET_STRING *content; /* squash the unused parameter warning, use initialized message digest BIO */ (void)md; if (ctx->options->add_msi_dse && !msi_calc_MsiDigitalSignatureEx(ctx, hash)) { fprintf(stderr, "Unable to calc MsiDigitalSignatureEx\n"); return NULL; /* FAILED */ } if (!msi_hash_dir(ctx->msi_ctx->msi, ctx->msi_ctx->dirent, hash, 1)) { fprintf(stderr, "Unable to msi_handle_dir()\n"); return NULL; /* FAILED */ } content = spc_indirect_data_content_get(hash, ctx); return pkcs7_set_content(content); } /* * Compute a simple sha1/sha256 message digest of the MSI file * for use with a catalog file. * [in] ctx: structure holds input and output data * [in] md: message digest algorithm * [returns] pointer to calculated message digest */ static u_char *msi_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md) { u_char *mdbuf = NULL; BIO *bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } BIO_push(bhash, BIO_new(BIO_s_null())); if (!bio_hash_data(bhash, ctx->options->indata, 0, ctx->msi_ctx->fileend)) { fprintf(stderr, "Unable to calculate digest\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } mdbuf = OPENSSL_malloc((size_t)EVP_MD_size(md)); BIO_gets(bhash, (char *)mdbuf, EVP_MD_size(md)); BIO_free_all(bhash); return mdbuf; /* OK */ } /* * Calculate DigitalSignature and MsiDigitalSignatureEx and compare to values * retrieved from PKCS#7 signedData. * [in] ctx: structure holds input and output data * [in] p7: PKCS#7 signature * [returns] 0 on error or 1 on success */ static int msi_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) { int mdok, mdlen, mdtype = -1; u_char mdbuf[EVP_MAX_MD_SIZE]; u_char cmdbuf[EVP_MAX_MD_SIZE]; u_char cexmdbuf[EVP_MAX_MD_SIZE]; u_char *cdigest = NULL; const EVP_MD *md; BIO *hash; if (is_content_type(p7, SPC_INDIRECT_DATA_OBJID)) { ASN1_STRING *content_val = p7->d.sign->contents->d.other->value.sequence; const u_char *p = content_val->data; SpcIndirectDataContent *idc = d2i_SpcIndirectDataContent(NULL, &p, content_val->length); if (idc) { if (idc->messageDigest && idc->messageDigest->digest && idc->messageDigest->digestAlgorithm) { mdtype = OBJ_obj2nid(idc->messageDigest->digestAlgorithm->algorithm); memcpy(mdbuf, idc->messageDigest->digest->data, (size_t)idc->messageDigest->digest->length); } SpcIndirectDataContent_free(idc); } } if (mdtype == -1) { fprintf(stderr, "Failed to extract current message digest\n\n"); return 0; /* FAILED */ } printf("Message digest algorithm : %s\n", OBJ_nid2sn(mdtype)); md = EVP_get_digestbynid(mdtype); hash = BIO_new(BIO_f_md()); if (!BIO_set_md(hash, md)) { fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(hash); return 0; /* FAILED */ } BIO_push(hash, BIO_new(BIO_s_null())); if (ctx->msi_ctx->p_msiex) { BIO *prehash = BIO_new(BIO_f_md()); if (EVP_MD_size(md) != (int)ctx->msi_ctx->len_msiex) { fprintf(stderr, "Incorrect MsiDigitalSignatureEx stream data length\n\n"); BIO_free_all(hash); BIO_free_all(prehash); return 0; /* FAILED */ } if (!BIO_set_md(prehash, md)) { fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(hash); BIO_free_all(prehash); return 0; /* FAILED */ } BIO_push(prehash, BIO_new(BIO_s_null())); print_hash("Current MsiDigitalSignatureEx ", "", (u_char *)ctx->msi_ctx->p_msiex, (int)ctx->msi_ctx->len_msiex); if (!msi_prehash_dir(ctx->msi_ctx->dirent, prehash, 1)) { fprintf(stderr, "Failed to calculate pre-hash used for MsiDigitalSignatureEx\n\n"); BIO_free_all(hash); BIO_free_all(prehash); return 0; /* FAILED */ } BIO_gets(prehash, (char*)cexmdbuf, EVP_MAX_MD_SIZE); BIO_free_all(prehash); BIO_write(hash, (char*)cexmdbuf, EVP_MD_size(md)); print_hash("Calculated MsiDigitalSignatureEx ", "", cexmdbuf, EVP_MD_size(md)); } if (!msi_hash_dir(ctx->msi_ctx->msi, ctx->msi_ctx->dirent, hash, 1)) { fprintf(stderr, "Failed to calculate DigitalSignature\n\n"); BIO_free_all(hash); return 0; /* FAILED */ } print_hash("Current DigitalSignature ", "", mdbuf, EVP_MD_size(md)); BIO_gets(hash, (char*)cmdbuf, EVP_MAX_MD_SIZE); BIO_free_all(hash); mdok = !memcmp(mdbuf, cmdbuf, (size_t)EVP_MD_size(md)); print_hash("Calculated DigitalSignature ", mdok ? "" : " MISMATCH!!!\n", cmdbuf, EVP_MD_size(md)); if (!mdok) { fprintf(stderr, "Signature verification: failed\n\n"); return 0; /* FAILED */ } cdigest = msi_digest_calc(ctx, md); if (!cdigest) { fprintf(stderr, "Failed to calculate simple message digest\n\n"); return 0; /* FAILED */ } mdlen = EVP_MD_size(EVP_get_digestbynid(mdtype)); print_hash("Calculated message digest ", "\n", cdigest, mdlen); OPENSSL_free(cdigest); return 1; /* OK */ } /* * Extract existing signature in DER format. * [in] ctx: structure holds input and output data * [returns] pointer to PKCS#7 structure */ static PKCS7 *msi_pkcs7_extract(FILE_FORMAT_CTX *ctx) { PKCS7 *p7; MSI_ENTRY *ds; if (!msi_check_file(ctx)) { return NULL; /* FAILED, no signature */ } ds = msi_signatures_get(ctx->msi_ctx->dirent, NULL); if (!ds) { fprintf(stderr, "MSI file has no signature\n"); return NULL; /* FAILED */ } p7 = msi_pkcs7_get_digital_signature(ctx, ds); if (!p7) { fprintf(stderr, "Unable to extract existing signature\n"); return NULL; /* FAILED */ } return p7; } /* * Extract existing signature in DER format. * Perform a sanity check for the MsiDigitalSignatureEx section. * [in] ctx: structure holds input and output data * [returns] pointer to PKCS#7 structure */ static PKCS7 *msi_pkcs7_extract_to_nest(FILE_FORMAT_CTX *ctx) { PKCS7 *p7; MSI_ENTRY *ds, *dse = NULL; if (!msi_check_file(ctx)) { return NULL; /* FAILED, no signature */ } ds = msi_signatures_get(ctx->msi_ctx->dirent, &dse); if (!ds) { fprintf(stderr, "MSI file has no signature\n"); return NULL; /* FAILED */ } p7 = msi_pkcs7_get_digital_signature(ctx, ds); if (!p7) { fprintf(stderr, "Unable to extract existing signature\n"); return NULL; /* FAILED */ } /* perform a sanity check for the MsiDigitalSignatureEx section */ if (!msi_check_MsiDigitalSignatureEx(ctx, dse, p7)) { PKCS7_free(p7); return NULL; /* FAILED */ } return p7; } /* * Remove existing signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO (unused) * [out] outdata: outdata file BIO * [returns] 1 on error or 0 on success */ static int msi_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { MSI_ENTRY *ds; /* squash the unused parameter warning */ (void)hash; ds = msi_signatures_get(ctx->msi_ctx->dirent, NULL); if (!ds) { return 1; /* FAILED, no signature */ } if (!msi_dirent_delete(ctx->msi_ctx->dirent, digital_signature_ex, sizeof digital_signature_ex)) { return 1; /* FAILED */ } if (!msi_dirent_delete(ctx->msi_ctx->dirent, digital_signature, sizeof digital_signature)) { return 1; /* FAILED */ } if (!msi_file_write(ctx->msi_ctx->msi, ctx->msi_ctx->dirent, NULL, 0, NULL, 0, outdata)) { fprintf(stderr, "Saving the msi file failed\n"); return 1; /* FAILED */ } return 0; /* OK */ } /* * Calculate a hash (message digest) of data. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO (unused) * [returns] 1 on error or 0 on success */ static int msi_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { /* squash the unused parameter warning */ (void)outdata; hash = msi_digest_calc_bio(ctx, hash); if (!hash) { return 0; /* FAILED */ } return 1; /* OK */ } /* * Create a new PKCS#7 signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [returns] pointer to PKCS#7 structure */ static PKCS7 *msi_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash) { ASN1_OCTET_STRING *content; PKCS7 *p7 = pkcs7_create(ctx); if (!p7) { fprintf(stderr, "Creating a new signature failed\n"); return NULL; /* FAILED */ } if (!add_indirect_data_object(p7)) { fprintf(stderr, "Adding SPC_INDIRECT_DATA_OBJID failed\n"); PKCS7_free(p7); return NULL; /* FAILED */ } content = spc_indirect_data_content_get(hash, ctx); if (!content) { fprintf(stderr, "Failed to get spcIndirectDataContent\n"); return NULL; /* FAILED */ } if (!sign_spc_indirect_data_content(p7, content)) { fprintf(stderr, "Failed to set signed content\n"); PKCS7_free(p7); ASN1_OCTET_STRING_free(content); return NULL; /* FAILED */ } ASN1_OCTET_STRING_free(content); return p7; } /* * Append signature to the outfile. * [in, out] ctx: structure holds input and output data * [out] outdata: outdata file BIO * [in] p7: PKCS#7 signature * [returns] 1 on error or 0 on success */ static int msi_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) { u_char *p = NULL; int len; /* signature length */ if (((len = i2d_PKCS7(p7, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { fprintf(stderr, "i2d_PKCS memory allocation failed: %d\n", len); return 1; /* FAILED */ } i2d_PKCS7(p7, &p); p -= len; if (!msi_file_write(ctx->msi_ctx->msi, ctx->msi_ctx->dirent, p, (uint32_t)len, ctx->msi_ctx->p_msiex, ctx->msi_ctx->len_msiex, outdata)) { fprintf(stderr, "Saving the msi file failed\n"); OPENSSL_free(p); return 1; /* FAILED */ } OPENSSL_free(p); return 0; /* OK */ } /* * Free up an entire outdata BIO chain. * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] none */ static void msi_bio_free(BIO *hash, BIO *outdata) { BIO_free_all(hash); BIO_free_all(outdata); } /* * Deallocate a FILE_FORMAT_CTX structure and MSI format specific structures, * unmap indata file. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] none */ static void msi_ctx_cleanup(FILE_FORMAT_CTX *ctx) { unmap_file(ctx->options->indata, ctx->msi_ctx->fileend); msi_file_free(ctx->msi_ctx->msi); msi_dirent_free(ctx->msi_ctx->dirent); OPENSSL_free(ctx->msi_ctx->p_msiex); OPENSSL_free(ctx->msi_ctx); OPENSSL_free(ctx); } static int msi_is_detaching_supported(void) { return 1; /* OK */ } /* * MSI helper functions */ /* * Verify mapped MSI file and create MSI format specific structure. * [in] indata: mapped MSI file * [in] filesize: size of MSI file * [returns] pointer to MSI format specific structure */ static MSI_CTX *msi_ctx_get(char *indata, uint32_t filesize) { MSI_ENTRY *root; MSI_FILE *msi; MSI_DIRENT *dirent; MSI_CTX *msi_ctx; msi = msi_file_new(indata, filesize); if (!msi) { fprintf(stderr, "Failed to parse MSI_FILE struct\n"); return NULL; /* FAILED */ } root = msi_root_entry_get(msi); if (!root) { fprintf(stderr, "Failed to get file entry\n"); msi_file_free(msi); return NULL; /* FAILED */ } if (!msi_dirent_new(msi, root, NULL, &(dirent))) { fprintf(stderr, "Failed to parse MSI_DIRENT struct\n"); msi_file_free(msi); if (dirent) msi_dirent_free(dirent); return NULL; /* FAILED */ } msi_ctx = OPENSSL_zalloc(sizeof(MSI_CTX)); msi_ctx->msi = msi; msi_ctx->dirent = dirent; msi_ctx->fileend = filesize; return msi_ctx; /* OK */ } static PKCS7 *msi_pkcs7_get_digital_signature(FILE_FORMAT_CTX *ctx, MSI_ENTRY *ds) { PKCS7 *p7 = NULL; const u_char *blob; char *p; uint32_t len = GET_UINT32_LE(ds->size); if (len == 0 || len >= MAXREGSECT) { fprintf(stderr, "Corrupted DigitalSignature stream length 0x%08X\n", len); return NULL; /* FAILED */ } p = OPENSSL_malloc((size_t)len); if (!msi_file_read(ctx->msi_ctx->msi, ds, 0, p, len)) { fprintf(stderr, "DigitalSignature stream data error\n"); OPENSSL_free(p); return NULL; } blob = (u_char *)p; p7 = d2i_PKCS7(NULL, &blob, len); OPENSSL_free(p); if (!p7) { fprintf(stderr, "Failed to extract PKCS7 data\n"); return NULL; } return p7; } /* Get absolute address from sector and offset */ static const u_char *sector_offset_to_address(MSI_FILE *msi, uint32_t sector, uint32_t offset) { if (sector >= MAXREGSECT || offset >= msi->m_sectorSize || (msi->m_bufferLen - offset) / msi->m_sectorSize <= sector) { fprintf(stderr, "Corrupted file\n"); return NULL; /* FAILED */ } return msi->m_buffer + (sector + 1) * msi->m_sectorSize + offset; } static uint32_t get_fat_sector_location(MSI_FILE *msi, uint32_t fatSectorNumber) { uint32_t entriesPerSector, difatSectorLocation, fatSectorLocation; const u_char *address; if (fatSectorNumber < DIFAT_IN_HEADER) { return LE_UINT32(msi->m_hdr->headerDIFAT[fatSectorNumber]); } else { fatSectorNumber -= DIFAT_IN_HEADER; entriesPerSector = msi->m_sectorSize / 4 - 1; difatSectorLocation = msi->m_hdr->firstDIFATSectorLocation; while (fatSectorNumber >= entriesPerSector) { fatSectorNumber -= entriesPerSector; address = sector_offset_to_address(msi, difatSectorLocation, msi->m_sectorSize - 4); if (!address) { fprintf(stderr, "Failed to get a next sector address\n"); return NOSTREAM; /* FAILED */ } difatSectorLocation = GET_UINT32_LE(address); } address = sector_offset_to_address(msi, difatSectorLocation, fatSectorNumber * 4); if (!address) { fprintf(stderr, "Failed to get a next sector address\n"); return NOSTREAM; /* FAILED */ } fatSectorLocation = GET_UINT32_LE(address); if (fatSectorLocation == 0 || fatSectorLocation >= FREESECT) { fprintf(stderr, "Get corrupted sector location 0x%08X\n", fatSectorLocation); return NOSTREAM; /* FAILED */ } return fatSectorLocation; } } /* Lookup FAT */ static uint32_t get_next_sector(MSI_FILE *msi, uint32_t sector) { const u_char *address; uint32_t nextSectorLocation; uint32_t entriesPerSector = msi->m_sectorSize / 4; uint32_t fatSectorNumber = sector / entriesPerSector; uint32_t fatSectorLocation = get_fat_sector_location(msi, fatSectorNumber); if (fatSectorLocation == NOSTREAM) { fprintf(stderr, "Failed to get a fat sector location\n"); return NOSTREAM; /* FAILED */ } address = sector_offset_to_address(msi, fatSectorLocation, sector % entriesPerSector * 4); if (!address) { fprintf(stderr, "Failed to get a next sector address\n"); return NOSTREAM; /* FAILED */ } nextSectorLocation = GET_UINT32_LE(address); if (nextSectorLocation == 0 || nextSectorLocation >= FREESECT) { fprintf(stderr, "Get corrupted sector location 0x%08X\n", nextSectorLocation); return NOSTREAM; /* FAILED */ } return nextSectorLocation; } /* Locate the final sector/offset when original offset expands multiple sectors */ static int locate_final_sector(MSI_FILE *msi, uint32_t sector, uint32_t offset, uint32_t *finalSector, uint32_t *finalOffset) { while (offset >= msi->m_sectorSize) { offset -= msi->m_sectorSize; sector = get_next_sector(msi, sector); if (sector == NOSTREAM) { fprintf(stderr, "Failed to get a next sector\n"); return 0; /* FAILED */ } } *finalSector = sector; *finalOffset = offset; return 1; /* OK */ } /* Get absolute address from mini sector and offset */ static const u_char *mini_sector_offset_to_address(MSI_FILE *msi, uint32_t sector, uint32_t offset) { if (sector >= MAXREGSECT || offset >= msi->m_minisectorSize || (msi->m_bufferLen - offset) / msi->m_minisectorSize <= sector) { fprintf(stderr, "Corrupted file\n"); return NULL; /* FAILED */ } if (!locate_final_sector(msi, msi->m_miniStreamStartSector, sector * msi->m_minisectorSize + offset, §or, &offset)) { fprintf(stderr, "Failed to locate a final sector\n"); return NULL; /* FAILED */ } return sector_offset_to_address(msi, sector, offset); } /* * Copy as many as possible in each step * copylen typically iterate as: msi->m_sectorSize - offset --> msi->m_sectorSize --> msi->m_sectorSize --> ... --> remaining */ static int read_stream(MSI_FILE *msi, uint32_t sector, uint32_t offset, char *buffer, uint32_t len) { if (!locate_final_sector(msi, sector, offset, §or, &offset)) { fprintf(stderr, "Failed to locate a final sector\n"); return 0; /* FAILED */ } while (len > 0) { const u_char *address; uint32_t copylen; address = sector_offset_to_address(msi, sector, offset); if (!address) { fprintf(stderr, "Failed to get a next sector address\n"); return 0; /* FAILED */ } copylen = MIN(len, msi->m_sectorSize - offset); if (msi->m_buffer + msi->m_bufferLen < address + copylen) { fprintf(stderr, "Corrupted file\n"); return 0; /* FAILED */ } memcpy(buffer, address, copylen); buffer += copylen; len -= copylen; sector = get_next_sector(msi, sector); if (sector == 0) { fprintf(stderr, "Failed to get a next sector\n"); return 0; /* FAILED */ } offset = 0; } return 1; /* OK */ } /* Lookup miniFAT */ static uint32_t get_next_mini_sector(MSI_FILE *msi, uint32_t miniSector) { uint32_t sector, offset, nextMiniSectorLocation; const u_char *address; if (!locate_final_sector(msi, msi->m_hdr->firstMiniFATSectorLocation, miniSector * 4, §or, &offset)) { fprintf(stderr, "Failed to locate a final sector\n"); return NOSTREAM; /* FAILED */ } address = sector_offset_to_address(msi, sector, offset); if (!address) { fprintf(stderr, "Failed to get a next mini sector address\n"); return NOSTREAM; /* FAILED */ } nextMiniSectorLocation = GET_UINT32_LE(address); if (nextMiniSectorLocation == 0 || nextMiniSectorLocation >= FREESECT) { fprintf(stderr, "Get corrupted sector location 0x%08X\n", nextMiniSectorLocation); return NOSTREAM; /* FAILED */ } return nextMiniSectorLocation; } static int locate_final_mini_sector(MSI_FILE *msi, uint32_t sector, uint32_t offset, uint32_t *finalSector, uint32_t *finalOffset) { while (offset >= msi->m_minisectorSize) { offset -= msi->m_minisectorSize; sector = get_next_mini_sector(msi, sector); if (sector == NOSTREAM) { fprintf(stderr, "Failed to get a next mini sector\n"); return 0; /* FAILED */ } } *finalSector = sector; *finalOffset = offset; return 1; /* OK */ } /* Same logic as "read_stream" except that use mini stream functions instead */ static int read_mini_stream(MSI_FILE *msi, uint32_t sector, uint32_t offset, char *buffer, uint32_t len) { if (!locate_final_mini_sector(msi, sector, offset, §or, &offset)) { fprintf(stderr, "Failed to locate a final mini sector\n"); return 0; /* FAILED */ } while (len > 0) { const u_char *address; uint32_t copylen; address = mini_sector_offset_to_address(msi, sector, offset); if (!address) { fprintf(stderr, "Failed to get a next mini sector address\n"); return 0; /* FAILED */ } copylen = MIN(len, msi->m_minisectorSize - offset); if (msi->m_buffer + msi->m_bufferLen < address + copylen) { fprintf(stderr, "Corrupted file\n"); return 0; /* FAILED */ } memcpy(buffer, address, copylen); buffer += copylen; len -= copylen; sector = get_next_mini_sector(msi, sector); if (sector == NOSTREAM) { fprintf(stderr, "Failed to get a next mini sector\n"); return 0; /* FAILED */ } offset = 0; } return 1; /* OK */ } /* * Get file (stream) data start with "offset". * The buffer must have enough space to store "len" bytes. Typically "len" is derived by the steam length. */ static int msi_file_read(MSI_FILE *msi, MSI_ENTRY *entry, uint32_t offset, char *buffer, uint32_t len) { if (len < msi->m_hdr->miniStreamCutoffSize) { if (!read_mini_stream(msi, entry->startSectorLocation, offset, buffer, len)) return 0; /* FAILED */ } else { if (!read_stream(msi, entry->startSectorLocation, offset, buffer, len)) return 0; /* FAILED */ } return 1; /* OK */ } /* Parse MSI_FILE_HDR struct */ static MSI_FILE_HDR *parse_header(char *data) { uint32_t sectorSize; MSI_FILE_HDR *header = (MSI_FILE_HDR *)OPENSSL_malloc(HEADER_SIZE); /* initialise 512 bytes */ memset(header, 0, sizeof(MSI_FILE_HDR)); memcpy(header->signature, data + HEADER_SIGNATURE, sizeof header->signature); /* Minor Version field SHOULD be set to 0x003E. */ header->minorVersion = GET_UINT16_LE(data + HEADER_MINOR_VER); if (header->minorVersion !=0x003E) { printf("Warning: Minor Version field SHOULD be 0x003E, but is: 0x%04X\n", header->minorVersion); } /* Major Version field MUST be set to either 0x0003 (version 3) or 0x0004 (version 4). */ header->majorVersion = GET_UINT16_LE(data + HEADER_MAJOR_VER); if (header->majorVersion != 0x0003 && header->majorVersion != 0x0004) { fprintf(stderr, "Unknown Major Version: 0x%04X\n", header->majorVersion); OPENSSL_free(header); return NULL; /* FAILED */ } /* Byte Order field MUST be set to 0xFFFE, specifies little-endian byte order. */ header->byteOrder = GET_UINT16_LE(data + HEADER_BYTE_ORDER); if (header->byteOrder != 0xFFFE) { fprintf(stderr, "Unknown Byte Order: 0x%04X\n", header->byteOrder); OPENSSL_free(header); return NULL; /* FAILED */ } /* Sector Shift field MUST be set to 0x0009, or 0x000c, depending on the Major Version field. * This field specifies the sector size of the compound file as a power of 2. */ header->sectorShift = GET_UINT16_LE(data + HEADER_SECTOR_SHIFT); if ((header->majorVersion == 0x0003 && header->sectorShift != 0x0009) || (header->majorVersion == 0x0004 && header->sectorShift != 0x000C)) { fprintf(stderr, "Unknown Sector Shift: 0x%04X\n", header->sectorShift); OPENSSL_free(header); return NULL; /* FAILED */ } /* Mini Sector Shift field MUST be set to 0x0006. * This field specifies the sector size of the Mini Stream as a power of 2. * The sector size of the Mini Stream MUST be 64 bytes. */ header->miniSectorShift = GET_UINT16_LE(data + HEADER_MINI_SECTOR_SHIFT); if (header->miniSectorShift != 0x0006) { fprintf(stderr, "Unknown Mini Sector Shift: 0x%04X\n", header->miniSectorShift); OPENSSL_free(header); return NULL; /* FAILED */ } sectorSize = 1 << header->sectorShift; /* Number of Directory Sectors field contains the count of the number * of directory sectors in the compound file. * If Major Version is 3, the Number of Directory Sectors MUST be zero. */ header->numDirectorySector = GET_UINT32_LE(data + HEADER_DIR_SECTORS_NUM); if (header->majorVersion == 0x0003 && header->numDirectorySector != 0x00000000) { fprintf(stderr, "Unsupported Number of Directory Sectors: 0x%08X\n", header->numDirectorySector); OPENSSL_free(header); return NULL; /* FAILED */ } header->numFATSector = GET_UINT32_LE(data + HEADER_FAT_SECTORS_NUM); if ((uint64_t)header->numFATSector * sectorSize >= SIZE_16M) { fprintf(stderr, "Unsupported Number of FAT Sectors: 0x%08X\n", header->numFATSector); OPENSSL_free(header); return NULL; /* FAILED */ } header->firstDirectorySectorLocation = GET_UINT32_LE(data + HEADER_DIR_SECTOR_LOC); header->transactionSignatureNumber = GET_UINT32_LE(data + HEADER_TRANSACTION); /* Mini Stream Cutoff Size field MUST be set to 0x00001000. * This field specifies the maximum size of a user-defined data stream that is allocated * from the mini FAT and mini stream, and that cutoff is 4,096 bytes. * Any user-defined data stream that is greater than or equal to this cutoff size * must be allocated as normal sectors from the FAT. */ header->miniStreamCutoffSize = GET_UINT32_LE(data + HEADER_MINI_STREAM_CUTOFF); if (header->miniStreamCutoffSize != 0x00001000) { fprintf(stderr, "Unsupported Mini Stream Cutoff Size: 0x%08X\n", header->miniStreamCutoffSize); OPENSSL_free(header); return NULL; /* FAILED */ } header->firstMiniFATSectorLocation = GET_UINT32_LE(data + HEADER_MINI_FAT_SECTOR_LOC); header->numMiniFATSector = GET_UINT32_LE(data + HEADER_MINI_FAT_SECTORS_NUM); if ((uint64_t)header->numMiniFATSector * sectorSize >= SIZE_16M) { fprintf(stderr, "Unsupported Number of Mini FAT Sectors: 0x%08X\n", header->numMiniFATSector); OPENSSL_free(header); return NULL; /* FAILED */ } header->firstDIFATSectorLocation = GET_UINT32_LE(data + HEADER_DIFAT_SECTOR_LOC); header->numDIFATSector = GET_UINT32_LE(data + HEADER_DIFAT_SECTORS_NUM); if ((uint64_t)header->numDIFATSector * sectorSize >= SIZE_16M) { fprintf(stderr, "Unsupported Number of DIFAT Sectors: 0x%08X\n", header->numDIFATSector); OPENSSL_free(header); return NULL; /* FAILED */ } memcpy(header->headerDIFAT, data + HEADER_DIFAT, sizeof header->headerDIFAT); return header; } /* Parse MSI_ENTRY struct */ static MSI_ENTRY *parse_entry(MSI_FILE *msi, const u_char *data, int is_root) { uint32_t inlen; MSI_ENTRY *entry = (MSI_ENTRY *)OPENSSL_malloc(sizeof(MSI_ENTRY)); /* initialise 128 bytes */ memset(entry, 0, sizeof(MSI_ENTRY)); entry->nameLen = GET_UINT16_LE(data + DIRENT_NAME_LEN); /* This length MUST NOT exceed 64, the maximum size of the Directory Entry Name field */ if (entry->nameLen == 0 || entry->nameLen > 64) { fprintf(stderr, "Corrupted Directory Entry Name Length\n"); OPENSSL_free(entry); return NULL; /* FAILED */ } memcpy(entry->name, data + DIRENT_NAME, entry->nameLen); /* The root directory entry's Name field MUST contain the null-terminated * string "Root Entry" in Unicode UTF-16. */ if (is_root && (entry->nameLen != sizeof msi_root_entry || memcmp(entry->name, msi_root_entry, entry->nameLen))) { fprintf(stderr, "Corrupted Root Directory Entry's Name\n"); OPENSSL_free(entry); return NULL; /* FAILED */ } entry->type = GET_UINT8_LE(data + DIRENT_TYPE); entry->colorFlag = GET_UINT8_LE(data + DIRENT_COLOUR); entry->leftSiblingID = GET_UINT32_LE(data + DIRENT_LEFT_SIBLING_ID); entry->rightSiblingID = GET_UINT32_LE(data + DIRENT_RIGHT_SIBLING_ID); entry->childID = GET_UINT32_LE(data + DIRENT_CHILD_ID); memcpy(entry->clsid, data + DIRENT_CLSID, 16); memcpy(entry->stateBits, data + DIRENT_STATE_BITS, 4); memcpy(entry->creationTime, data + DIRENT_CREATE_TIME, 8); /* The Creation Time field in the root storage directory entry MUST be all zeroes but the Modified Time field in the root storage directory entry MAY be all zeroes */ if (is_root && memcmp(entry->creationTime, msi_zeroes, 8)) { fprintf(stderr, "Corrupted Root Directory Entry's Creation Time\n"); OPENSSL_free(entry); return NULL; /* FAILED */ } memcpy(entry->modifiedTime, data + DIRENT_MODIFY_TIME, 8); entry->startSectorLocation = GET_UINT32_LE(data + DIRENT_START_SECTOR_LOC); memcpy(entry->size, data + DIRENT_FILE_SIZE, 8); /* For a version 3 compound file 512-byte sector size, the value of this field MUST be less than or equal to 0x80000000 */ inlen = GET_UINT32_LE(entry->size); if ((msi->m_sectorSize == 0x0200 && inlen > 0x80000000) || (msi->m_bufferLen <= inlen)) { fprintf(stderr, "Corrupted Stream Size 0x%08X\n", inlen); OPENSSL_free(entry); return NULL; /* FAILED */ } return entry; } /* * Get entry (directory or file) by its ID. * Pass "0" to get the root directory entry. -- This is the start point to navigate the compound file. * Use the returned object to access child entries. */ static MSI_ENTRY *get_entry(MSI_FILE *msi, uint32_t entryID, int is_root) { uint32_t sector = 0; uint32_t offset = 0; const u_char *address; /* Corrupted file */ if (!is_root && entryID == 0) { fprintf(stderr, "Corrupted entryID\n"); return NULL; /* FAILED */ } if (msi->m_bufferLen / sizeof(MSI_ENTRY) <= entryID) { fprintf(stderr, "Invalid argument entryID\n"); return NULL; /* FAILED */ } /* The first entry in the first sector of the directory chain is known as the root directory entry so it can not contain the directory stream */ if (msi->m_hdr->firstDirectorySectorLocation == 0 && entryID == 0) { fprintf(stderr, "Corrupted First Directory Sector Location\n"); return NULL; /* FAILED */ } if (!locate_final_sector(msi, msi->m_hdr->firstDirectorySectorLocation, entryID * sizeof(MSI_ENTRY), §or, &offset)) { fprintf(stderr, "Failed to locate a final sector\n"); return NULL; /* FAILED */ } address = sector_offset_to_address(msi, sector, offset); if (!address) { fprintf(stderr, "Failed to get a final address\n"); return NULL; /* FAILED */ } return parse_entry(msi, address, is_root); } static MSI_ENTRY *msi_root_entry_get(MSI_FILE *msi) { return get_entry(msi, 0, TRUE); } static void msi_file_free(MSI_FILE *msi) { if (!msi) return; OPENSSL_free(msi->m_hdr); OPENSSL_free(msi); } /* Parse MSI_FILE struct */ static MSI_FILE *msi_file_new(char *buffer, uint32_t len) { MSI_FILE *msi; MSI_ENTRY *root; MSI_FILE_HDR *header; if (buffer == NULL || len == 0) { fprintf(stderr, "Invalid argument\n"); return NULL; /* FAILED */ } header = parse_header(buffer); if (!header) { fprintf(stderr, "Failed to parse MSI_FILE_HDR struct\n"); return NULL; /* FAILED */ } msi = (MSI_FILE *)OPENSSL_malloc(sizeof(MSI_FILE)); msi->m_buffer = (const u_char *)(buffer); msi->m_bufferLen = len; msi->m_hdr = header; msi->m_sectorSize = 1 << msi->m_hdr->sectorShift; msi->m_minisectorSize = 1 << msi->m_hdr->miniSectorShift; msi->m_miniStreamStartSector = 0; if (msi->m_bufferLen < sizeof *(msi->m_hdr) || memcmp(msi->m_hdr->signature, msi_magic, sizeof msi_magic)) { fprintf(stderr, "Wrong file format\n"); msi_file_free(msi); return NULL; /* FAILED */ } /* The file must contains at least 3 sectors */ if (msi->m_bufferLen < msi->m_sectorSize * 3) { fprintf(stderr, "The file must contains at least 3 sectors\n"); msi_file_free(msi); return NULL; /* FAILED */ } root = msi_root_entry_get(msi); if (!root) { fprintf(stderr, "Failed to get msi root entry\n"); msi_file_free(msi); return NULL; /* FAILED */ } msi->m_miniStreamStartSector = root->startSectorLocation; OPENSSL_free(root); return msi; } /* Recursively create a tree of MSI_DIRENT structures */ static int msi_dirent_new(MSI_FILE *msi, MSI_ENTRY *entry, MSI_DIRENT *parent, MSI_DIRENT **ret) { MSI_DIRENT *dirent; static int cnt; static MSI_DIRENT *tortoise, *hare; if (!entry) { return 1; /* OK */ } if (entry->nameLen == 0 || entry->nameLen > 64) { fprintf(stderr, "Corrupted Directory Entry Name Length\n"); return 0; /* FAILED */ } /* detect cycles in previously visited entries (parents, siblings) */ if (!ret) { /* initialized (non-root entry) */ if (!memcmp(entry, tortoise->entry, sizeof(MSI_ENTRY))) { fprintf(stderr, "MSI_ENTRY cycle detected at level %d\n", cnt); OPENSSL_free(entry); return 0; /* FAILED */ } } dirent = (MSI_DIRENT *)OPENSSL_malloc(sizeof(MSI_DIRENT)); memcpy(dirent->name, entry->name, entry->nameLen); dirent->nameLen = entry->nameLen; dirent->type = entry->type; dirent->entry = entry; dirent->children = sk_MSI_DIRENT_new_null(); dirent->next = NULL; /* fail-safe */ /* Floyd's cycle-finding algorithm */ if (!ret) { /* initialized (non-root entry) */ if (cnt++ & 1) /* move the tortoise every other invocation of msi_dirent_new() */ tortoise = tortoise->next; hare->next = dirent; /* build a linked list of visited entries */ hare = dirent; /* move the hare every time */ } else { /* initialization needed (root entry) */ cnt = 0; tortoise = dirent; hare = dirent; } if (parent && !sk_MSI_DIRENT_push(parent->children, dirent)) { fprintf(stderr, "Failed to insert MSI_DIRENT\n"); return 0; /* FAILED */ } if (ret) *ret = dirent; if (!recurse_entry(msi, entry->leftSiblingID, parent) || !recurse_entry(msi, entry->rightSiblingID, parent) || !recurse_entry(msi, entry->childID, dirent)) { fprintf(stderr, "Failed to add a sibling or a child to the tree\n"); return 0; /* FAILED */ } return 1; /* OK */ } /* Add a sibling or a child to the tree */ /* NOTE: These links are a tree, not a linked list */ static int recurse_entry(MSI_FILE *msi, uint32_t entryID, MSI_DIRENT *parent) { MSI_ENTRY *node; /* The special NOSTREAM (0xFFFFFFFF) value is used as a terminator */ if (entryID == NOSTREAM) /* stop condition */ return 1; /* OK */ node = get_entry(msi, entryID, FALSE); if (!node) { fprintf(stderr, "Corrupted ID: 0x%08X\n", entryID); return 0; /* FAILED */ } if (!msi_dirent_new(msi, node, parent, NULL)) { return 0; /* FAILED */ } return 1; /* OK */ } /* Return DigitalSignature and MsiDigitalSignatureEx */ static MSI_ENTRY *msi_signatures_get(MSI_DIRENT *dirent, MSI_ENTRY **dse) { int i; MSI_ENTRY *ds = NULL; for (i = 0; i < sk_MSI_DIRENT_num(dirent->children); i++) { MSI_DIRENT *child = sk_MSI_DIRENT_value(dirent->children, i); if (!memcmp(child->name, digital_signature, MIN(child->nameLen, sizeof digital_signature))) { ds = child->entry; } else if (dse && !memcmp(child->name, digital_signature_ex, MIN(child->nameLen, sizeof digital_signature_ex))) { *dse = child->entry; } else { continue; } } return ds; } /* Recursively free MSI_DIRENT struct */ static void msi_dirent_free(MSI_DIRENT *dirent) { if (!dirent) return; sk_MSI_DIRENT_pop_free(dirent->children, msi_dirent_free); OPENSSL_free(dirent->entry); OPENSSL_free(dirent); } /* Sorted list of MSI streams in this order is needed for hashing */ static int dirent_cmp_hash(const MSI_DIRENT *const *a, const MSI_DIRENT *const *b) { const MSI_DIRENT *dirent_a = *a; const MSI_DIRENT *dirent_b = *b; int diff = memcmp(dirent_a->name, dirent_b->name, MIN(dirent_a->nameLen, dirent_b->nameLen)); /* apparently the longer wins */ if (diff == 0) { return dirent_a->nameLen > dirent_b->nameLen ? -1 : 1; } return diff; } /* Sorting relationship for directory entries, the left sibling MUST always be less than the right sibling */ static int dirent_cmp_tree(const MSI_DIRENT *const *a, const MSI_DIRENT *const *b) { const MSI_DIRENT *dirent_a = *a; const MSI_DIRENT *dirent_b = *b; uint16_t codepoint_a, codepoint_b; int i; if (dirent_a->nameLen != dirent_b->nameLen) { return dirent_a->nameLen < dirent_b->nameLen ? -1 : 1; } for (i=0; inameLen-2; i=i+2) { codepoint_a = GET_UINT16_LE(dirent_a->name + i); codepoint_b = GET_UINT16_LE(dirent_b->name + i); if (codepoint_a != codepoint_b) { return codepoint_a < codepoint_b ? -1 : 1; } } return 0; } /* * Calculate the pre-hash used for 'MsiDigitalSignatureEx' * signatures in MSI files. The pre-hash hashes only metadata (file names, * file sizes, creation times and modification times), whereas the basic * 'DigitalSignature' MSI signature only hashes file content. * * The hash is written to the hash BIO. */ /* Hash a MSI stream's extended metadata */ static void prehash_metadata(MSI_ENTRY *entry, BIO *hash) { if (entry->type != DIR_ROOT) { BIO_write(hash, entry->name, entry->nameLen - 2); } if (entry->type != DIR_STREAM) { BIO_write(hash, entry->clsid, sizeof entry->clsid); } else { BIO_write(hash, entry->size, (sizeof entry->size)/2); } BIO_write(hash, entry->stateBits, sizeof entry->stateBits); if (entry->type != DIR_ROOT) { BIO_write(hash, entry->creationTime, sizeof entry->creationTime); BIO_write(hash, entry->modifiedTime, sizeof entry->modifiedTime); } } /* Recursively hash a MSI directory's extended metadata */ static int msi_prehash_dir(MSI_DIRENT *dirent, BIO *hash, int is_root) { int i, ret = 0; STACK_OF(MSI_DIRENT) *children; if (!dirent || !dirent->children) { return ret; } children = sk_MSI_DIRENT_dup(dirent->children); prehash_metadata(dirent->entry, hash); sk_MSI_DIRENT_set_cmp_func(children, &dirent_cmp_hash); sk_MSI_DIRENT_sort(children); for (i = 0; i < sk_MSI_DIRENT_num(children); i++) { MSI_DIRENT *child = sk_MSI_DIRENT_value(children, i); if (is_root && (!memcmp(child->name, digital_signature, MIN(child->nameLen, sizeof digital_signature)) || !memcmp(child->name, digital_signature_ex, MIN(child->nameLen, sizeof digital_signature_ex)))) { continue; } if (child->type == DIR_STREAM) { prehash_metadata(child->entry, hash); } if (child->type == DIR_STORAGE) { if (!msi_prehash_dir(child, hash, 0)) { goto out; } } } ret = 1; /* OK */ out: sk_MSI_DIRENT_free(children); return ret; } /* Recursively hash a MSI directory (storage) */ static int msi_hash_dir(MSI_FILE *msi, MSI_DIRENT *dirent, BIO *hash, int is_root) { int i, ret = 0; STACK_OF(MSI_DIRENT) *children; if (!dirent || !dirent->children) { return ret; } children = sk_MSI_DIRENT_dup(dirent->children); sk_MSI_DIRENT_set_cmp_func(children, &dirent_cmp_hash); sk_MSI_DIRENT_sort(children); for (i = 0; i < sk_MSI_DIRENT_num(children); i++) { MSI_DIRENT *child = sk_MSI_DIRENT_value(children, i); if (is_root && (!memcmp(child->name, digital_signature, MIN(child->nameLen, sizeof digital_signature)) || !memcmp(child->name, digital_signature_ex, MIN(child->nameLen, sizeof digital_signature_ex)))) { /* Skip DigitalSignature and MsiDigitalSignatureEx streams */ continue; } if (child->type == DIR_STREAM) { char *indata; uint32_t inlen = GET_UINT32_LE(child->entry->size); if (inlen == 0 || inlen >= MAXREGSECT) { /* Skip null and corrupted streams */ continue; } indata = (char *)OPENSSL_malloc(inlen); if (!msi_file_read(msi, child->entry, 0, indata, inlen)) { fprintf(stderr, "Failed to read stream data\n"); OPENSSL_free(indata); goto out; } BIO_write(hash, indata, (int)inlen); OPENSSL_free(indata); } if (child->type == DIR_STORAGE) { if (!msi_hash_dir(msi, child, hash, 0)) { fprintf(stderr, "Failed to hash a MSI storage\n"); goto out; } } } BIO_write(hash, dirent->entry->clsid, sizeof dirent->entry->clsid); ret = 1; /* OK */ out: sk_MSI_DIRENT_free(children); return ret; } static int ministream_append(MSI_OUT *out, char *buf, uint32_t len) { uint32_t needSectors = (len + out->sectorSize - 1) / out->sectorSize; if (out->miniStreamLen + len >= (uint64_t)out->ministreamsMemallocCount * out->sectorSize) { out->ministreamsMemallocCount += needSectors; out->ministream = OPENSSL_realloc(out->ministream, (size_t)(out->ministreamsMemallocCount * out->sectorSize)); if (!out->ministream) { fprintf(stderr, "Memory allocation failure\n"); return 0; /* FAILED */ } } memcpy(out->ministream + out->miniStreamLen, buf, (size_t)len); out->miniStreamLen += len; return 1; /* OK */ } static int minifat_append(MSI_OUT *out, char *buf, uint32_t len) { if (out->minifatLen == (uint64_t)out->minifatMemallocCount * out->sectorSize) { out->minifatMemallocCount++; if ((uint64_t)out->minifatMemallocCount * out->sectorSize >= SIZE_16M) { fprintf(stderr, "Failed to append MiniFAT sector\n"); return 0; /* FAILED */ } out->minifat = OPENSSL_realloc(out->minifat, (size_t)(out->minifatMemallocCount * out->sectorSize)); if (!out->minifat) { fprintf(stderr, "Memory allocation failure\n"); return 0; /* FAILED */ } } memcpy(out->minifat + out->minifatLen, buf, (size_t)len); out->minifatLen += len; return 1; /* OK */ } static int fat_append(MSI_OUT *out, char *buf, uint32_t len) { if (out->fatLen == (uint64_t)out->fatMemallocCount * out->sectorSize) { out->fatMemallocCount++; if ((uint64_t)out->fatMemallocCount * out->sectorSize >= SIZE_16M) { fprintf(stderr, "Failed to append FAT sector\n"); return 0; /* FAILED */ } out->fat = OPENSSL_realloc(out->fat, (size_t)(out->fatMemallocCount * out->sectorSize)); if (!out->fat) { fprintf(stderr, "Memory allocation failure\n"); return 0; /* FAILED */ } } memcpy(out->fat + out->fatLen, buf, (size_t)len); out->fatLen += len; return 1; /* OK */ } static int difat_append(MSI_OUT *out, char *buf, uint32_t len) { if (out->difatLen == (uint64_t)out->difatMemallocCount * out->sectorSize) { out->difatMemallocCount++; if ((uint64_t)out->difatMemallocCount * out->sectorSize >= SIZE_16M) { fprintf(stderr, "Failed to append DIFAT sector\n"); return 0; /* FAILED */ } out->difat = OPENSSL_realloc(out->difat, (size_t)(out->difatMemallocCount * out->sectorSize)); if (!out->difat) { fprintf(stderr, "Memory allocation failure\n"); return 0; /* FAILED */ } } memcpy(out->difat + out->difatLen, buf, (size_t)len); out->difatLen += len; return 1; /* OK */ } static int msi_dirent_delete(MSI_DIRENT *dirent, const u_char *name, uint16_t nameLen) { int i; for (i = 0; i < sk_MSI_DIRENT_num(dirent->children); i++) { MSI_DIRENT *child = sk_MSI_DIRENT_value(dirent->children, i); if (memcmp(child->name, name, MIN(child->nameLen, nameLen))) { continue; } if (child->type != DIR_STREAM) { fprintf(stderr, "Can't delete or replace storages\n"); return 0; /* FAILED */ } sk_MSI_DIRENT_delete(dirent->children, i); msi_dirent_free(child); } return 1; /* OK */ } static MSI_DIRENT *dirent_add(const u_char *name, uint16_t nameLen) { MSI_DIRENT *dirent = (MSI_DIRENT *)OPENSSL_malloc(sizeof(MSI_DIRENT)); MSI_ENTRY *entry = (MSI_ENTRY *)OPENSSL_malloc(sizeof(MSI_ENTRY)); memcpy(dirent->name, name, nameLen); dirent->nameLen = nameLen; dirent->type = DIR_STREAM; dirent->children = sk_MSI_DIRENT_new_null(); memcpy(entry->name, name, nameLen); entry->nameLen = nameLen; entry->type = DIR_STREAM; entry->colorFlag = BLACK_COLOR; /* make everything black */ entry->leftSiblingID = NOSTREAM; entry->rightSiblingID = NOSTREAM; entry->childID = NOSTREAM; memset(entry->clsid, 0, 16); memset(entry->stateBits, 0, 4); memset(entry->creationTime, 0, 8); memset(entry->modifiedTime, 0, 8); entry->startSectorLocation = NOSTREAM; memset(entry->size, 0, 8); dirent->entry = entry; return dirent; } static int dirent_insert(MSI_DIRENT *dirent, const u_char *name, uint16_t nameLen) { MSI_DIRENT *new_dirent; if (!msi_dirent_delete(dirent, name, nameLen)) { return 0; /* FAILED */ } /* create new dirent */ new_dirent = dirent_add(name, nameLen); sk_MSI_DIRENT_push(dirent->children, new_dirent); return 1; /* OK */ } static int signature_insert(MSI_DIRENT *dirent, uint32_t len_msiex) { if (len_msiex > 0) { if (!dirent_insert(dirent, digital_signature_ex, sizeof digital_signature_ex)) { return 0; /* FAILED */ } } else { if (!msi_dirent_delete(dirent, digital_signature_ex, sizeof digital_signature_ex)) { return 0; /* FAILED */ } } if (!dirent_insert(dirent, digital_signature, sizeof digital_signature)) { return 0; /* FAILED */ } return 1; /* OK */ } static uint32_t stream_read(MSI_FILE *msi, MSI_ENTRY *entry, u_char *p_msi, uint32_t len_msi, u_char *p_msiex, uint32_t len_msiex, char **indata, uint32_t inlen, int is_root) { if (is_root && !memcmp(entry->name, digital_signature, sizeof digital_signature)) { /* DigitalSignature */ inlen = len_msi; *indata = OPENSSL_malloc((size_t)inlen); memcpy(*indata, p_msi, (size_t)inlen); } else if (is_root && !memcmp(entry->name, digital_signature_ex, sizeof digital_signature_ex)) { /* MsiDigitalSignatureEx */ inlen = len_msiex; *indata = OPENSSL_malloc((size_t)inlen); memcpy(*indata, p_msiex, (size_t)inlen); } else if (inlen != 0) { *indata = (char *)OPENSSL_malloc(inlen); if (!msi_file_read(msi, entry, 0, *indata, inlen)) { return 0; /* FAILED */ } } return inlen; } /* Recursively handle data from MSI_DIRENT struct */ static int stream_handle(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p_msi, uint32_t len_msi, u_char *p_msiex, uint32_t len_msiex, BIO *outdata, MSI_OUT *out, int is_root) { int i; if (dirent->type == DIR_ROOT) { if (len_msi > 0 && !signature_insert(dirent, len_msiex)) { fprintf(stderr, "Insert new signature failed\n"); return 0; /* FAILED */ } out->ministreamsMemallocCount = (GET_UINT32_LE(dirent->entry->size) + out->sectorSize - 1)/out->sectorSize; out->ministream = OPENSSL_malloc((uint64_t)out->ministreamsMemallocCount * out->sectorSize); } for (i = 0; i < sk_MSI_DIRENT_num(dirent->children); i++) { MSI_DIRENT *child = sk_MSI_DIRENT_value(dirent->children, i); if (child->type == DIR_STORAGE) { if (!stream_handle(msi, child, NULL, 0, NULL, 0, outdata, out, 0)) { return 0; /* FAILED */ } } else { /* DIR_STREAM */ char buf[MAX_SECTOR_SIZE]; char *indata = NULL; uint32_t inlen = GET_UINT32_LE(child->entry->size); if (inlen >= MAXREGSECT) { fprintf(stderr, "Corrupted stream length 0x%08X\n", inlen); return 0; /* FAILED */ } /* DigitalSignature or MsiDigitalSignatureEx: inlen == 0 */ inlen = stream_read(msi, child->entry, p_msi, len_msi, p_msiex, len_msiex, &indata, inlen, is_root); if (inlen == 0) { OPENSSL_free(indata); continue; /* skip a null stream */ } /* set the size of the user-defined data if this is a stream object */ PUT_UINT32_LE(inlen, buf); memcpy(child->entry->size, buf, sizeof child->entry->size); if (inlen < MINI_STREAM_CUTOFF_SIZE) { /* set the index into the mini FAT to track the chain of sectors through the mini stream */ child->entry->startSectorLocation = out->miniSectorNum; if (!ministream_append(out, indata, inlen)) { OPENSSL_free(indata); return 0; /* FAILED */ } /* fill to the end with known data, such as all zeroes */ if (inlen % msi->m_minisectorSize > 0) { uint32_t remain = msi->m_minisectorSize - inlen % msi->m_minisectorSize; memset(buf, 0, (size_t)remain); if (!ministream_append(out, buf, remain)) { OPENSSL_free(indata); return 0; /* FAILED */ } } while (inlen > msi->m_minisectorSize) { out->miniSectorNum++; PUT_UINT32_LE(out->miniSectorNum, buf); if (!minifat_append(out, buf, 4)) { OPENSSL_free(indata); return 0; /* FAILED */ } inlen -= msi->m_minisectorSize; } PUT_UINT32_LE(ENDOFCHAIN, buf); if (!minifat_append(out, buf, 4)) { OPENSSL_free(indata); return 0; /* FAILED */ } out->miniSectorNum++; } else { /* set the first sector location if this is a stream object */ child->entry->startSectorLocation = out->sectorNum; /* stream save */ BIO_write(outdata, indata, (int)inlen); /* fill to the end with known data, such as all zeroes */ if (inlen % out->sectorSize > 0) { uint32_t remain = out->sectorSize - inlen % out->sectorSize; memset(buf, 0, (size_t)remain); BIO_write(outdata, buf, (int)remain); } /* set a sector chain in the FAT */ while (inlen > out->sectorSize) { out->sectorNum++; PUT_UINT32_LE(out->sectorNum, buf); if (!fat_append(out, buf, 4)) { OPENSSL_free(indata); return 0; /* FAILED */ } inlen -= out->sectorSize; } PUT_UINT32_LE(ENDOFCHAIN, buf); if (!fat_append(out, buf, 4)) { OPENSSL_free(indata); return 0; /* FAILED */ } out->sectorNum++; } OPENSSL_free(indata); } } return 1; /* OK */ } static int ministream_save(MSI_DIRENT *dirent, BIO *outdata, MSI_OUT *out) { char buf[MAX_SECTOR_SIZE]; uint32_t i, remain; uint32_t ministreamSectorsCount = (out->miniStreamLen + out->sectorSize - 1) / out->sectorSize; /* set the first sector of the mini stream in the entry root object */ dirent->entry->startSectorLocation = out->sectorNum; /* ministream save */ BIO_write(outdata, out->ministream, (int)out->miniStreamLen); OPENSSL_free(out->ministream); /* fill to the end with known data, such as all zeroes */ if (out->miniStreamLen % out->sectorSize > 0) { remain = out->sectorSize - out->miniStreamLen % out->sectorSize; memset(buf, 0, (size_t)remain); BIO_write(outdata, buf, (int)remain); } /* set a sector chain in the FAT */ for (i=1; isectorNum + i, buf); if (!fat_append(out, buf, 4)) { return 0; /* FAILED */ } } /* mark the end of the mini stream data */ PUT_UINT32_LE(ENDOFCHAIN, buf); if (!fat_append(out, buf, 4)) { return 0; /* FAILED */ } out->sectorNum += ministreamSectorsCount; return 1; /* OK */ } static int minifat_save(BIO *outdata, MSI_OUT *out) { char buf[MAX_SECTOR_SIZE]; uint32_t i, remain; /* set Mini FAT Starting Sector Location in the header */ if (out->minifatLen == 0) { PUT_UINT32_LE(ENDOFCHAIN, buf); memcpy(out->header + HEADER_MINI_FAT_SECTOR_LOC, buf, 4); return 1; /* OK */ } PUT_UINT32_LE(out->sectorNum, buf); memcpy(out->header + HEADER_MINI_FAT_SECTOR_LOC, buf, 4); /* minifat save */ BIO_write(outdata, out->minifat, (int)out->minifatLen); /* marks the end of the stream */ PUT_UINT32_LE(ENDOFCHAIN, buf); BIO_write(outdata, buf, 4); out->minifatLen += 4; /* empty unallocated free sectors in the last Mini FAT sector */ if (out->minifatLen % out->sectorSize > 0) { remain = out->sectorSize - out->minifatLen % out->sectorSize; memset(buf, (int)FREESECT, (size_t)remain); BIO_write(outdata, buf, (int)remain); } /* set a sector chain in the FAT */ out->minifatSectorsCount = (out->minifatLen + out->sectorSize - 1) / out->sectorSize; for (i=1; iminifatSectorsCount; i++) { PUT_UINT32_LE(out->sectorNum + i, buf); if (!fat_append(out, buf, 4)) { return 0; /* FAILED */ } } /* mark the end of the mini FAT chain */ PUT_UINT32_LE(ENDOFCHAIN, buf); if (!fat_append(out, buf, 4)) { return 0; /* FAILED */ } out->sectorNum += out->minifatSectorsCount; return 1; /* OK */ } static char *msi_dirent_get(MSI_ENTRY *entry) { char buf[8]; char *data = OPENSSL_malloc(DIRENT_SIZE); /* initialise 128 bytes */ memset(data, 0, DIRENT_SIZE); memcpy(data + DIRENT_NAME, entry->name, entry->nameLen); memset(data + DIRENT_NAME + entry->nameLen, 0, DIRENT_MAX_NAME_SIZE - entry->nameLen); PUT_UINT16_LE(entry->nameLen, buf); memcpy(data + DIRENT_NAME_LEN, buf, 2); PUT_UINT8_LE(entry->type, buf); memcpy(data + DIRENT_TYPE, buf, 1); PUT_UINT8_LE(entry->colorFlag, buf); memcpy(data + DIRENT_COLOUR, buf, 1); PUT_UINT32_LE(entry->leftSiblingID, buf); memcpy(data + DIRENT_LEFT_SIBLING_ID, buf, 4); PUT_UINT32_LE(entry->rightSiblingID, buf); memcpy(data + DIRENT_RIGHT_SIBLING_ID, buf, 4); PUT_UINT32_LE(entry->childID, buf); memcpy(data + DIRENT_CHILD_ID, buf, 4); memcpy(data + DIRENT_CLSID, entry->clsid, 16); memcpy(data + DIRENT_STATE_BITS, entry->stateBits, 4); memcpy(data + DIRENT_CREATE_TIME, entry->creationTime, 8); memcpy(data + DIRENT_MODIFY_TIME, entry->modifiedTime, 8); PUT_UINT32_LE(entry->startSectorLocation, buf); memcpy(data + DIRENT_START_SECTOR_LOC, buf, 4); memcpy(data + DIRENT_FILE_SIZE, entry->size, 4); memset(data + DIRENT_FILE_SIZE + 4, 0, 4); return data; } static char *msi_unused_dirent_get(void) { char *data = OPENSSL_malloc(DIRENT_SIZE); /* initialise 127 bytes */ memset(data, 0, DIRENT_SIZE); memset(data + DIRENT_LEFT_SIBLING_ID, (int)NOSTREAM, 4); memset(data + DIRENT_RIGHT_SIBLING_ID, (int)NOSTREAM, 4); memset(data + DIRENT_CHILD_ID, (int)NOSTREAM, 4); return data; } static int dirents_save(MSI_DIRENT *dirent, BIO *outdata, MSI_OUT *out, uint32_t *streamId, int count, int last) { int i, childenNum; char *entry; STACK_OF(MSI_DIRENT) *children; if (!dirent || !dirent->children) { return count; } children = sk_MSI_DIRENT_dup(dirent->children); sk_MSI_DIRENT_set_cmp_func(children, &dirent_cmp_tree); sk_MSI_DIRENT_sort(children); childenNum = sk_MSI_DIRENT_num(children); /* make everything black */ dirent->entry->colorFlag = BLACK_COLOR; dirent->entry->leftSiblingID = NOSTREAM; if (dirent->type == DIR_STORAGE) { if (last) { dirent->entry->rightSiblingID = NOSTREAM; } else { /* make linked list rather than tree, only use next - right sibling */ count += childenNum; dirent->entry->rightSiblingID = *streamId + (uint32_t)count + 1; } } else { /* DIR_ROOT */ dirent->entry->rightSiblingID = NOSTREAM; } dirent->entry->childID = *streamId + 1; entry = msi_dirent_get(dirent->entry); BIO_write(outdata, entry, DIRENT_SIZE); OPENSSL_free(entry); out->dirtreeLen += DIRENT_SIZE; for (i = 0; i < childenNum; i++) { MSI_DIRENT *child = sk_MSI_DIRENT_value(children, i); int last_dir = i == childenNum - 1 ? 1 : 0; *streamId += 1; if (child->type == DIR_STORAGE) { count += dirents_save(child, outdata, out, streamId, count, last_dir); } else { /* DIR_STREAM */ count = 0; child->entry->colorFlag = BLACK_COLOR; child->entry->leftSiblingID = NOSTREAM; if (last_dir) { child->entry->rightSiblingID = NOSTREAM; } else { child->entry->rightSiblingID = *streamId + 1; } entry = msi_dirent_get(child->entry); BIO_write(outdata, entry, DIRENT_SIZE); OPENSSL_free(entry); out->dirtreeLen += DIRENT_SIZE; } } sk_MSI_DIRENT_free(children); return count; } static int dirtree_save(MSI_DIRENT *dirent, BIO *outdata, MSI_OUT *out) { char buf[MAX_SECTOR_SIZE]; char *unused_entry; uint32_t i, remain, streamId = 0; /* set Directory Starting Sector Location in the header */ PUT_UINT32_LE(out->sectorNum, buf); memcpy(out->header + HEADER_DIR_SECTOR_LOC, buf, 4); /* set the size of the mini stream in the root object */ if (dirent->type == DIR_ROOT) { PUT_UINT32_LE(out->miniStreamLen, buf); memcpy(dirent->entry->size, buf, sizeof dirent->entry->size); } /* sort and save all directory entries */ dirents_save(dirent, outdata, out, &streamId, 0, 0); /* set free (unused) directory entries */ unused_entry = msi_unused_dirent_get(); if (out->dirtreeLen % out->sectorSize > 0) { remain = out->sectorSize - out->dirtreeLen % out->sectorSize; while (remain > 0) { BIO_write(outdata, unused_entry, DIRENT_SIZE); remain -= DIRENT_SIZE; } } OPENSSL_free(unused_entry); /* set a sector chain in the FAT */ out->dirtreeSectorsCount = (out->dirtreeLen + out->sectorSize - 1) / out->sectorSize; for (i=1; idirtreeSectorsCount; i++) { PUT_UINT32_LE(out->sectorNum + i, buf); if (!fat_append(out, buf, 4)) { return 0; /* FAILED */ } } /* mark the end of the directory chain */ PUT_UINT32_LE(ENDOFCHAIN, buf); if (!fat_append(out, buf, 4)) { return 0; /* FAILED */ } out->sectorNum += out->dirtreeSectorsCount; return 1; /* OK */ } static int fat_save(BIO *outdata, MSI_OUT *out) { char buf[MAX_SECTOR_SIZE]; uint32_t i, j, remain, difatSectors, difatEntriesPerSector = 0, fatSectorIndex, lastFatSectorIndex; remain = (out->fatLen + out->sectorSize - 1) / out->sectorSize; out->fatSectorsCount = (out->fatLen + remain * 4 + out->sectorSize - 1) / out->sectorSize; if (out->fatSectorsCount > DIFAT_IN_HEADER) { difatEntriesPerSector = (out->sectorSize / 4) - 1; difatSectors = (out->fatSectorsCount - DIFAT_IN_HEADER + difatEntriesPerSector - 1) / difatEntriesPerSector; } else { difatSectors = 0; } /* set 109 FAT sectors in HEADER_DIFAT table */ for (i = 0; i < MIN(out->fatSectorsCount, DIFAT_IN_HEADER); i++) { PUT_UINT32_LE(out->sectorNum + i, buf); memcpy(out->header + HEADER_DIFAT + i * 4, buf, 4); } out->sectorNum += out->fatSectorsCount; if (out->fatSectorsCount > DIFAT_IN_HEADER) { /* Set DIFAT start sector number in header */ PUT_UINT32_LE(out->sectorNum, buf); memcpy(out->header + HEADER_DIFAT_SECTOR_LOC, buf, 4); /* Set total DIFAT sectors number in header */ PUT_UINT32_LE(difatSectors, buf); memcpy(out->header + HEADER_DIFAT_SECTORS_NUM, buf, 4); remain = out->fatSectorsCount - DIFAT_IN_HEADER; fatSectorIndex = out->sectorNum - remain; lastFatSectorIndex = out->sectorNum; /* Fill DIFAT sectors */ for (i = 0; i < difatSectors; i++) { for (j = 0; j < difatEntriesPerSector; j++, fatSectorIndex++) { if (fatSectorIndex < lastFatSectorIndex) { PUT_UINT32_LE(fatSectorIndex, buf + j * 4); } else { PUT_UINT32_LE(FREESECT, buf + j * 4); } } /* Add next DIFAT sector link or mark end of chain */ if (i + 1 >= difatSectors) { PUT_UINT32_LE(ENDOFCHAIN, buf + out->sectorSize - 4); } else { PUT_UINT32_LE(out->sectorNum + 1, buf + out->sectorSize - 4); } if (!difat_append(out, buf, out->sectorSize)) { return 0; /* FAILED */ } out->sectorNum++; } } /* mark FAT sectors in the FAT chain */ PUT_UINT32_LE(FATSECT, buf); for (i=0; ifatSectorsCount; i++) { if (!fat_append(out, buf, 4)) { return 0; /* FAILED */ } } /* mark DIFAT sectors in the FAT chain */ PUT_UINT32_LE(DIFSECT, buf); for (i = 0; i < difatSectors; i++) { if (!fat_append(out, buf, 4)) { return 0; /* FAILED */ } } /* empty unallocated free sectors in the last FAT sector */ if (out->fatLen % out->sectorSize > 0) { remain = out->sectorSize - out->fatLen % out->sectorSize; memset(buf, (int)FREESECT, (size_t)remain); if (!fat_append(out, buf, remain)) { return 0; /* FAILED */ } } BIO_write(outdata, out->fat, (int)out->fatLen); BIO_write(outdata, out->difat, (int)out->difatLen); return 1; /* OK */ } static void header_save(BIO *outdata, MSI_OUT *out) { char buf[MAX_SECTOR_SIZE]; uint32_t remain; /* set Number of FAT sectors in the header */ PUT_UINT32_LE(out->fatSectorsCount, buf); memcpy(out->header + HEADER_FAT_SECTORS_NUM, buf, 4); /* set Number of Mini FAT sectors in the header */ PUT_UINT32_LE(out->minifatSectorsCount, buf); memcpy(out->header + HEADER_MINI_FAT_SECTORS_NUM, buf, 4); /* set Number of Directory Sectors in the header if Major Version is 4 */ if (out->sectorSize == 4096) { PUT_UINT32_LE(out->dirtreeSectorsCount, buf); memcpy(out->header + HEADER_DIR_SECTORS_NUM, buf, 4); } (void)BIO_seek(outdata, 0); BIO_write(outdata, out->header, HEADER_SIZE); remain = out->sectorSize - HEADER_SIZE; memset(buf, 0, (size_t)remain); BIO_write(outdata, buf, (int)remain); } static char *header_new(MSI_FILE_HDR *hdr, MSI_OUT *out) { int i; char buf[4]; char *data = OPENSSL_malloc(HEADER_SIZE); static u_char dead_food[] = { 0xde, 0xad, 0xf0, 0x0d }; /* initialise 512 bytes */ memset(data, 0, HEADER_SIZE); memcpy(data + HEADER_SIGNATURE, msi_magic, sizeof msi_magic); memset(data + HEADER_CLSID, 0, 16); PUT_UINT16_LE(hdr->minorVersion, buf); memcpy(data + HEADER_MINOR_VER, buf, 2); if (out->sectorSize == 4096) { PUT_UINT16_LE(0x0004, buf); } else { PUT_UINT16_LE(0x0003, buf); } memcpy(data + HEADER_MAJOR_VER, buf, 2); PUT_UINT16_LE(hdr->byteOrder, buf); memcpy(data + HEADER_BYTE_ORDER, buf, 2); PUT_UINT16_LE(hdr->sectorShift, buf); if (out->sectorSize == 4096) { PUT_UINT16_LE(0x000C, buf); } else { PUT_UINT16_LE(0x0009, buf); } memcpy(data + HEADER_SECTOR_SHIFT, buf, 2); PUT_UINT16_LE(hdr->miniSectorShift, buf); memcpy(data + HEADER_MINI_SECTOR_SHIFT, buf, 2); memset(data + RESERVED, 0, 6); memset(data + HEADER_DIR_SECTORS_NUM, 0, 4); /* not used for version 3 */ memcpy(data + HEADER_FAT_SECTORS_NUM, dead_food, 4); memcpy(data + HEADER_DIR_SECTOR_LOC, dead_food, 4); memset(data + HEADER_TRANSACTION, 0, 4); /* reserved */ PUT_UINT32_LE(MINI_STREAM_CUTOFF_SIZE, buf); memcpy(data + HEADER_MINI_STREAM_CUTOFF, buf, 4); memcpy(data + HEADER_MINI_FAT_SECTOR_LOC, dead_food, 4); memcpy(data + HEADER_MINI_FAT_SECTORS_NUM, dead_food, 4); PUT_UINT32_LE(ENDOFCHAIN, buf); memcpy(data + HEADER_DIFAT_SECTOR_LOC, buf, 4); memset(data + HEADER_DIFAT_SECTORS_NUM, 0, 4); /* no DIFAT */ memcpy(data + HEADER_DIFAT, dead_food, 4); /* sector number for FAT */ for (i = 1; i < DIFAT_IN_HEADER; i++) { memset(data + HEADER_DIFAT + 4*i, (int)FREESECT, 4); /* free FAT sectors */ } return data; } static int msiout_set(MSI_FILE *msi, uint32_t len_msi, uint32_t len_msiex, MSI_OUT *out) { uint32_t msi_size, msiex_size; out->sectorSize = msi->m_sectorSize; if (len_msi <= MINI_STREAM_CUTOFF_SIZE) { msi_size = ((len_msi + msi->m_minisectorSize - 1) / msi->m_minisectorSize) * msi->m_minisectorSize; } else { msi_size = ((len_msi + msi->m_sectorSize - 1) / msi->m_sectorSize) * msi->m_sectorSize; } msiex_size = ((len_msiex + msi->m_minisectorSize - 1) / msi->m_minisectorSize) * msi->m_minisectorSize; /* * no DIFAT sectors will be needed in a file that is smaller than * 6,813 MB (version 3 files), respectively 436,004 MB (version 4 files) */ if (msi->m_bufferLen + msi_size + msiex_size > 7143936) { out->sectorSize = 4096; } out->header = header_new(msi->m_hdr, out); out->minifatMemallocCount = msi->m_hdr->numMiniFATSector; out->fatMemallocCount = msi->m_hdr->numFATSector; out->ministream = NULL; out->minifat = OPENSSL_malloc((uint64_t)out->minifatMemallocCount * out->sectorSize); out->fat = OPENSSL_malloc((uint64_t)out->fatMemallocCount * out->sectorSize); out->miniSectorNum = 0; out->sectorNum = 0; return 1; /* OK */ } static int msi_file_write(MSI_FILE *msi, MSI_DIRENT *dirent, u_char *p_msi, uint32_t len_msi, u_char *p_msiex, uint32_t len_msiex, BIO *outdata) { MSI_OUT out; int ret = 0; memset(&out, 0, sizeof(MSI_OUT)); if (!msiout_set(msi, len_msi, len_msiex, &out)) { goto out; /* FAILED */ } (void)BIO_seek(outdata, out.sectorSize); if (!stream_handle(msi, dirent, p_msi, len_msi, p_msiex, len_msiex, outdata, &out, 1)) { goto out; /* FAILED */ } if (!ministream_save(dirent, outdata, &out)) { goto out; /* FAILED */ } if (!minifat_save(outdata, &out)) { goto out; /* FAILED */ } if (!dirtree_save(dirent, outdata, &out)) { goto out; /* FAILED */ } if (!fat_save(outdata, &out)) { goto out; /* FAILED */ } header_save(outdata, &out); ret = 1; /* OK */ out: OPENSSL_free(out.header); OPENSSL_free(out.fat); OPENSSL_free(out.minifat); return ret; } /* * Compute a message digest value of a signed or unsigned MSI file. * [in] ctx: structure holds input and output data * [in] md: message digest algorithm * [returns] calculated message digest BIO */ static BIO *msi_digest_calc_bio(FILE_FORMAT_CTX *ctx, BIO *hash) { if (ctx->options->add_msi_dse && !msi_calc_MsiDigitalSignatureEx(ctx, hash)) { fprintf(stderr, "Unable to calc MsiDigitalSignatureEx\n"); return NULL; /* FAILED */ } if (!msi_hash_dir(ctx->msi_ctx->msi, ctx->msi_ctx->dirent, hash, 1)) { fprintf(stderr, "Unable to msi_handle_dir()\n"); return NULL; /* FAILED */ } return hash; } /* * MsiDigitalSignatureEx is an enhanced signature type that * can be used when signing MSI files. In addition to * file content, it also hashes some file metadata, specifically * file names, file sizes, creation times and modification times. * * The file content hashing part stays the same, so the * msi_handle_dir() function can be used across both variants. * * When an MsiDigitalSignatureEx section is present in an MSI file, * the meaning of the DigitalSignature section changes: Instead * of being merely a file content hash (as what is output by the * msi_handle_dir() function), it is now hashes both content * and metadata. * * Here is how it works: * * First, a "pre-hash" is calculated. This is the "metadata" hash. * It iterates over the files in the MSI in the same order as the * file content hashing method would - but it only processes the * metadata. * * Once the pre-hash is calculated, a new hash is created for * calculating the hash of the file content. The output of the * pre-hash is added as the first element of the file content hash. * * After the pre-hash is written, what follows is the "regular" * stream of data that would normally be written when performing * file content hashing. * * The output of this hash, which combines both metadata and file * content, is what will be output in signed form to the * DigitalSignature section when in 'MsiDigitalSignatureEx' mode. * * As mentioned previously, this new mode of operation is signalled * by the presence of a 'MsiDigitalSignatureEx' section in the MSI * file. This section must come after the 'DigitalSignature' * section, and its content must be the output of the pre-hash * ("metadata") hash. */ static int msi_calc_MsiDigitalSignatureEx(FILE_FORMAT_CTX *ctx, BIO *hash) { size_t written; BIO *prehash = BIO_new(BIO_f_md()); if (!BIO_set_md(prehash, ctx->options->md)) { fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(prehash); return 0; /* FAILED */ } BIO_push(prehash, BIO_new(BIO_s_null())); if (!msi_prehash_dir(ctx->msi_ctx->dirent, prehash, 1)) { fprintf(stderr, "Unable to calculate MSI pre-hash ('metadata') hash\n"); return 0; /* FAILED */ } if (ctx->msi_ctx->p_msiex) { /* attach-signature counts MsiDigitalSignatureEx stream data twice */ OPENSSL_free(ctx->msi_ctx->p_msiex); ctx->msi_ctx->p_msiex = NULL; } ctx->msi_ctx->p_msiex = OPENSSL_malloc(EVP_MAX_MD_SIZE); ctx->msi_ctx->len_msiex = (uint32_t)BIO_gets(prehash, (char *)ctx->msi_ctx->p_msiex, EVP_MAX_MD_SIZE); if (!BIO_write_ex(hash, ctx->msi_ctx->p_msiex, ctx->msi_ctx->len_msiex, &written) || written != ctx->msi_ctx->len_msiex) return 0; /* FAILED */ BIO_free_all(prehash); return 1; /* OK */ } /* * Perform a sanity check for the MsiDigitalSignatureEx section. * If the file we're attempting to sign has an MsiDigitalSignatureEx * section, we can't add a nested signature of a different MD type * without breaking the initial signature. */ static int msi_check_MsiDigitalSignatureEx(FILE_FORMAT_CTX *ctx, MSI_ENTRY *dse, PKCS7 *p7) { if (dse && GET_UINT32_LE(dse->size) != (uint32_t)EVP_MD_size(ctx->options->md)) { X509_ALGOR *alg; const ASN1_OBJECT *aoid; alg = sk_X509_ALGOR_value(p7->d.sign->md_algs, 0); X509_ALGOR_get0(&aoid, NULL, NULL, alg); fprintf(stderr, "Message digest algorithm found : %s\n", OBJ_nid2sn(OBJ_obj2nid(aoid))); fprintf(stderr, "It is not possible to add a nested signature of a different MD type to the MSI file " "without invalidating the initial signature, as the file contains MsiDigitalSignatureEx.\n" "The file should be signed again, rather than adding a nested signature.\n"); return 0; /* FAILED */ } if (!dse && ctx->options->add_msi_dse) { fprintf(stderr, "It is not possible to add a nested signature using the -add-msi-dse parameter " "without invalidating the initial signature, as the file does not contain MsiDigitalSignatureEx.\n" "The file should be signed again, rather than adding a nested signature.\n"); return 0; /* FAILED */ } if (dse && !ctx->options->add_msi_dse) { fprintf(stderr, "It is not possible to add a signature without using the -add-msi-dse parameter, " "as doing so would invalidate the initial signature due to the presence of MsiDigitalSignatureEx.\n" "In this case, consider using the -add-msi-dse option.\n"); return 0; /* FAILED */ } return 1; /* OK */ } /* * [in] ctx: structure holds input and output data * [returns] the size of the message digest when passed an EVP_MD structure (the size of the hash) */ static int msi_hash_length_get(FILE_FORMAT_CTX *ctx) { return EVP_MD_size(ctx->options->md); } /* * Get DigitalSignature and MsiDigitalSignatureEx streams * to check if the signature exists. * [in, out] ctx: structure holds input and output datafv * [returns] 0 on error or 1 on successs */ static int msi_check_file(FILE_FORMAT_CTX *ctx) { char *indata = NULL; uint32_t inlen; MSI_ENTRY *ds, *dse = NULL; if (!ctx) { fprintf(stderr, "Init error\n"); return 0; /* FAILED */ } ds = msi_signatures_get(ctx->msi_ctx->dirent, &dse); if (!ds) { fprintf(stderr, "MSI file has no signature\n"); return 0; /* FAILED */ } inlen = GET_UINT32_LE(ds->size); if (inlen == 0 || inlen >= MAXREGSECT) { fprintf(stderr, "Corrupted DigitalSignature stream length 0x%08X\n", inlen); return 0; /* FAILED */ } indata = OPENSSL_malloc((size_t)inlen); if (!msi_file_read(ctx->msi_ctx->msi, ds, 0, indata, inlen)) { fprintf(stderr, "DigitalSignature stream data error\n\n"); OPENSSL_free(indata); return 0; /* FAILED */ } if (!dse) { printf("Warning: MsiDigitalSignatureEx stream doesn't exist\n"); } else { ctx->msi_ctx->len_msiex = GET_UINT32_LE(dse->size); if (ctx->msi_ctx->len_msiex == 0 || ctx->msi_ctx->len_msiex >= MAXREGSECT) { fprintf(stderr, "Corrupted MsiDigitalSignatureEx stream length 0x%08X\n", ctx->msi_ctx->len_msiex); OPENSSL_free(indata); return 0; /* FAILED */ } ctx->msi_ctx->p_msiex = OPENSSL_malloc((size_t)ctx->msi_ctx->len_msiex); if (!msi_file_read(ctx->msi_ctx->msi, dse, 0, (char *)ctx->msi_ctx->p_msiex, ctx->msi_ctx->len_msiex)) { fprintf(stderr, "MsiDigitalSignatureEx stream data error\n\n"); OPENSSL_free(indata); return 0; /* FAILED */ } } OPENSSL_free(indata); return 1; /* OK */ } /* Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: */ osslsigncode-2.9/osslsigncode.bash000066400000000000000000000046431464004761700174330ustar00rootroot00000000000000# bash completion for osslsigncode -*- shell-script -*- # Copyright (C) 2021-2022 Michał Trojnara # Author: Małgorzata Olszówka bind 'set show-all-if-ambiguous on' bind 'set completion-ignore-case on' COMP_WORDBREAKS=${COMP_WORDBREAKS//:} _comp_cmd_osslsigncode() { local cur prev words cword _init_completion || return local commands command options timestamps rfc3161 commands="--help --version -v sign add attach-signature extract-signature remove-signature verify" timestamps="http://timestamp.digicert.com http://time.certum.pl http://timestamp.sectigo.com http://timestamp.globalsign.com/?signature=sha2" rfc3161="http://timestamp.digicert.com http://time.certum.pl http://timestamp.entrust.net/TSS/RFC3161sha2TS http://tss.accv.es:8318/tsa http://kstamp.keynectis.com/KSign/ http://sha256timestamp.ws.symantec.com/sha256/timestamp" if ((cword == 1)); then COMPREPLY=($(compgen -W "${commands}" -- ${cur})) else command=${words[1]} case $prev in -ac | -c | -catalog | -certs | -spc | -key | -pkcs12 | -pass | \ -readpass | -pkcs11engine | -pkcs11module | -in | -out | -sigin | \ -n | -CAfile | -CRLfile | -TSA-CAfile | -TSA-CRLfile) _filedir return ;; -h | -require-leaf-hash) COMPREPLY=($(compgen -W 'md5 sha1 sha2 sha256 sha384 sha512' \ -- "$cur")) return ;; -jp) COMPREPLY=($(compgen -W 'low medium high' -- "$cur")) return ;; -t) COMPREPLY=($(compgen -W "${timestamps}" -- "$cur")) return ;; -ts) COMPREPLY=($(compgen -W "${rfc3161}" -- "$cur")) return ;; -i | -p) _known_hosts_real -- "$cur" return ;; esac if [[ $cur == -* ]]; then # possible options for the command options=$(_parse_help "$1" "$command --help" 2>/dev/null) COMPREPLY=($(compgen -W "${options}" -- ${cur})) fi fi } && complete -F _comp_cmd_osslsigncode osslsigncode # ex: filetype=sh osslsigncode-2.9/osslsigncode.c000066400000000000000000005404051464004761700167410ustar00rootroot00000000000000/* OpenSSL based Authenticode signing for PE/MSI/Java CAB files. Copyright (C) 2005-2015 Per Allansson Copyright (C) 2018-2023 Michał Trojnara This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . In addition, as a special exception, the copyright holders give permission to link the code of portions of this program with the OpenSSL library under certain conditions as described in each individual source file, and distribute linked combinations including the two. You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify file(s) with this exception, you may extend this exception to your version of the file(s), but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. If you delete this exception statement from all source files in the program, then also delete it here. */ /* Implemented with good help from: * Peter Gutmann's analysis of Authenticode: https://www.cs.auckland.ac.nz/~pgut001/pubs/authenticode.txt * MS CAB SDK documentation https://docs.microsoft.com/en-us/previous-versions/ms974336(v=msdn.10) * MS PE/COFF documentation https://docs.microsoft.com/en-us/windows/win32/debug/pe-format * MS Windows Authenticode PE Signature Format http://msdn.microsoft.com/en-US/windows/hardware/gg463183 (Although the part of how the actual checksumming is done is not how it is done inside Windows. The end result is however the same on all "normal" PE files.) * tail -c, tcpdump, mimencode & openssl asn1parse :) */ #include "osslsigncode.h" #include "helpers.h" /* * $ echo -n 3006030200013000 | xxd -r -p | openssl asn1parse -i -inform der * 0:d=0 hl=2 l= 6 cons: SEQUENCE * 2:d=1 hl=2 l= 2 prim: BIT STRING * 6:d=1 hl=2 l= 0 cons: SEQUENCE */ const u_char java_attrs_low[] = { 0x30, 0x06, 0x03, 0x02, 0x00, 0x01, 0x30, 0x00 }; /* * $ echo -n 300c060a2b060104018237020115 | xxd -r -p | openssl asn1parse -i -inform der * 0:d=0 hl=2 l= 12 cons: SEQUENCE * 2:d=1 hl=2 l= 10 prim: OBJECT :Microsoft Individual Code Signing */ const u_char purpose_ind[] = { 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x15 }; /* * $ echo -n 300c060a2b060104018237020116 | xxd -r -p | openssl asn1parse -i -inform der * 0:d=0 hl=2 l= 12 cons: SEQUENCE * 2:d=1 hl=2 l= 10 prim: OBJECT :Microsoft Commercial Code Signing */ const u_char purpose_comm[] = { 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x16 }; /* * ASN.1 definitions (more or less from official MS Authenticode docs) */ ASN1_CHOICE(SpcString) = { ASN1_IMP_OPT(SpcString, value.unicode, ASN1_BMPSTRING, 0), ASN1_IMP_OPT(SpcString, value.ascii, ASN1_IA5STRING, 1) } ASN1_CHOICE_END(SpcString) IMPLEMENT_ASN1_FUNCTIONS(SpcString) ASN1_SEQUENCE(SpcSerializedObject) = { ASN1_SIMPLE(SpcSerializedObject, classId, ASN1_OCTET_STRING), ASN1_SIMPLE(SpcSerializedObject, serializedData, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(SpcSerializedObject) IMPLEMENT_ASN1_FUNCTIONS(SpcSerializedObject) ASN1_CHOICE(SpcLink) = { ASN1_IMP_OPT(SpcLink, value.url, ASN1_IA5STRING, 0), ASN1_IMP_OPT(SpcLink, value.moniker, SpcSerializedObject, 1), ASN1_EXP_OPT(SpcLink, value.file, SpcString, 2) } ASN1_CHOICE_END(SpcLink) IMPLEMENT_ASN1_FUNCTIONS(SpcLink) ASN1_SEQUENCE(SpcSpOpusInfo) = { ASN1_EXP_OPT(SpcSpOpusInfo, programName, SpcString, 0), ASN1_EXP_OPT(SpcSpOpusInfo, moreInfo, SpcLink, 1) } ASN1_SEQUENCE_END(SpcSpOpusInfo) IMPLEMENT_ASN1_FUNCTIONS(SpcSpOpusInfo) ASN1_SEQUENCE(SpcSipInfo) = { ASN1_SIMPLE(SpcSipInfo, a, ASN1_INTEGER), ASN1_SIMPLE(SpcSipInfo, string, ASN1_OCTET_STRING), ASN1_SIMPLE(SpcSipInfo, b, ASN1_INTEGER), ASN1_SIMPLE(SpcSipInfo, c, ASN1_INTEGER), ASN1_SIMPLE(SpcSipInfo, d, ASN1_INTEGER), ASN1_SIMPLE(SpcSipInfo, e, ASN1_INTEGER), ASN1_SIMPLE(SpcSipInfo, f, ASN1_INTEGER), } ASN1_SEQUENCE_END(SpcSipInfo) IMPLEMENT_ASN1_FUNCTIONS(SpcSipInfo) ASN1_SEQUENCE(SpcAttributeTypeAndOptionalValue) = { ASN1_SIMPLE(SpcAttributeTypeAndOptionalValue, type, ASN1_OBJECT), ASN1_OPT(SpcAttributeTypeAndOptionalValue, value, ASN1_ANY) } ASN1_SEQUENCE_END(SpcAttributeTypeAndOptionalValue) IMPLEMENT_ASN1_FUNCTIONS(SpcAttributeTypeAndOptionalValue) ASN1_SEQUENCE(AlgorithmIdentifier) = { ASN1_SIMPLE(AlgorithmIdentifier, algorithm, ASN1_OBJECT), ASN1_OPT(AlgorithmIdentifier, parameters, ASN1_ANY) } ASN1_SEQUENCE_END(AlgorithmIdentifier) IMPLEMENT_ASN1_FUNCTIONS(AlgorithmIdentifier) ASN1_SEQUENCE(DigestInfo) = { ASN1_SIMPLE(DigestInfo, digestAlgorithm, AlgorithmIdentifier), ASN1_SIMPLE(DigestInfo, digest, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(DigestInfo) IMPLEMENT_ASN1_FUNCTIONS(DigestInfo) ASN1_SEQUENCE(SpcIndirectDataContent) = { ASN1_SIMPLE(SpcIndirectDataContent, data, SpcAttributeTypeAndOptionalValue), ASN1_SIMPLE(SpcIndirectDataContent, messageDigest, DigestInfo) } ASN1_SEQUENCE_END(SpcIndirectDataContent) IMPLEMENT_ASN1_FUNCTIONS(SpcIndirectDataContent) ASN1_SEQUENCE(CatalogAuthAttr) = { ASN1_SIMPLE(CatalogAuthAttr, type, ASN1_OBJECT), ASN1_OPT(CatalogAuthAttr, contents, ASN1_ANY) } ASN1_SEQUENCE_END(CatalogAuthAttr) IMPLEMENT_ASN1_FUNCTIONS(CatalogAuthAttr) /* * Structures for Authenticode Timestamp */ ASN1_SEQUENCE(TimeStampRequestBlob) = { ASN1_SIMPLE(TimeStampRequestBlob, type, ASN1_OBJECT), ASN1_EXP_OPT(TimeStampRequestBlob, signature, ASN1_OCTET_STRING, 0) } ASN1_SEQUENCE_END(TimeStampRequestBlob) IMPLEMENT_ASN1_FUNCTIONS(TimeStampRequestBlob) ASN1_SEQUENCE(TimeStampRequest) = { ASN1_SIMPLE(TimeStampRequest, type, ASN1_OBJECT), ASN1_SIMPLE(TimeStampRequest, blob, TimeStampRequestBlob) } ASN1_SEQUENCE_END(TimeStampRequest) IMPLEMENT_ASN1_FUNCTIONS(TimeStampRequest) ASN1_SEQUENCE(CatalogInfo) = { ASN1_SIMPLE(CatalogInfo, digest, ASN1_OCTET_STRING), ASN1_SET_OF(CatalogInfo, attributes, CatalogAuthAttr) } ASN1_SEQUENCE_END(CatalogInfo) IMPLEMENT_ASN1_FUNCTIONS(CatalogInfo) ASN1_SEQUENCE(MsCtlContent) = { ASN1_SIMPLE(MsCtlContent, type, SpcAttributeTypeAndOptionalValue), ASN1_SIMPLE(MsCtlContent, identifier, ASN1_OCTET_STRING), ASN1_SIMPLE(MsCtlContent, time, ASN1_UTCTIME), ASN1_SIMPLE(MsCtlContent, version, SpcAttributeTypeAndOptionalValue), ASN1_SEQUENCE_OF(MsCtlContent, header_attributes, CatalogInfo), ASN1_OPT(MsCtlContent, filename, ASN1_ANY) } ASN1_SEQUENCE_END(MsCtlContent) IMPLEMENT_ASN1_FUNCTIONS(MsCtlContent) /* Prototypes */ static ASN1_INTEGER *create_nonce(int bits); static char *clrdp_url_get_x509(X509 *cert); static time_t time_t_get_asn1_time(const ASN1_TIME *s); static time_t time_t_get_si_time(PKCS7_SIGNER_INFO *si); static ASN1_UTCTIME *asn1_time_get_si_time(PKCS7_SIGNER_INFO *si); static time_t time_t_get_cms_time(CMS_ContentInfo *cms); static CMS_ContentInfo *cms_get_timestamp(PKCS7_SIGNED *p7_signed, PKCS7_SIGNER_INFO *countersignature); static int cursig_set_nested(PKCS7 *cursig, PKCS7 *p7); static int nested_signatures_number_get(PKCS7 *p7); static int X509_attribute_chain_append_object(STACK_OF(X509_ATTRIBUTE) **unauth_attr, u_char *p, int len, const char *oid); static STACK_OF(PKCS7) *signature_list_create(PKCS7 *p7); static int PKCS7_compare(const PKCS7 *const *a, const PKCS7 *const *b); static PKCS7 *pkcs7_get_sigfile(FILE_FORMAT_CTX *ctx); static void print_cert(X509 *cert, int i); static int x509_store_load_crlfile(X509_STORE *store, char *cafile, char *crlfile); /* A timestamp request looks like this: POST HTTP/1.1 Content-Type: application/octet-stream Content-Length: ... Accept: application/octet-stream User-Agent: Transport Host: ... Cache-Control: no-cache .. and the blob has the following ASN1 structure: 0:d=0 hl=4 l= 291 cons: SEQUENCE 4:d=1 hl=2 l= 10 prim: OBJECT :1.3.6.1.4.1.311.3.2.1 16:d=1 hl=4 l= 275 cons: SEQUENCE 20:d=2 hl=2 l= 9 prim: OBJECT :pkcs7-data 31:d=2 hl=4 l= 260 cons: cont [ 0 ] 35:d=3 hl=4 l= 256 prim: OCTET STRING .. and it returns a base64 encoded PKCS#7 structure. */ /* * Encode RFC3161 timestamp request and write it into BIO * [in] p7: new PKCS#7 signature * [in] md: message digest algorithm type * [returns] pointer to BIO with RFC3161 Timestamp Request */ static BIO *bio_encode_rfc3161_request(PKCS7 *p7, const EVP_MD *md) { STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_SIGNER_INFO *si; u_char mdbuf[EVP_MAX_MD_SIZE]; TS_MSG_IMPRINT *msg_imprint = NULL; ASN1_INTEGER *nonce = NULL; X509_ALGOR *alg = NULL; TS_REQ *req = NULL; BIO *bout = NULL, *bhash = NULL; u_char *p; int len; signer_info = PKCS7_get_signer_info(p7); if (!signer_info) goto out; si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) goto out; bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { fprintf(stderr, "Unable to set the message digest of BIO\n"); goto out; } BIO_push(bhash, BIO_new(BIO_s_null())); BIO_write(bhash, si->enc_digest->data, si->enc_digest->length); BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md)); req = TS_REQ_new(); if (!req) goto out; if (!TS_REQ_set_version(req, 1)) goto out; msg_imprint = TS_MSG_IMPRINT_new(); if (!msg_imprint) goto out; alg = X509_ALGOR_new(); if (!alg) goto out; X509_ALGOR_set_md(alg, md); if (!X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_nid(md)), V_ASN1_NULL, NULL)) goto out; if (!TS_MSG_IMPRINT_set_algo(msg_imprint, alg)) goto out; if (!TS_MSG_IMPRINT_set_msg(msg_imprint, mdbuf, EVP_MD_size(md))) goto out; if (!TS_REQ_set_msg_imprint(req, msg_imprint)) goto out; /* Setting nonce */ nonce = create_nonce(NONCE_LENGTH); if (!nonce) goto out; if (!TS_REQ_set_nonce(req, nonce)) goto out; /* TSA is expected to include its signing certificate in the response, flag 0xFF */ if (!TS_REQ_set_cert_req(req, 1)) goto out; len = i2d_TS_REQ(req, NULL); p = OPENSSL_malloc((size_t)len); len = i2d_TS_REQ(req, &p); p -= len; bout = BIO_new(BIO_s_mem()); BIO_write(bout, p, len); OPENSSL_free(p); (void)BIO_flush(bout); out: BIO_free_all(bhash); ASN1_INTEGER_free(nonce); TS_MSG_IMPRINT_free(msg_imprint); X509_ALGOR_free(alg); TS_REQ_free(req); return bout; } static ASN1_INTEGER *create_nonce(int bits) { unsigned char buf[20]; ASN1_INTEGER *nonce = NULL; int len = (bits - 1) / 8 + 1; int i; if (len > (int)sizeof(buf)) { fprintf(stderr, "Invalid nonce size\n"); return NULL; } if (RAND_bytes(buf, len) <= 0) { fprintf(stderr, "Random nonce generation failed\n"); return NULL; } /* Find the first non-zero byte and creating ASN1_INTEGER object. */ for (i = 0; i < len && !buf[i]; ++i) { } nonce = ASN1_INTEGER_new(); if (!nonce) { fprintf(stderr, "Could not create nonce\n"); return NULL; } OPENSSL_free(nonce->data); nonce->length = len - i; nonce->data = OPENSSL_malloc((size_t)nonce->length + 1); memcpy(nonce->data, buf + i, (size_t)nonce->length); return nonce; } /* * Encode authenticode timestamp request and write it into BIO * [in] p7: new PKCS#7 signature * [returns] pointer to BIO with authenticode Timestamp Request */ static BIO *bio_encode_authenticode_request(PKCS7 *p7) { STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_SIGNER_INFO *si; TimeStampRequest *req; BIO *bout, *b64; u_char *p; int len; signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return 0; /* FAILED */ si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return 0; /* FAILED */ req = TimeStampRequest_new(); req->type = OBJ_txt2obj(SPC_TIME_STAMP_REQUEST_OBJID, 1); req->blob->type = OBJ_nid2obj(NID_pkcs7_data); req->blob->signature = si->enc_digest; len = i2d_TimeStampRequest(req, NULL); p = OPENSSL_malloc((size_t)len); len = i2d_TimeStampRequest(req, &p); p -= len; req->blob->signature = NULL; TimeStampRequest_free(req); bout = BIO_new(BIO_s_mem()); b64 = BIO_new(BIO_f_base64()); bout = BIO_push(b64, bout); BIO_write(bout, p, len); OPENSSL_free(p); (void)BIO_flush(bout); return bout; } /* * If successful the RFC 3161 timestamp will be written into * the PKCS7 SignerInfo structure as an unauthenticated attribute - cont[1]. * [in, out] p7: new PKCS#7 signature * [in] response: RFC3161 response * [in] verbose: additional output mode * [returns] 1 on error or 0 on success */ static int attach_rfc3161_response(PKCS7 *p7, TS_RESP *response, int verbose) { PKCS7_SIGNER_INFO *si; TS_STATUS_INFO *status; PKCS7 *token; u_char *p; int i, len; STACK_OF(PKCS7_SIGNER_INFO) *signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return 1; /* FAILED */ si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return 1; /* FAILED */ if (!response) return 1; /* FAILED */ status = TS_RESP_get_status_info(response); if (ASN1_INTEGER_get(TS_STATUS_INFO_get0_status(status)) != 0) { if (verbose) { const STACK_OF(ASN1_UTF8STRING) *reasons = TS_STATUS_INFO_get0_text(status); fprintf(stderr, "Timestamping failed: status %ld\n", ASN1_INTEGER_get(TS_STATUS_INFO_get0_status(status))); for (i = 0; i < sk_ASN1_UTF8STRING_num(reasons); i++) { ASN1_UTF8STRING *reason = sk_ASN1_UTF8STRING_value(reasons, i); fprintf(stderr, "%s\n", ASN1_STRING_get0_data(reason)); } } return 1; /* FAILED */ } token = TS_RESP_get_token(response); if (((len = i2d_PKCS7(token, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { if (verbose) { fprintf(stderr, "Failed to convert pkcs7: %d\n", len); ERR_print_errors_fp(stderr); } return 1; /* FAILED */ } len = i2d_PKCS7(token, &p); p -= len; if (!X509_attribute_chain_append_object(&(si->unauth_attr), p, len, SPC_RFC3161_OBJID)) { OPENSSL_free(p); return 1; /* FAILED */ } OPENSSL_free(p); return 0; /* OK */ } /* * If successful the authenticode timestamp will be written into * the PKCS7 SignerInfo structure as an unauthenticated attribute - cont[1]: * p7->d.sign->signer_info->unauth_attr * [in, out] p7: new PKCS#7 signature * [in] resp: PKCS#7 authenticode response * [in] verbose: additional output mode * [returns] 1 on error or 0 on success */ static int attach_authenticode_response(PKCS7 *p7, PKCS7 *resp, int verbose) { PKCS7_SIGNER_INFO *info, *si; u_char *p; int len, i; STACK_OF(PKCS7_SIGNER_INFO) *signer_info; if (!resp) { return 1; /* FAILED */ } for(i = sk_X509_num(resp->d.sign->cert)-1; i>=0; i--) { PKCS7_add_certificate(p7, sk_X509_value(resp->d.sign->cert, i)); } signer_info = PKCS7_get_signer_info(resp); if (!signer_info) { PKCS7_free(resp); return 1; /* FAILED */ } info = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!info) { PKCS7_free(resp); return 1; /* FAILED */ } if (((len = i2d_PKCS7_SIGNER_INFO(info, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { if (verbose) { fprintf(stderr, "Failed to convert signer info: %d\n", len); ERR_print_errors_fp(stderr); } PKCS7_free(resp); return 1; /* FAILED */ } len = i2d_PKCS7_SIGNER_INFO(info, &p); p -= len; PKCS7_free(resp); signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return 1; /* FAILED */ si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return 1; /* FAILED */ if (!X509_attribute_chain_append_object(&(si->unauth_attr), p, len, PKCS9_COUNTER_SIGNATURE)) { OPENSSL_free(p); return 1; /* FAILED */ } OPENSSL_free(p); return 0; /* OK */ } static void print_proxy(char *proxy) { if (proxy) { printf ("Using configured proxy: %s\n", proxy); } else { char *http_proxy, *https_proxy; http_proxy = getenv("http_proxy"); if (!http_proxy) http_proxy = getenv("HTTP_PROXY"); if (http_proxy && *http_proxy != '\0') printf ("Using environmental HTTP proxy: %s\n", http_proxy); https_proxy = getenv("https_proxy"); if (!https_proxy) https_proxy = getenv("HTTPS_PROXY"); if (https_proxy && *https_proxy != '\0') printf ("Using environmental HTTPS proxy: %s\n", https_proxy); } } #if OPENSSL_VERSION_NUMBER<0x30000000L #ifdef ENABLE_CURL static int blob_has_nl = 0; /* * Callback for writing received data */ static size_t curl_write(void *ptr, size_t sz, size_t nmemb, void *stream) { size_t written, len = sz * nmemb; if (len > 0 && !blob_has_nl) { if (memchr(ptr, '\n', len)) blob_has_nl = 1; } if (!BIO_write_ex((BIO*)stream, ptr, len, &written) || written != len) return 0; /* FAILED */ return written; } /* * Get data from HTTP server. * [out] http_code: HTTP status * [in] url: URL of the CRL distribution point or Time-Stamp Authority HTTP server * [in] req: timestamp request * [in] proxy: proxy to getting the timestamp through * [in] noverifypeer: do not verify the Time-Stamp Authority's SSL certificate * [in] verbose: additional output mode * [in] rfc3161: Authenticode / RFC3161 Timestamp switch * [returns] pointer to BIO with X509 Certificate Revocation List or timestamp response */ static BIO *bio_get_http_curl(long *http_code, char *url, BIO *req, char *proxy, int noverifypeer, int verbose, int rfc3161) { CURL *curl; struct curl_slist *slist = NULL; CURLcode res; BIO *bin; u_char *p = NULL; long len = 0; if (!url) { return NULL; /* FAILED */ } print_proxy(proxy); /* Start a libcurl easy session and set options for a curl easy handle */ printf("Connecting to %s\n", url); curl = curl_easy_init(); if (proxy) { res = curl_easy_setopt(curl, CURLOPT_PROXY, proxy); if (res != CURLE_OK) { fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } if (!strncmp("http:", proxy, 5)) { res = curl_easy_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_HTTP); if (res != CURLE_OK) { fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } } if (!strncmp("socks:", proxy, 6)) { res = curl_easy_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); if (res != CURLE_OK) { fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } } } res = curl_easy_setopt(curl, CURLOPT_URL, url); if (res != CURLE_OK) { fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } /* * ask libcurl to show us the verbose output * curl_easy_setopt(curl, CURLOPT_VERBOSE, 42); */ if (noverifypeer) { res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE); if (res != CURLE_OK) { fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } } if (req) { /* POST */ if (rfc3161) { /* RFC3161 Timestamp */ slist = curl_slist_append(slist, "Content-Type: application/timestamp-query"); slist = curl_slist_append(slist, "Accept: application/timestamp-reply"); } else { /* Authenticode Timestamp */ slist = curl_slist_append(slist, "Content-Type: application/octet-stream"); slist = curl_slist_append(slist, "Accept: application/octet-stream"); } slist = curl_slist_append(slist, "User-Agent: Transport"); slist = curl_slist_append(slist, "Cache-Control: no-cache"); res = curl_easy_setopt(curl, CURLOPT_HTTPHEADER, slist); if (res != CURLE_OK) { fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } len = BIO_get_mem_data(req, &p); res = curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, len); if (res != CURLE_OK) { fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } res = curl_easy_setopt(curl, CURLOPT_POSTFIELDS, (char*)p); if (res != CURLE_OK) { fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } res = curl_easy_setopt(curl, CURLOPT_POST, 1); if (res != CURLE_OK) { fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } } bin = BIO_new(BIO_s_mem()); BIO_set_mem_eof_return(bin, 0); res = curl_easy_setopt(curl, CURLOPT_WRITEDATA, bin); if (res != CURLE_OK) { fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } res = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, curl_write); if (res != CURLE_OK) { fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); } /* Perform the request */ res = curl_easy_perform(curl); curl_slist_free_all(slist); if (res != CURLE_OK) { BIO_free_all(bin); if (verbose) fprintf(stderr, "CURL failure: %s %s\n", curl_easy_strerror(res), url); curl_easy_cleanup(curl); return NULL; /* FAILED */ } else { /* CURLE_OK (0) */ (void)BIO_flush(bin); curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, http_code); } /* End a libcurl easy handle */ curl_easy_cleanup(curl); if (req && !rfc3161) { /* BASE64 encoded Authenticode Timestamp */ BIO *b64 = BIO_new(BIO_f_base64()); if (!blob_has_nl) BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); bin = BIO_push(b64, bin); } return bin; } #endif /* ENABLE_CURL */ #else /* OPENSSL_VERSION_NUMBER<0x30000000L */ /* HTTP callback function that supports TLS connection also via HTTPS proxy */ static BIO *http_tls_cb(BIO *bio, void *arg, int connect, int detail) { HTTP_TLS_Info *info = (HTTP_TLS_Info *)arg; SSL_CTX *ssl_ctx = info->ssl_ctx; if (ssl_ctx == NULL) { /* not using TLS */ return bio; } if (connect && detail) { /* connecting with TLS */ SSL *ssl; BIO *sbio = NULL; if (info->use_proxy && !OSSL_HTTP_proxy_connect(bio, info->server, info->port, NULL, NULL, info->timeout, NULL, NULL)) { return NULL; } sbio = BIO_new(BIO_f_ssl()); if (sbio == NULL) { return NULL; } ssl = SSL_new(ssl_ctx); if (ssl == NULL) { BIO_free(sbio); return NULL; } SSL_set_tlsext_host_name(ssl, info->server); SSL_set_connect_state(ssl); BIO_set_ssl(sbio, ssl, BIO_CLOSE); bio = BIO_push(sbio, bio); } return bio; } static int verify_callback(int ok, X509_STORE_CTX *ctx) { if (!ok) { int error = X509_STORE_CTX_get_error(ctx); print_cert(X509_STORE_CTX_get_current_cert(ctx), 0); if (error == X509_V_ERR_UNABLE_TO_GET_CRL) { char *url = clrdp_url_get_x509(X509_STORE_CTX_get_current_cert(ctx)); printf("\tWarning: Ignoring \'%s\' error for CRL validation\n", X509_verify_cert_error_string(error)); printf("\nUse the \"-HTTPS-CRLfile\" option to verify CRL\n"); if (url) { printf("HTTPS's CRL distribution point: %s\n", url); OPENSSL_free(url); } return 1; } else { printf("\tError: %s\n\n", X509_verify_cert_error_string(error)); } } return ok; } /* * Read data from socket BIO * [in] s_bio: socket BIO * [in] rctx: open connection context * [in] use_ssl: HTTPS request switch * [returns] memory BIO */ static BIO *socket_bio_read(BIO *s_bio, OSSL_HTTP_REQ_CTX *rctx, int use_ssl) { int retry = 1, ok = 0, written = 0, resp_len = 0; char *buf = OPENSSL_malloc(OSSL_HTTP_DEFAULT_MAX_RESP_LEN); BIO *resp = BIO_new(BIO_s_mem()); if (rctx) { resp_len = (int)OSSL_HTTP_REQ_CTX_get_resp_len(rctx); } if (resp_len == 0) { if (use_ssl) BIO_ssl_shutdown(s_bio); else { int fd = (int)BIO_get_fd(s_bio, NULL); if (fd >= 0) { #ifdef WIN32 (void)shutdown(fd, SD_SEND); #else /* WIN32 */ (void)shutdown(fd, SHUT_WR); #endif /* WIN32 */ } } } ERR_clear_error(); while (retry) { int n; errno = 0; n = BIO_read(s_bio, buf, OSSL_HTTP_DEFAULT_MAX_RESP_LEN); if (n > 0) { written += BIO_write(resp, buf, n); } else if (BIO_eof(s_bio) == 1) { ok = 1; retry = 0; /* EOF */ } else if (BIO_should_retry(s_bio)) { } else { unsigned long err = ERR_get_error(); if (err == 0) { ok = 1; retry = 0; /* use_ssl EOF */ } else { fprintf(stderr, "\nHTTP failure: error %ld: %s\n", err, ERR_reason_error_string(err)); retry = 0; /* FAILED */ } } if (resp_len > 0 && resp_len == written) { ok = 1; retry = 0; /* all response has been read */ } } OSSL_HTTP_close(rctx, ok); OPENSSL_free(buf); if (!ok) { BIO_free_all(resp); resp = NULL; } return resp; } /* * pkcs7-signedData bytes found indicates DER form * in otherwise BASE64 encoded * '\n' newline character means BASE64 line with newline at the end * in otherwise BIO_FLAGS_BASE64_NO_NL flag must me set * [in, out] resp: memory BIO with Authenticode Timestamp data * [returns] none */ static void check_authenticode_timestamp(BIO **resp) { u_char *ptr = NULL; const u_char pkcs7_signed[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02}; int i, len, pkcs7_signed_len, found = 0; len = (int)BIO_get_mem_data(*resp, &ptr); if (len <= 0) { return; } pkcs7_signed_len = (int)sizeof pkcs7_signed; for (i = 0; i <= len - pkcs7_signed_len; i++) { if (memcmp(ptr + i, pkcs7_signed, (size_t)pkcs7_signed_len) == 0) { found = 1; break; } } if (!found) { /* BASE64 encoded Authenticode Timestamp */ BIO *b64 = BIO_new(BIO_f_base64()); if (!memchr(ptr, '\n', (size_t)len)) { BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); } else { BIO *bio_mem = BIO_new_mem_buf(ptr, len); BIO_push(b64, bio_mem); } *resp = BIO_push(b64, *resp); } } /* * Get data from HTTP server. * [in] url: URL of the CRL distribution point or Time-Stamp Authority HTTP server * [in] req: timestamp request * [in] proxy: proxy to getting the timestamp through * [in] rfc3161: Authenticode / RFC3161 Timestamp switch * [in] cafile: file contains concatenated CA certificates in PEM format * [in] crlfile: file contains Certificate Revocation List (CRLs) * [returns] pointer to BIO with X509 Certificate Revocation List or timestamp response */ static BIO *bio_get_http(char *url, BIO *req, char *proxy, int rfc3161, char *cafile, char *crlfile) { BIO *tmp_bio = NULL, *s_bio = NULL, *resp = NULL; OSSL_HTTP_REQ_CTX *rctx = NULL; HTTP_TLS_Info info; SSL_CTX *ssl_ctx = NULL; char *server = NULL, *port = NULL, *path = NULL; int timeout = -1; /* blocking mode, exactly one try, see BIO_do_connect_retry() */ int keep_alive = 1; /* prefer */ int use_ssl = 0; if (!url) { return NULL; /* FAILED */ } print_proxy(proxy); printf("Connecting to %s\n", url); if (!OSSL_HTTP_parse_url(url, &use_ssl, NULL, &server, &port, NULL, &path, NULL, NULL)) { return NULL; /* FAILED */ } if (use_ssl) { X509_STORE *store = NULL; ssl_ctx = SSL_CTX_new(TLS_client_method()); if (cafile) { printf("HTTPS-CAfile: %s\n", cafile); if (crlfile) printf("HTTPS-CRLfile: %s\n", crlfile); store = SSL_CTX_get_cert_store(ssl_ctx); if (x509_store_load_crlfile(store, cafile, crlfile)) SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, verify_callback); else printf("Warning: HTTPS verification was skipped\n"); } else { printf("Warning: HTTPS verification was skipped\n"); } } info.server = server; info.port = port; info.use_proxy = OSSL_HTTP_adapt_proxy(proxy, NULL, server, use_ssl) != NULL; info.timeout = timeout; info.ssl_ctx = ssl_ctx; if (!req) { /* GET */ const char *expected_content_type = "application/pkix-crl"; s_bio = OSSL_HTTP_get(url, proxy, NULL, NULL, NULL, http_tls_cb, &info, 0, NULL, expected_content_type, 0, 0, timeout); } else { /* POST */ const char *content_type = "application/timestamp-query"; /* RFC3161 Timestamp */ const char *expected_content_type = "application/timestamp-reply"; if (!rfc3161) { u_char *p = NULL; long len = BIO_get_mem_data(req, &p); tmp_bio = BIO_new(BIO_s_mem()); BIO_write(tmp_bio, p, (int)len); req = BIO_push(tmp_bio, req); content_type = "application/octet-stream"; /* Authenticode Timestamp */ expected_content_type = "application/octet-stream"; } s_bio = OSSL_HTTP_transfer(&rctx, server, port, path, use_ssl, proxy, NULL, NULL, NULL, http_tls_cb, &info, 0, NULL, content_type, req, expected_content_type, 0, 0, timeout, keep_alive); BIO_free(tmp_bio); } OPENSSL_free(server); OPENSSL_free(port); OPENSSL_free(path); SSL_CTX_free(ssl_ctx); if (s_bio) { resp = socket_bio_read(s_bio, rctx, use_ssl); BIO_free_all(s_bio); if (resp && req && !rfc3161) check_authenticode_timestamp(&resp); } else { fprintf(stderr, "\nHTTP failure: Failed to get data from %s\n", url); } return resp; } #endif /* OPENSSL_VERSION_NUMBER<0x30000000L */ /* * Decode a HTTP response from BIO and write it into the PKCS7 structure * Add timestamp to the PKCS7 SignerInfo structure: * sig->d.sign->signer_info->unauth_attr * [in, out] p7: new PKCS#7 signature * [in] ctx: structure holds input and output data * [in] url: URL of the Time-Stamp Authority server * [in] rfc3161: Authenticode / RFC3161 Timestamp switch * [returns] 1 on error or 0 on success */ static int add_timestamp(PKCS7 *p7, FILE_FORMAT_CTX *ctx, char *url, int rfc3161) { BIO *req, *resp; int verbose = ctx->options->verbose || ctx->options->ntsurl == 1; int res = 1; #if OPENSSL_VERSION_NUMBER<0x30000000L #ifdef ENABLE_CURL long http_code = -1; #endif /* ENABLE_CURL */ #endif /* OPENSSL_VERSION_NUMBER<0x30000000L */ /* Encode timestamp request */ if (rfc3161) { req = bio_encode_rfc3161_request(p7, ctx->options->md); } else { req = bio_encode_authenticode_request(p7); } if (!req) { return 1; /* FAILED */ } #if OPENSSL_VERSION_NUMBER<0x30000000L #ifndef ENABLE_CURL (void)url; (void)rfc3161; fprintf(stderr, "Could NOT find CURL\n"); BIO_free_all(req); return NULL; /* FAILED */ #else /* ENABLE_CURL */ if (rfc3161) { resp = bio_get_http_curl(&http_code, url, req, ctx->options->proxy, ctx->options->noverifypeer, verbose, 1); } else { resp = bio_get_http_curl(&http_code, url, req, ctx->options->proxy, ctx->options->noverifypeer, verbose, 0); } #endif /* ENABLE_CURL */ #else /* OPENSSL_VERSION_NUMBER<0x30000000L */ if (rfc3161) { resp = bio_get_http(url, req, ctx->options->proxy, 1, ctx->options->noverifypeer ? NULL : ctx->options->https_cafile, ctx->options->noverifypeer ? NULL : ctx->options->https_crlfile); } else { resp = bio_get_http(url, req, ctx->options->proxy, 0, ctx->options->noverifypeer ? NULL : ctx->options->https_cafile, ctx->options->noverifypeer ? NULL : ctx->options->https_crlfile); } #endif /* OPENSSL_VERSION_NUMBER<0x30000000L */ BIO_free_all(req); if (resp != NULL) { if (rfc3161) { /* decode a RFC 3161 response from BIO */ TS_RESP *response = d2i_TS_RESP_bio(resp, NULL); res = attach_rfc3161_response(p7, response, verbose); TS_RESP_free(response); } else { /* decode an authenticode response from BIO */ PKCS7 *response = d2i_PKCS7_bio(resp, NULL); res = attach_authenticode_response(p7, response, verbose); } if (res && verbose) { #if OPENSSL_VERSION_NUMBER<0x30000000L #ifdef ENABLE_CURL if (http_code != -1) fprintf(stderr, "Failed to convert timestamp reply from %s; " "HTTP status %ld\n", url, http_code); else #endif /* ENABLE_CURL */ #endif /* OPENSSL_VERSION_NUMBER<0x30000000L */ fprintf(stderr, "Failed to convert timestamp reply from %s\n", url); ERR_print_errors_fp(stderr); } BIO_free_all(resp); } return res; } /* * [in, out] p7: new PKCS#7 signature * [in] ctx: structure holds input and output data * [returns] 0 on error or 1 on success */ static int add_timestamp_authenticode(PKCS7 *p7, FILE_FORMAT_CTX *ctx) { int i; for (i=0; ioptions->nturl; i++) { if (!add_timestamp(p7, ctx, ctx->options->turl[i], 0)) return 1; /* OK */ } return 0; /* FAILED */ } /* * [in, out] p7: new PKCS#7 signature * [in] ctx: structure holds input and output data * [returns] 0 on error or 1 on success */ static int add_timestamp_rfc3161(PKCS7 *p7, FILE_FORMAT_CTX *ctx) { int i; for (i=0; ioptions->ntsurl; i++) { if (!add_timestamp(p7, ctx, ctx->options->tsurl[i], 1)) return 1; /* OK */ } return 0; /* FAILED */ } /* * [in] resp_ctx: a response context that can be used for generating responses * [in] data: unused * [returns] hexadecimal serial number */ static ASN1_INTEGER *serial_cb(TS_RESP_CTX *resp_ctx, void *data) { int ret = 0; uint64_t buf; ASN1_INTEGER *serial = NULL; /* squash unused parameter warning */ (void)data; if (RAND_bytes((unsigned char *)&buf, sizeof buf) <= 0) { fprintf(stderr, "RAND_bytes failed\n"); goto out; } serial = ASN1_INTEGER_new(); if (!serial) goto out; ASN1_INTEGER_set_uint64(serial, buf); ret = 1; out: if (!ret) { TS_RESP_CTX_set_status_info(resp_ctx, TS_STATUS_REJECTION, "Error during serial number generation."); TS_RESP_CTX_add_failure_info(resp_ctx, TS_INFO_ADD_INFO_NOT_AVAILABLE); ASN1_INTEGER_free(serial); return NULL; /* FAILED */ } return serial; } /* * This must return the seconds and microseconds since Jan 1, 1970 in the sec * and usec variables allocated by the caller. * [in] resp_ctx: a response context that can be used for generating responses * [in] data: timestamping time * [out] sec: total of seconds since Jan 1, 1970 * [out] usec: microseconds (unused) * [returns] 0 on error or 1 on success */ static int time_cb(TS_RESP_CTX *resp_ctx, void *data, long *sec, long *usec) { time_t *time = (time_t *)data; if(!*time) { TS_RESP_CTX_set_status_info(resp_ctx, TS_STATUS_REJECTION, "Time is not available."); TS_RESP_CTX_add_failure_info(resp_ctx, TS_INFO_TIME_NOT_AVAILABLE); return 0; /* FAILED */ } *sec = (long int)*time; *usec = 0; return 1; /* OK */ } /* * [in] ctx: structure holds input and output data * [in] signer_cert: the signer certificate of the TSA in PEM format * [in] signer_key: the private key of the TSA in PEM format * [in] chain: the certificate chain that will all be included in the response * [in] bout: timestamp request * [returns] RFC3161 response */ static TS_RESP *get_rfc3161_response(FILE_FORMAT_CTX *ctx, X509 *signer_cert, EVP_PKEY *signer_key, STACK_OF(X509) *chain, BIO *bout) { TS_RESP_CTX *resp_ctx = NULL; TS_RESP *response = NULL; ASN1_OBJECT *policy_obj = NULL; resp_ctx = TS_RESP_CTX_new(); if (!resp_ctx) goto out; TS_RESP_CTX_set_serial_cb(resp_ctx, serial_cb, NULL); if (!TS_RESP_CTX_set_signer_cert(resp_ctx, signer_cert)) { goto out; } if (!TS_RESP_CTX_set_signer_key(resp_ctx, signer_key)) { goto out; } if (!TS_RESP_CTX_set_certs(resp_ctx, chain)) { goto out; } /* message digest algorithm that the TSA accepts */ if (!TS_RESP_CTX_add_md(resp_ctx, ctx->options->md)) { goto out; } /* signing digest to use */ if (!TS_RESP_CTX_set_signer_digest(resp_ctx, ctx->options->md)) { goto out; } /* default policy to use when the request does not mandate any policy * tsa_policy1 = 1.2.3.4.1 */ policy_obj = OBJ_txt2obj(TSA_POLICY1, 0); if (!policy_obj) { goto out; } if (!TS_RESP_CTX_set_def_policy(resp_ctx, policy_obj)) { goto out; } /* the accuracy of the time source of the TSA in seconds, milliseconds * and microseconds; e.g. secs:1, millisecs:500, microsecs:100; * 0 means not specified */ if (!TS_RESP_CTX_set_accuracy(resp_ctx, 1, 500, 100)) { goto out; } if (ctx->options->tsa_time) { TS_RESP_CTX_set_time_cb(resp_ctx, time_cb, &(ctx->options->tsa_time)); } /* generate RFC3161 response with embedded TS_TST_INFO structure */ response = TS_RESP_create_response(resp_ctx, bout); if (!response) { fprintf(stderr, "Failed to create RFC3161 response\n"); } out: ASN1_OBJECT_free(policy_obj); TS_RESP_CTX_free(resp_ctx); return response; } /* * [in] bin: certfile BIO * [in] certpass: NULL * [returns] pointer to STACK_OF(X509) structure */ static STACK_OF(X509) *X509_chain_read_certs(BIO *bin, char *certpass) { STACK_OF(X509) *certs = sk_X509_new_null(); X509 *x509; (void)BIO_seek(bin, 0); x509 = PEM_read_bio_X509(bin, NULL, NULL, certpass); while (x509) { sk_X509_push(certs, x509); x509 = PEM_read_bio_X509(bin, NULL, NULL, certpass); } ERR_clear_error(); if (!sk_X509_num(certs)) { sk_X509_free(certs); return NULL; } return certs; } /* * [in, out] p7: new PKCS#7 signature * [in] ctx: structure holds input and output data * [returns] 1 on error or 0 on success */ static int add_timestamp_builtin(PKCS7 *p7, FILE_FORMAT_CTX *ctx) { BIO *btmp, *bout; STACK_OF(X509) *chain; X509 *signer_cert = NULL; EVP_PKEY *signer_key; TS_RESP *response = NULL; int i, res = 1; btmp = BIO_new_file(ctx->options->tsa_certfile, "rb"); if (!btmp) { fprintf(stderr, "Failed to read Time-Stamp Authority certificate file: %s\n", ctx->options->tsa_certfile); return 0; /* FAILED */ } /* .pem certificate file */ chain = X509_chain_read_certs(btmp, NULL); BIO_free(btmp); btmp = BIO_new_file(ctx->options->tsa_keyfile, "rb"); if (!btmp) { fprintf(stderr, "Failed to read private key file: %s\n", ctx->options->tsa_keyfile); return 0; /* FAILED */ } signer_key = PEM_read_bio_PrivateKey(btmp, NULL, NULL, NULL); BIO_free(btmp); if(!chain || !signer_key) { fprintf(stderr, "Failed to load Time-Stamp Authority crypto parameters\n"); return 0; /* FAILED */ } /* find the signer's certificate located somewhere in the whole certificate chain */ for (i=0; ioptions->md); if (!bout) { fprintf(stderr, "Failed to encode timestamp request\n"); goto out; } response = get_rfc3161_response(ctx, signer_cert, signer_key, chain, bout); BIO_free_all(bout); if (response) { res = attach_rfc3161_response(p7, response, ctx->options->verbose); if (res) { fprintf(stderr, "Failed to convert timestamp reply\n"); ERR_print_errors_fp(stderr); } } else { fprintf(stderr, "Failed to obtain RFC3161 response\n"); } out: sk_X509_pop_free(chain, X509_free); EVP_PKEY_free(signer_key); TS_RESP_free(response); return res; } /* * If successful the unauthenticated blob will be written into * the PKCS7 SignerInfo structure as an unauthenticated attribute - cont[1]: * p7->d.sign->signer_info->unauth_attr * [in, out] p7: new PKCS#7 signature * [returns] 0 on error or 1 on success */ static int add_unauthenticated_blob(PKCS7 *p7) { PKCS7_SIGNER_INFO *si; STACK_OF(PKCS7_SIGNER_INFO) *signer_info; u_char *p = NULL; int len = 1024+4; /* Length data for ASN1 attribute plus prefix */ const char prefix[] = "\x0c\x82\x04\x00---BEGIN_BLOB---"; const char postfix[] = "---END_BLOB---"; signer_info = PKCS7_get_signer_info(p7); if (!signer_info) { fprintf(stderr, "Failed to obtain PKCS#7 signer info list\n"); return 0; /* FAILED */ } si = sk_PKCS7_SIGNER_INFO_value(p7->d.sign->signer_info, 0); if (!si) return 0; /* FAILED */ if ((p = OPENSSL_malloc((size_t)len)) == NULL) return 0; /* FAILED */ memset(p, 0, (size_t)len); memcpy(p, prefix, sizeof prefix); memcpy(p + len - sizeof postfix, postfix, sizeof postfix); if (!X509_attribute_chain_append_object(&(si->unauth_attr), p, len, SPC_UNAUTHENTICATED_DATA_BLOB_OBJID)) { OPENSSL_free(p); return 1; /* FAILED */ } OPENSSL_free(p); return 1; /* OK */ } /* * Add unauthenticated attributes (Countersignature, Unauthenticated Data Blob) * [in, out] p7: new PKCS#7 signature * [in, out] ctx: structure holds input and output data * [returns] 1 on error or 0 on success */ static int add_timestamp_and_blob(PKCS7 *p7, FILE_FORMAT_CTX *ctx) { /* add counter-signature/timestamp */ if (ctx->options->nturl && !add_timestamp_authenticode(p7, ctx)) { fprintf(stderr, "%s\n%s\n", "Authenticode timestamping failed", "Use the \"-ts\" option to add the RFC3161 Time-Stamp Authority or choose another one Authenticode Time-Stamp Authority"); return 1; /* FAILED */ } if (ctx->options->ntsurl && !add_timestamp_rfc3161(p7, ctx)) { fprintf(stderr, "%s\n%s\n", "RFC 3161 timestamping failed", "Use the \"-t\" option to add the Authenticode Time-Stamp Authority or choose another one RFC3161 Time-Stamp Authority"); return 1; /* FAILED */ } if (ctx->options->tsa_certfile && ctx->options->tsa_keyfile && add_timestamp_builtin(p7, ctx)) { fprintf(stderr, "Built-in timestamping failed\n"); return 1; /* FAILED */ } if (ctx->options->addBlob && !add_unauthenticated_blob(p7)) { fprintf(stderr, "Adding unauthenticated blob failed\n"); return 1; /* FAILED */ } return 0; /* OK */ } /* * Add unauthenticated attributes to the signature at a certain position * [in, out] p7: new PKCS#7 signature * [in, out] ctx: structure holds input and output data * [in] index: signature index * [returns] 1 on error or 0 on success */ static int add_nested_timestamp_and_blob(PKCS7 *p7, FILE_FORMAT_CTX *ctx, int index) { STACK_OF(PKCS7) *signatures; STACK_OF(PKCS7_SIGNER_INFO) *signer_info; STACK_OF(X509_ATTRIBUTE) *unauth_attr; PKCS7_SIGNER_INFO *si; PKCS7 *p7_tmp; int i; p7_tmp = PKCS7_dup(p7); if (!p7_tmp) { return 1; /* FAILED */ } signer_info = PKCS7_get_signer_info(p7); if (!signer_info) { fprintf(stderr, "Failed to obtain PKCS#7 signer info list\n"); return 1; /* FAILED */ } si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) { fprintf(stderr, "Failed to obtain PKCS#7 signer info value\n"); return 1; /* FAILED */ } unauth_attr = PKCS7_get_attributes(si); /* cont[1] */ if (unauth_attr) { /* try to find and remove SPC_NESTED_SIGNATURE_OBJID attribute */ for (i=0; iunauth_attr), p, len, SPC_NESTED_SIGNATURE_OBJID)) { OPENSSL_free(p); return 0; /* FAILED */ } OPENSSL_free(p); return 1; /* OK */ } /* * Return the number of objects in SPC_NESTED_SIGNATURE_OBJID attribute * [in] p7: existing PKCS#7 signature (Primary Signature) * [returns] -1 on error or the number of nested signatures */ static int nested_signatures_number_get(PKCS7 *p7) { int i; STACK_OF(X509_ATTRIBUTE) *unauth_attr; PKCS7_SIGNER_INFO *si; STACK_OF(PKCS7_SIGNER_INFO) *signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return -1; /* FAILED */ si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return -1; /* FAILED */ unauth_attr = PKCS7_get_attributes(si); /* cont[1] */ if (!unauth_attr) return 0; /* OK, no unauthenticated attributes */ for (i=0; id.sign->crl * [in] signer: signer's X509 certificate * [in] chain: list of additional certificates which will be untrusted but be used to build the chain * [returns] 0 on error or 1 on success */ static int verify_crl(char *cafile, char *crlfile, STACK_OF(X509_CRL) *crls, X509 *signer, STACK_OF(X509) *chain) { X509_STORE *store = NULL; X509_STORE_CTX *ctx = NULL; int verok = 0; ctx = X509_STORE_CTX_new(); if (!ctx) goto out; store = X509_STORE_new(); if (!store) goto out; if (!x509_store_load_crlfile(store, cafile, crlfile)) goto out; /* initialise an X509_STORE_CTX structure for subsequent use by X509_verify_cert()*/ if (!X509_STORE_CTX_init(ctx, store, signer, chain)) goto out; /* set an additional CRLs */ if (crls) X509_STORE_CTX_set0_crls(ctx, crls); printf("\nCertificate Revocation List verified using:\n"); if (X509_verify_cert(ctx) <= 0) { int error = X509_STORE_CTX_get_error(ctx); fprintf(stderr, "X509_verify_cert: certificate verify error: %s\n", X509_verify_cert_error_string(error)); goto out; } verok = 1; /* OK */ out: if (!verok) ERR_print_errors_fp(stderr); /* NULL is a valid parameter value for X509_STORE_free() and X509_STORE_CTX_free() */ X509_STORE_free(store); X509_STORE_CTX_free(ctx); return verok; } /* * [in] cert: X509 certificate * [returns] CRL distribution point url */ static char *clrdp_url_get_x509(X509 *cert) { STACK_OF(DIST_POINT) *crldp; DIST_POINT *dp; GENERAL_NAMES *gens; GENERAL_NAME *gen; int i, j, gtype; ASN1_STRING *uri; char *url = NULL; crldp = X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL); if (!crldp) return NULL; for (i = 0; i < sk_DIST_POINT_num(crldp); i++) { dp = sk_DIST_POINT_value(crldp, i); if (!dp->distpoint || dp->distpoint->type != 0) continue; gens = dp->distpoint->name.fullname; for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) { gen = sk_GENERAL_NAME_value(gens, j); uri = GENERAL_NAME_get0_value(gen, >ype); if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) { url = OPENSSL_strdup((const char *)ASN1_STRING_get0_data(uri)); if (strncmp(url, "http://", 7) == 0) goto out; OPENSSL_free(url); url = NULL; } } } out: sk_DIST_POINT_pop_free(crldp, DIST_POINT_free); return url; } /* * Get Certificate Revocation List from a CRL distribution point * and write it into the X509_CRL structure. * [in] ctx: structure holds input and output data * [in] url: URL of the CRL distribution point server * [returns] X509 Certificate Revocation List */ static X509_CRL *x509_crl_get(FILE_FORMAT_CTX *ctx, char *url) { X509_CRL *crl; BIO *bio = NULL; #if OPENSSL_VERSION_NUMBER<0x30000000L #ifndef ENABLE_CURL fprintf(stderr, "Could NOT find CURL\n"); return NULL; /* FAILED */ #else /* ENABLE_CURL */ long http_code = -1; bio = bio_get_http_curl(&http_code, url, NULL, ctx->options->proxy, 0, 1, 0); #endif /* ENABLE_CURL */ #else /* OPENSSL_VERSION_NUMBER<0x30000000L */ bio = bio_get_http(url, NULL, ctx->options->proxy, 0, ctx->options->noverifypeer ? NULL : ctx->options->https_cafile, ctx->options->noverifypeer ? NULL : ctx->options->https_crlfile); #endif /* OPENSSL_VERSION_NUMBER<0x30000000L */ if (!bio) { fprintf(stderr, "Faild to get CRL from %s\n\n", url); return NULL; /* FAILED */ } crl = d2i_X509_CRL_bio(bio, NULL); /* DER format */ if (!crl) { (void)BIO_seek(bio, 0); crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL); /* PEM format */ } BIO_free_all(bio); if (!crl) { fprintf(stderr, "Faild to decode CRL from %s\n\n", url); return NULL; /* FAILED */ } return crl; /* OK */ } /* * Create CRLs from p7->d.sign->crl and x509_CRL (from CRL distribution point). * [in] p7: PKCS#7 signature * [in] crl: X509 Certificate Revocation List * [returns] X509 Certificate Revocation Lists (CRLs) */ static STACK_OF(X509_CRL) *x509_crl_list_get(PKCS7 *p7, X509_CRL *crl) { int i; STACK_OF(X509_CRL) *crls = sk_X509_CRL_new_null(); for (i = 0; i < sk_X509_CRL_num(p7->d.sign->crl); i++) { if (!sk_X509_CRL_push(crls, sk_X509_CRL_value(p7->d.sign->crl, i))) { sk_X509_CRL_pop_free(crls, X509_CRL_free); return NULL; } } if (crl && !sk_X509_CRL_push(crls, crl)) { sk_X509_CRL_pop_free(crls, X509_CRL_free); X509_CRL_free(crl); return NULL; } return crls; } static void print_timestamp_serial_number(TS_TST_INFO *token) { BIGNUM *serialbn; char *number; if (!token) return; serialbn = ASN1_INTEGER_to_BN(TS_TST_INFO_get_serial(token), NULL); number = BN_bn2hex(serialbn); printf("Timestamp serial number: %s\n", number); BN_free(serialbn); OPENSSL_free(number); } /* * Compare the hash provided from the TSTInfo object against the hash computed * from the signature created by the signing certificate's private key * [in] p7: PKCS#7 signature * [in] timestamp: CMS_ContentInfo struct for Authenticode Timestamp or RFC 3161 Timestamp * [returns] 0 on error or 1 on success */ static int verify_timestamp_token(PKCS7 *p7, CMS_ContentInfo *timestamp) { STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_SIGNER_INFO *si; ASN1_OCTET_STRING **pos; signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return 0; /* FAILED */ si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return 0; /* FAILED */ /* get the embedded content */ pos = CMS_get0_content(timestamp); if (pos != NULL && *pos != NULL) { const u_char *p = (*pos)->data; TS_TST_INFO *token = d2i_TS_TST_INFO(NULL, &p, (*pos)->length); if (token) { BIO *bhash; u_char mdbuf[EVP_MAX_MD_SIZE]; ASN1_OCTET_STRING *hash; const ASN1_OBJECT *aoid; int md_nid; const EVP_MD *md; TS_MSG_IMPRINT *msg_imprint = TS_TST_INFO_get_msg_imprint(token); const X509_ALGOR *alg = TS_MSG_IMPRINT_get_algo(msg_imprint); X509_ALGOR_get0(&aoid, NULL, NULL, alg); md_nid = OBJ_obj2nid(aoid); md = EVP_get_digestbynid(md_nid); /* compute a hash from the encrypted message digest value of the file */ bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(bhash); TS_TST_INFO_free(token); return 0; /* FAILED */ } BIO_push(bhash, BIO_new(BIO_s_null())); BIO_write(bhash, si->enc_digest->data, si->enc_digest->length); BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md)); BIO_free_all(bhash); /* compare the provided hash against the computed hash */ hash =TS_MSG_IMPRINT_get_msg(msg_imprint); if (memcmp(mdbuf, hash->data, (size_t)hash->length)) { printf("Hash value mismatch:\n\tMessage digest algorithm: %s\n", (md_nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(md_nid)); print_hash("\tComputed message digest", "", mdbuf, EVP_MD_size(md)); print_hash("\tReceived message digest", "", hash->data, hash->length); printf("\nFile's message digest verification: failed\n"); TS_TST_INFO_free(token); return 0; /* FAILED */ } /* else Computed and received message digests matched */ print_timestamp_serial_number(token); TS_TST_INFO_free(token); } else /* our CMS_ContentInfo struct created for Authenticode Timestamp * does not contain any TS_TST_INFO struct as specified in RFC 3161 */ ERR_clear_error(); } return 1; /* OK */ } /* * [in] ctx: structure holds input and output data * [in] p7: PKCS#7 signature * [in] timestamp: CMS_ContentInfo struct for Authenticode Timestamp or RFC 3161 Timestamp * [in] time: timestamp verification time * [returns] 0 on error or 1 on success */ static int verify_timestamp(FILE_FORMAT_CTX *ctx, PKCS7 *p7, CMS_ContentInfo *timestamp, time_t time) { X509_STORE *store; STACK_OF(CMS_SignerInfo) *sinfos; CMS_SignerInfo *cmssi; X509 *signer; X509_CRL *crl = NULL; STACK_OF(X509_CRL) *crls = NULL; char *url = NULL; int verok = 0; store = X509_STORE_new(); if (!store) goto out; if (x509_store_load_file(store, ctx->options->tsa_cafile)) { /* * The TSA signing key MUST be of a sufficient length to allow for a sufficiently * long lifetime. Even if this is done, the key will have a finite lifetime. * Thus, any token signed by the TSA SHOULD be time-stamped again or notarized * at a later date to renew the trust that exists in the TSA's signature. * https://datatracker.ietf.org/doc/html/rfc3161#section-4 * Signtool does not respect this RFC and neither we do. * So verify timestamp against the time of its creation. */ if (!x509_store_set_time(store, time)) { fprintf(stderr, "Failed to set store time\n"); X509_STORE_free(store); goto out; } } else { printf("Use the \"-TSA-CAfile\" option to add the Time-Stamp Authority certificates bundle to verify the Timestamp Server.\n"); X509_STORE_free(store); goto out; } /* verify a CMS SignedData structure */ printf("\nTimestamp verified using:\n"); if (!CMS_verify(timestamp, NULL, store, 0, NULL, 0)) { STACK_OF(X509) *cms_certs; printf("CMS_verify error\n"); X509_STORE_free(store); printf("\nFailed timestamp certificate chain retrieved from the signature:\n"); cms_certs = CMS_get1_certs(timestamp); print_certs_chain(cms_certs); sk_X509_pop_free(cms_certs, X509_free); goto out; } X509_STORE_free(store); sinfos = CMS_get0_SignerInfos(timestamp); cmssi = sk_CMS_SignerInfo_value(sinfos, 0); CMS_SignerInfo_get0_algs(cmssi, NULL, &signer, NULL, NULL); /* verify a Certificate Revocation List */ if (!ctx->options->ignore_crl) { url = clrdp_url_get_x509(signer); } else { printf("CRL online verification disabled\n"); } if (url) { if (ctx->options->ignore_cdp) { printf("Ignored TSA's CRL distribution point: %s\n", url); } else { printf("TSA's CRL distribution point: %s\n", url); crl = x509_crl_get(ctx, url); } OPENSSL_free(url); if (!crl && !ctx->options->tsa_crlfile) { printf("Use the \"-TSA-CRLfile\" option to add one or more Time-Stamp Authority CRLs in PEM format.\n"); goto out; } } if (p7->d.sign->crl || crl) { crls = x509_crl_list_get(p7, crl); if (!crls) { fprintf(stderr, "Failed to use CRL distribution point\n"); goto out; } } if (ctx->options->tsa_crlfile || crls) { STACK_OF(X509) *chain = CMS_get1_certs(timestamp); int crlok = verify_crl(ctx->options->tsa_cafile, ctx->options->tsa_crlfile, crls, signer, chain); sk_X509_pop_free(chain, X509_free); sk_X509_CRL_pop_free(crls, X509_CRL_free); printf("Timestamp Server Signature CRL verification: %s\n", crlok ? "ok" : "failed"); if (!crlok) goto out; } else { printf("\n"); } /* check extended key usage flag XKU_TIMESTAMP */ if (!(X509_get_extended_key_usage(signer) & XKU_TIMESTAMP)) { fprintf(stderr, "Unsupported Signer's certificate purpose XKU_TIMESTAMP\n"); goto out; } /* verify the hash provided from the trusted timestamp */ if (!verify_timestamp_token(p7, timestamp)) { goto out; } verok = 1; /* OK */ out: if (!verok) ERR_print_errors_fp(stderr); return verok; } #if OPENSSL_VERSION_NUMBER<0x30000000L static int PKCS7_type_is_other(PKCS7 *p7) { int isOther = 1; int nid = OBJ_obj2nid(p7->type); switch (nid) { case NID_pkcs7_data: case NID_pkcs7_signed: case NID_pkcs7_enveloped: case NID_pkcs7_signedAndEnveloped: case NID_pkcs7_digest: case NID_pkcs7_encrypted: isOther = 0; break; default: isOther = 1; } return isOther; } #endif /* OPENSSL_VERSION_NUMBER<0x30000000L */ /* * [in] ctx: structure holds input and output data * [in] p7: PKCS#7 signature * [in] time: signature verification time * [in] signer: signer's X509 certificate * [returns] 1 on error or 0 on success */ static int verify_authenticode(FILE_FORMAT_CTX *ctx, PKCS7 *p7, time_t time, X509 *signer) { X509_STORE *store; X509_CRL *crl = NULL; STACK_OF(X509_CRL) *crls = NULL; BIO *bio = NULL; int verok = 0; char *url = NULL; PKCS7 *contents = p7->d.sign->contents; store = X509_STORE_new(); if (!store) goto out; if (!x509_store_load_file(store, ctx->options->cafile)) { fprintf(stderr, "Failed to add store lookup file\n"); X509_STORE_free(store); goto out; } if (time != INVALID_TIME) { printf("Signature verification time: "); print_time_t(time); if (!x509_store_set_time(store, time)) { fprintf(stderr, "Failed to set signature time\n"); X509_STORE_free(store); goto out; } } else if (ctx->options->time != INVALID_TIME) { printf("Signature verification time: "); print_time_t(ctx->options->time); if (!x509_store_set_time(store, ctx->options->time)) { fprintf(stderr, "Failed to set verifying time\n"); X509_STORE_free(store); goto out; } } /* verify a PKCS#7 signedData structure */ if (PKCS7_type_is_other(contents) && (contents->d.other != NULL) && (contents->d.other->value.sequence != NULL) && (contents->d.other->value.sequence->length > 0)) { if (contents->d.other->type == V_ASN1_SEQUENCE) { /* only verify the content of the sequence */ const unsigned char *data = contents->d.other->value.sequence->data; long len; int inf, tag, class; inf = ASN1_get_object(&data, &len, &tag, &class, contents->d.other->value.sequence->length); if (inf != V_ASN1_CONSTRUCTED || tag != V_ASN1_SEQUENCE) { fprintf(stderr, "Corrupted data content\n"); X509_STORE_free(store); goto out; } bio = BIO_new_mem_buf(data, (int)len); } else { /* verify the entire value */ bio = BIO_new_mem_buf(contents->d.other->value.sequence->data, contents->d.other->value.sequence->length); } } else { fprintf(stderr, "Corrupted data content\n"); X509_STORE_free(store); goto out; } printf("Signing certificate chain verified using:\n"); /* * In the PKCS7_verify() function, the BIO *indata parameter refers to * the signed data if the content is detached from p7. * Otherwise, indata should be NULL, and then the signed data must be in p7. * The OpenSSL error workaround is to put the inner content into BIO *indata parameter * https://github.com/openssl/openssl/pull/22575 */ if (!PKCS7_verify(p7, NULL, store, bio, NULL, 0)) { printf("PKCS7_verify error\n"); X509_STORE_free(store); BIO_free(bio); printf("Failed signing certificate chain retrieved from the signature:\n"); print_certs_chain(p7->d.sign->cert); goto out; } X509_STORE_free(store); BIO_free(bio); /* verify a Certificate Revocation List */ if (!ctx->options->ignore_crl) { url = clrdp_url_get_x509(signer); } else { printf("CRL online verification disabled\n"); } if (url) { if (ctx->options->ignore_cdp) { printf("Ignored CRL distribution point: %s\n", url); } else { printf("CRL distribution point: %s\n", url); crl = x509_crl_get(ctx, url); } OPENSSL_free(url); if (!crl && !ctx->options->crlfile) { printf("Use the \"-CRLfile\" option to add one or more CRLs in PEM format.\n"); goto out; } } if (p7->d.sign->crl || crl) { crls = x509_crl_list_get(p7, crl); if (!crls) { fprintf(stderr, "Failed to use CRL distribution point\n"); goto out; } } if (ctx->options->crlfile || crls) { STACK_OF(X509) *chain = p7->d.sign->cert; int crlok = verify_crl(ctx->options->cafile, ctx->options->crlfile, crls, signer, chain); sk_X509_CRL_pop_free(crls, X509_CRL_free); printf("Signature CRL verification: %s\n", crlok ? "ok" : "failed"); if (!crlok) goto out; } /* check extended key usage flag XKU_CODE_SIGN */ if (!(X509_get_extended_key_usage(signer) & XKU_CODE_SIGN)) { fprintf(stderr, "Unsupported Signer's certificate purpose XKU_CODE_SIGN\n"); goto out; } verok = 1; /* OK */ out: if (!verok) ERR_print_errors_fp(stderr); return verok; } /* * [in] leafhash: optional hash algorithm and the signer's certificate hash * [in] cert: signer's x509 certificate * [returns] 0 on error or 1 on success */ static int verify_leaf_hash(X509 *cert, const char *leafhash) { u_char *mdbuf = NULL, *certbuf, *tmp; u_char cmdbuf[EVP_MAX_MD_SIZE]; const EVP_MD *md; long mdlen = 0; size_t certlen, written; BIO *bhash; /* decode the provided hash */ char *mdid = OPENSSL_strdup(leafhash); char *hash = strchr(mdid, ':'); if (hash == NULL) { fprintf(stderr, "\nUnable to parse -require-leaf-hash parameter: %s\n", leafhash); OPENSSL_free(mdid); return 0; /* FAILED */ } *hash++ = '\0'; md = EVP_get_digestbyname(mdid); if (md == NULL) { fprintf(stderr, "\nUnable to lookup digest by name '%s'\n", mdid); OPENSSL_free(mdid); return 0; /* FAILED */ } mdbuf = OPENSSL_hexstr2buf(hash, &mdlen); if (mdlen != EVP_MD_size(md)) { fprintf(stderr, "\nHash length mismatch: '%s' digest must be %d bytes long (got %ld bytes)\n", mdid, EVP_MD_size(md), mdlen); OPENSSL_free(mdid); OPENSSL_free(mdbuf); return 0; /* FAILED */ } OPENSSL_free(mdid); /* compute the leaf certificate hash */ bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(bhash); OPENSSL_free(mdbuf); return 0; /* FAILED */ } BIO_push(bhash, BIO_new(BIO_s_null())); certlen = (size_t)i2d_X509(cert, NULL); certbuf = OPENSSL_malloc(certlen); tmp = certbuf; i2d_X509(cert, &tmp); if (!BIO_write_ex(bhash, certbuf, certlen, &written) || written != certlen) { BIO_free_all(bhash); OPENSSL_free(mdbuf); OPENSSL_free(certbuf); return 0; /* FAILED */ } BIO_gets(bhash, (char*)cmdbuf, EVP_MD_size(md)); BIO_free_all(bhash); OPENSSL_free(certbuf); /* compare the provided hash against the computed hash */ if (memcmp(mdbuf, cmdbuf, (size_t)EVP_MD_size(md))) { print_hash("\nLeaf hash value mismatch", "computed", cmdbuf, EVP_MD_size(md)); OPENSSL_free(mdbuf); return 0; /* FAILED */ } OPENSSL_free(mdbuf); return 1; /* OK */ } /* * [in] timestamp: CMS_ContentInfo struct for Authenticode Timestamp or RFC 3161 Timestamp * [in] time: timestamp verification time * [returns] 0 on error or 1 on success */ static int print_cms_timestamp(CMS_ContentInfo *timestamp, time_t time) { STACK_OF(CMS_SignerInfo) *sinfos; CMS_SignerInfo *si; X509_ATTRIBUTE *attr; int md_nid; ASN1_INTEGER *serialno; char *issuer_name, *serial; BIGNUM *serialbn; X509_ALGOR *pdig; X509_NAME *issuer = NULL; sinfos = CMS_get0_SignerInfos(timestamp); if (sinfos == NULL) return 0; /* FAILED */ si = sk_CMS_SignerInfo_value(sinfos, 0); if (si == NULL) return 0; /* FAILED */ printf("\nCountersignatures:\n\tTimestamp time: "); print_time_t(time); /* PKCS#9 signing time - Policy OID: 1.2.840.113549.1.9.5 */ attr = CMS_signed_get_attr(si, CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1)); printf("\tSigning time: "); print_time_t(time_t_get_asn1_time(X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_UTCTIME, NULL))); CMS_SignerInfo_get0_algs(si, NULL, NULL, &pdig, NULL); if (pdig == NULL || pdig->algorithm == NULL) return 0; /* FAILED */ md_nid = OBJ_obj2nid(pdig->algorithm); printf("\tHash Algorithm: %s\n", (md_nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(md_nid)); if (!CMS_SignerInfo_get0_signer_id(si, NULL, &issuer, &serialno) || !issuer) return 0; /* FAILED */ issuer_name = X509_NAME_oneline(issuer, NULL, 0); serialbn = ASN1_INTEGER_to_BN(serialno, NULL); serial = BN_bn2hex(serialbn); printf("\tIssuer: %s\n\tSerial: %s\n", issuer_name, serial); OPENSSL_free(issuer_name); BN_free(serialbn); OPENSSL_free(serial); return 1; /* OK */ } /* * RFC3852: the message-digest authenticated attribute type MUST be * present when there are any authenticated attributes present * [in] timestamp: CMS_ContentInfo struct for Authenticode Timestamp or RFC 3161 Timestamp * [in] p7: PKCS#7 signature * [in] verbose: additional output mode * [returns] 0 on error or 1 on success */ static time_t time_t_timestamp_get_attributes(CMS_ContentInfo **timestamp, PKCS7 *p7, int verbose) { STACK_OF(PKCS7_SIGNER_INFO) *signer_info; PKCS7_SIGNER_INFO *si; int md_nid, i; STACK_OF(X509_ATTRIBUTE) *auth_attr, *unauth_attr; X509_ATTRIBUTE *attr; ASN1_OBJECT *object; ASN1_STRING *value; char object_txt[128]; time_t time = INVALID_TIME; signer_info = PKCS7_get_signer_info(p7); if (!signer_info) return INVALID_TIME; /* FAILED */ si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) return INVALID_TIME; /* FAILED */ md_nid = OBJ_obj2nid(si->digest_alg->algorithm); printf("Message digest algorithm: %s\n", (md_nid == NID_undef) ? "UNKNOWN" : OBJ_nid2sn(md_nid)); /* Authenticated attributes */ auth_attr = PKCS7_get_signed_attributes(si); /* cont[0] */ printf("\nAuthenticated attributes:\n"); for (i=0; imoreInfo && opus->moreInfo->type == 0) { char *url = OPENSSL_strdup((char *)opus->moreInfo->value.url->data); printf("\tURL description: %s\n", url); OPENSSL_free(url); } if (opus->programName) { char *desc = NULL; if (opus->programName->type == 0) { u_char *opusdata; int len = ASN1_STRING_to_UTF8(&opusdata, opus->programName->value.unicode); if (len >= 0) { desc = OPENSSL_strndup((char *)opusdata, (size_t)len); OPENSSL_free(opusdata); } } else { desc = OPENSSL_strdup((char *)opus->programName->value.ascii->data); } if (desc) { printf("\tText description: %s\n", desc); OPENSSL_free(desc); } } SpcSpOpusInfo_free(opus); } else if (!strcmp(object_txt, SPC_STATEMENT_TYPE_OBJID)) { /* Microsoft OID: 1.3.6.1.4.1.311.2.1.11 */ const u_char *purpose; value = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_SEQUENCE, NULL); if (value == NULL) continue; purpose = ASN1_STRING_get0_data(value); if (!memcmp(purpose, purpose_comm, sizeof purpose_comm)) printf("\tMicrosoft Commercial Code Signing purpose\n"); else if (!memcmp(purpose, purpose_ind, sizeof purpose_ind)) printf("\tMicrosoft Individual Code Signing purpose\n"); else printf("\tUnrecognized Code Signing purpose\n"); } else if (!strcmp(object_txt, MS_JAVA_SOMETHING)) { /* Microsoft OID: 1.3.6.1.4.1.311.15.1 */ const u_char *level; value = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_SEQUENCE, NULL); if (value == NULL) continue; level = ASN1_STRING_get0_data(value); if (!memcmp(level, java_attrs_low, sizeof java_attrs_low)) printf("\tLow level of permissions in Microsoft Internet Explorer 4.x for CAB files\n"); else printf("\tUnrecognized level of permissions in Microsoft Internet Explorer 4.x for CAB files\n"); } else if (!strcmp(object_txt, PKCS9_SEQUENCE_NUMBER)) { /* PKCS#9 sequence number - Policy OID: 1.2.840.113549.1.9.25.4 */ ASN1_INTEGER *number = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_INTEGER, NULL); if (number == NULL) continue; printf("\tSequence number: %ld\n", ASN1_INTEGER_get(number)); } } /* Unauthenticated attributes */ unauth_attr = PKCS7_get_attributes(si); /* cont[1] */ for (i=0; id.sign, countersi); if (cms) { if (!print_cms_timestamp(cms, time)) { CMS_ContentInfo_free(cms); printf("Warning: Authenticode Timestamp could not be decoded correctly\n"); ERR_print_errors_fp(stderr); continue; } *timestamp = cms; } else { printf("Warning: Corrupt Authenticode Timestamp embedded content\n"); } } else { printf("Warning: PKCS9_TIMESTAMP_SIGNING_TIME attribute not found\n"); PKCS7_SIGNER_INFO_free(countersi); } } else if (!strcmp(object_txt, SPC_RFC3161_OBJID)) { /* RFC3161 Timestamp - Policy OID: 1.3.6.1.4.1.311.3.3.1 */ const u_char *data; CMS_ContentInfo *cms; value = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_SEQUENCE, NULL); if (value == NULL) continue; data = ASN1_STRING_get0_data(value); cms = d2i_CMS_ContentInfo(NULL, &data, ASN1_STRING_length(value)); if (cms == NULL) { printf("Warning: RFC3161 Timestamp could not be decoded correctly\n"); ERR_print_errors_fp(stderr); continue; } time = time_t_get_cms_time(cms); if (time != INVALID_TIME) { if (!print_cms_timestamp(cms, time)) { CMS_ContentInfo_free(cms); printf("Warning: RFC3161 Timestamp could not be decoded correctly\n"); ERR_print_errors_fp(stderr); continue; } *timestamp = cms; } else { printf("Warning: Corrupt RFC3161 Timestamp embedded content\n"); CMS_ContentInfo_free(cms); ERR_print_errors_fp(stderr); } } else if (!strcmp(object_txt, SPC_UNAUTHENTICATED_DATA_BLOB_OBJID)) { /* Unauthenticated Data Blob - Policy OID: 1.3.6.1.4.1.42921.1.2.1 */ ASN1_STRING *blob = X509_ATTRIBUTE_get0_data(attr, 0, V_ASN1_UTF8STRING, NULL); if (blob == NULL) { printf("Warning: Unauthenticated Data Blob could not be decoded correctly\n"); continue; } if (verbose) { char *data_blob = OPENSSL_buf2hexstr(blob->data, blob->length); printf("\nUnauthenticated Data Blob:\n%s\n", data_blob); OPENSSL_free(data_blob); } else { printf("\nUnauthenticated Data Blob length: %d bytes\n", blob->length); } } } return time; } /* * Convert ASN1_TIME to time_t * [in] s: ASN1_TIME structure * [returns] INVALID_TIME on error or time_t on success */ static time_t time_t_get_asn1_time(const ASN1_TIME *s) { struct tm tm; if ((s == NULL) || (!ASN1_TIME_check(s))) { return INVALID_TIME; } if (ASN1_TIME_to_tm(s, &tm)) { #ifdef _WIN32 return _mkgmtime(&tm); #else /* _WIN32 */ return timegm(&tm); #endif /* _WIN32 */ } else { return INVALID_TIME; } } /* * Get signing time from authenticated attributes * [in] si: PKCS7_SIGNER_INFO structure * [returns] INVALID_TIME on error or time_t on success */ static time_t time_t_get_si_time(PKCS7_SIGNER_INFO *si) { ASN1_UTCTIME *time = asn1_time_get_si_time(si); if (time == NULL) return INVALID_TIME; /* FAILED */ return time_t_get_asn1_time(time); } /* * Get signing time from authenticated attributes cont[0] * [in] si: PKCS7_SIGNER_INFO structure * [returns] NULL on error or ASN1_UTCTIME on success */ static ASN1_UTCTIME *asn1_time_get_si_time(PKCS7_SIGNER_INFO *si) { STACK_OF(X509_ATTRIBUTE) *auth_attr = PKCS7_get_signed_attributes(si); if (auth_attr) { int i; for (i=0; idata; TS_TST_INFO *token = d2i_TS_TST_INFO(NULL, &p, (*pos)->length); if (token) { const ASN1_GENERALIZEDTIME *asn1_time = TS_TST_INFO_get_time(token); posix_time = time_t_get_asn1_time(asn1_time); TS_TST_INFO_free(token); } } return posix_time; } /* * Create new CMS_ContentInfo struct for Authenticode Timestamp. * This struct does not contain any TS_TST_INFO as specified in RFC 3161. * [in] p7_signed: PKCS#7 signedData structure * [in] countersignature: Authenticode Timestamp decoded to PKCS7_SIGNER_INFO * [returns] pointer to CMS_ContentInfo structure */ static CMS_ContentInfo *cms_get_timestamp(PKCS7_SIGNED *p7_signed, PKCS7_SIGNER_INFO *countersignature) { CMS_ContentInfo *cms = NULL; PKCS7_SIGNER_INFO *si; PKCS7 *p7 = NULL, *content = NULL; u_char *p = NULL; const u_char *q; int i, len = 0; p7 = PKCS7_new(); si = sk_PKCS7_SIGNER_INFO_value(p7_signed->signer_info, 0); if (si == NULL) goto out; /* Create new signed PKCS7 timestamp structure. */ if (!PKCS7_set_type(p7, NID_pkcs7_signed)) goto out; if (!PKCS7_add_signer(p7, countersignature)) goto out; for (i = 0; i < sk_X509_num(p7_signed->cert); i++) { if (!PKCS7_add_certificate(p7, sk_X509_value(p7_signed->cert, i))) goto out; } /* Create new encapsulated NID_id_smime_ct_TSTInfo content. */ content = PKCS7_new(); content->d.other = ASN1_TYPE_new(); content->type = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); ASN1_TYPE_set1(content->d.other, V_ASN1_OCTET_STRING, si->enc_digest); /* Add encapsulated content to signed PKCS7 timestamp structure: p7->d.sign->contents = content */ if (!PKCS7_set_content(p7, content)) { PKCS7_free(content); goto out; } /* Convert PKCS7 into CMS_ContentInfo */ if (((len = i2d_PKCS7(p7, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { fprintf(stderr, "Failed to convert pkcs7: %d\n", len); goto out; } len = i2d_PKCS7(p7, &p); p -= len; q = p; cms = d2i_CMS_ContentInfo(NULL, &q, len); OPENSSL_free(p); out: if (!cms) ERR_print_errors_fp(stderr); PKCS7_free(p7); return cms; } /* * The attribute type is SPC_INDIRECT_DATA_OBJID, so get a digest algorithm and a message digest * from the content and compare the message digest against the computed message digest of the file * [in] ctx: structure holds input and output data * [in] content: catalog file content * [returns] 1 on error or 0 on success */ static int verify_content_member_digest(FILE_FORMAT_CTX *ctx, ASN1_TYPE *content) { int mdlen, mdtype = -1; u_char mdbuf[EVP_MAX_MD_SIZE]; SpcIndirectDataContent *idc; const u_char *data; ASN1_STRING *value; const EVP_MD *md; u_char *cmdbuf = NULL; value = content->value.sequence; data = ASN1_STRING_get0_data(value); idc = d2i_SpcIndirectDataContent(NULL, &data, ASN1_STRING_length(value)); if (!idc) { fprintf(stderr, "Failed to extract SpcIndirectDataContent data\n"); return 1; /* FAILED */ } if (idc->messageDigest && idc->messageDigest->digest && idc->messageDigest->digestAlgorithm) { /* get a digest algorithm a message digest of the file from the content */ mdtype = OBJ_obj2nid(idc->messageDigest->digestAlgorithm->algorithm); memcpy(mdbuf, idc->messageDigest->digest->data, (size_t)idc->messageDigest->digest->length); } if (mdtype == -1) { fprintf(stderr, "Failed to extract current message digest\n\n"); SpcIndirectDataContent_free(idc); return 1; /* FAILED */ } if (!ctx->format->digest_calc) { fprintf(stderr, "Unsupported method: digest_calc\n"); SpcIndirectDataContent_free(idc); return 1; /* FAILED */ } md = EVP_get_digestbynid(mdtype); cmdbuf = ctx->format->digest_calc(ctx, md); if (!cmdbuf) { fprintf(stderr, "Failed to compute a message digest value\n\n"); SpcIndirectDataContent_free(idc); return 1; /* FAILED */ } mdlen = EVP_MD_size(EVP_get_digestbynid(mdtype)); if (memcmp(mdbuf, cmdbuf, (size_t)mdlen)) { OPENSSL_free(cmdbuf); SpcIndirectDataContent_free(idc); return 1; /* FAILED */ } else { printf("Message digest algorithm : %s\n", OBJ_nid2sn(mdtype)); print_hash("Current message digest ", "", mdbuf, mdlen); print_hash("Calculated message digest ", "\n", cmdbuf, mdlen); } OPENSSL_free(cmdbuf); if (idc->data && ctx->format->verify_indirect_data && !ctx->format->verify_indirect_data(ctx, idc->data)) { SpcIndirectDataContent_free(idc); return 1; /* FAILED */ } SpcIndirectDataContent_free(idc); return 0; /* OK */ } /* * Find the message digest of the file for all files added to the catalog file * CTL (MS_CTL_OBJID) is a list of hashes of certificates or a list of hashes files * [in] ctx: structure holds input and output data * [in] p7: PKCS#7 signature * [returns] 1 on error or 0 on success */ static int verify_content(FILE_FORMAT_CTX *ctx, PKCS7 *p7) { MsCtlContent *ctlc; int i; ctlc = ms_ctl_content_get(p7); if (!ctlc) { fprintf(stderr, "Failed to extract MS_CTL_OBJID data\n"); return 1; /* FAILED */ } for (i = 0; i < sk_CatalogInfo_num(ctlc->header_attributes); i++) { int j; CatalogInfo *header_attr = sk_CatalogInfo_value(ctlc->header_attributes, i); if (header_attr == NULL) continue; for (j = 0; j < sk_CatalogAuthAttr_num(header_attr->attributes); j++) { char object_txt[128]; CatalogAuthAttr *attribute; ASN1_TYPE *content; attribute = sk_CatalogAuthAttr_value(header_attr->attributes, j); if (!attribute) continue; content = catalog_content_get(attribute); if (!content) continue; object_txt[0] = 0x00; OBJ_obj2txt(object_txt, sizeof object_txt, attribute->type, 1); if (!strcmp(object_txt, SPC_INDIRECT_DATA_OBJID)) { /* SPC_INDIRECT_DATA_OBJID OID: 1.3.6.1.4.1.311.2.1.4 */ if (!verify_content_member_digest(ctx, content)) { /* computed message digest of the file is found in the catalog file */ ASN1_TYPE_free(content); MsCtlContent_free(ctlc); return 0; /* OK */ } } ASN1_TYPE_free(content); } } MsCtlContent_free(ctlc); ERR_print_errors_fp(stderr); return 1; /* FAILED */ } /* * [in] ctx: structure holds input and output data * [in] p7: PKCS#7 signature * [returns] 1 on error or 0 on success */ static int verify_signature(FILE_FORMAT_CTX *ctx, PKCS7 *p7) { int leafok, verok; STACK_OF(X509) *signers; X509 *signer; CMS_ContentInfo *timestamp = NULL; time_t time; signers = PKCS7_get0_signers(p7, NULL, 0); if (!signers || sk_X509_num(signers) != 1) { fprintf(stderr, "PKCS7_get0_signers error\n"); return 1; /* FAILED */ } signer = sk_X509_value(signers, 0); sk_X509_free(signers); printf("Signer's certificate:\n"); print_cert(signer, 0); time = time_t_timestamp_get_attributes(×tamp, p7, ctx->options->verbose); if (ctx->options->leafhash != NULL) { leafok = verify_leaf_hash(signer, ctx->options->leafhash); printf("\nLeaf hash match: %s\n", leafok ? "ok" : "failed"); if (!leafok) { printf("Signature verification: failed\n\n"); return 1; /* FAILED */ } } if (ctx->options->catalog) printf("\nFile is signed in catalog: %s\n", ctx->options->catalog); printf("\nCAfile: %s\n", ctx->options->cafile); if (ctx->options->crlfile) printf("CRLfile: %s\n", ctx->options->crlfile); if (ctx->options->tsa_cafile) printf("TSA's certificates file: %s\n", ctx->options->tsa_cafile); if (ctx->options->tsa_crlfile) printf("TSA's CRL file: %s\n", ctx->options->tsa_crlfile); if (timestamp) { if (ctx->options->ignore_timestamp) { printf("\nTimestamp Server Signature verification is disabled\n"); time = INVALID_TIME; } else { int timeok = verify_timestamp(ctx, p7, timestamp, time); printf("\nTimestamp Server Signature verification: %s\n", timeok ? "ok" : "failed"); if (!timeok) { time = INVALID_TIME; } } CMS_ContentInfo_free(timestamp); ERR_clear_error(); } else printf("\nTimestamp is not available\n\n"); verok = verify_authenticode(ctx, p7, time, signer); printf("Signature verification: %s\n\n", verok ? "ok" : "failed"); if (!verok) return 1; /* FAILED */ return 0; /* OK */ } /* * [in] ctx: structure holds input and output data * [returns] 1 on error or 0 on success */ static int verify_signed_file(FILE_FORMAT_CTX *ctx, GLOBAL_OPTIONS *options) { int i, ret = 1, verified = 0; PKCS7 *p7; STACK_OF(PKCS7) *signatures = NULL; int detached = options->catalog ? 1 : 0; if (detached) { GLOBAL_OPTIONS *cat_options; FILE_FORMAT_CTX *cat_ctx; if (!ctx->format->is_detaching_supported || !ctx->format->is_detaching_supported()) { fprintf(stderr, "This format does not support detached PKCS#7 signature\n"); return 1; /* FAILED */ } printf("Checking the specified catalog file\n\n"); cat_options = OPENSSL_memdup(options, sizeof(GLOBAL_OPTIONS)); if (!cat_options) { fprintf(stderr, "OPENSSL_memdup error.\n"); return 1; /* FAILED */ } cat_options->infile = options->catalog; cat_options->cmd = CMD_EXTRACT; cat_ctx = file_format_cat.ctx_new(cat_options, NULL, NULL); if (!cat_ctx) { fprintf(stderr, "CAT file initialization error\n"); return 1; /* FAILED */ } if (!cat_ctx->format->pkcs7_extract) { fprintf(stderr, "Unsupported command: extract-signature\n"); return 1; /* FAILED */ } p7 = cat_ctx->format->pkcs7_extract(cat_ctx); cat_ctx->format->ctx_cleanup(cat_ctx); OPENSSL_free(cat_options); } else { if (!ctx->format->pkcs7_extract) { fprintf(stderr, "Unsupported command: extract-signature\n"); return 1; /* FAILED */ } p7 = ctx->format->pkcs7_extract(ctx); } if (!p7) { fprintf(stderr, "Unable to extract existing signature\n"); return 1; /* FAILED */ } signatures = signature_list_create(p7); if (!signatures) { fprintf(stderr, "Failed to create signature list\n\n"); sk_PKCS7_pop_free(signatures, PKCS7_free); return 1; /* FAILED */ } for (i = 0; i < sk_PKCS7_num(signatures); i++) { PKCS7 *sig; if (options->index >= 0 && options->index != i) { printf("Warning: signature verification at index %d was skipped\n", i); continue; } sig = sk_PKCS7_value(signatures, i); if (detached) { if (!verify_content(ctx, sig)) { ret &= verify_signature(ctx, sig); } else { printf("Catalog verification: failed\n\n"); } verified++; } else if (ctx->format->verify_digests) { printf("\nSignature Index: %d %s\n\n", i, i==0 ? " (Primary Signature)" : ""); if (ctx->format->verify_digests(ctx, sig)) { ret &= verify_signature(ctx, sig); } verified++; } else { fprintf(stderr, "Unsupported method: verify_digests\n"); return 1; /* FAILED */ } } printf("Number of verified signatures: %d\n", verified); sk_PKCS7_pop_free(signatures, PKCS7_free); if (ret) ERR_print_errors_fp(stderr); return ret; } /* * Insert PKCS#7 signature and its nested signatures to the sorted signature list * [in] p7: PKCS#7 signature * [returns] sorted signature list */ static STACK_OF(PKCS7) *signature_list_create(PKCS7 *p7) { STACK_OF(PKCS7) *signatures = NULL; PKCS7_SIGNER_INFO *si; STACK_OF(X509_ATTRIBUTE) *unauth_attr; STACK_OF(PKCS7_SIGNER_INFO) *signer_info = PKCS7_get_signer_info(p7); if (!signer_info) { fprintf(stderr, "Failed to obtain PKCS#7 signer info list\n"); return 0; /* FAILED */ } si = sk_PKCS7_SIGNER_INFO_value(signer_info, 0); if (!si) { fprintf(stderr, "Failed to obtain PKCS#7 signer info value\n"); return 0; /* FAILED */ } signatures = sk_PKCS7_new(PKCS7_compare); if (!signatures) { fprintf(stderr, "Failed to create new signature list\n"); return 0; /* FAILED */ } /* Unauthenticated attributes */ unauth_attr = PKCS7_get_attributes(si); /* cont[1] */ if (unauth_attr) { /* find Nested Signature - Policy OID: 1.3.6.1.4.1.311.2.4.1 */ int i; for (i=0; ioptions->sigfile); if (!filesize) { return NULL; /* FAILED */ } indata = map_file(ctx->options->sigfile, filesize); if (!indata) { fprintf(stderr, "Failed to open file: %s\n", ctx->options->sigfile); return NULL; /* FAILED */ } p7 = pkcs7_read_data(indata, filesize); unmap_file(indata, filesize); return p7; } /* * [in] options: structure holds the input data * [returns] 1 on error or 0 on success */ static int check_attached_data(GLOBAL_OPTIONS *options) { FILE_FORMAT_CTX *ctx; GLOBAL_OPTIONS *tmp_options = NULL; tmp_options = OPENSSL_memdup(options, sizeof(GLOBAL_OPTIONS)); if (!tmp_options) { fprintf(stderr, "OPENSSL_memdup error.\n"); return 1; /* FAILED */ } tmp_options->infile = options->outfile; tmp_options->cmd = CMD_VERIFY; ctx = file_format_script.ctx_new(tmp_options, NULL, NULL); if (!ctx) ctx = file_format_msi.ctx_new(tmp_options, NULL, NULL); if (!ctx) ctx = file_format_pe.ctx_new(tmp_options, NULL, NULL); if (!ctx) ctx = file_format_cab.ctx_new(tmp_options, NULL, NULL); if (!ctx) ctx = file_format_appx.ctx_new(tmp_options, NULL, NULL); if (!ctx) ctx = file_format_cat.ctx_new(tmp_options, NULL, NULL); if (!ctx) { fprintf(stderr, "Corrupt attached signature\n"); OPENSSL_free(tmp_options); return 1; /* FAILED */ } if (verify_signed_file(ctx, tmp_options)) { fprintf(stderr, "Signature mismatch\n"); ctx->format->ctx_cleanup(ctx); OPENSSL_free(tmp_options); return 1; /* FAILED */ } ctx->format->ctx_cleanup(ctx); OPENSSL_free(tmp_options); return 0; /* OK */ } /* * [in, out] options: structure holds the input data * [returns] none */ static void free_options(GLOBAL_OPTIONS *options) { /* If memory has not been allocated nothing is done */ OPENSSL_free(options->cafile); OPENSSL_free(options->crlfile); OPENSSL_free(options->https_cafile); OPENSSL_free(options->https_crlfile); OPENSSL_free(options->tsa_cafile); OPENSSL_free(options->tsa_crlfile); /* If key is NULL nothing is done */ EVP_PKEY_free(options->pkey); options->pkey = NULL; /* If X509 structure is NULL nothing is done */ X509_free(options->cert); options->cert = NULL; /* Free up all elements of sk structure and sk itself */ sk_X509_pop_free(options->certs, X509_free); options->certs = NULL; sk_X509_pop_free(options->xcerts, X509_free); options->xcerts = NULL; sk_X509_CRL_pop_free(options->crls, X509_CRL_free); options->crls = NULL; } /* * [in] argv0, cmd * [returns] none */ static void usage(const char *argv0, const char *cmd) { const char *cmds_all[] = {"all", NULL}; const char *cmds_sign[] = {"all", "sign", NULL}; const char *cmds_extract_data[] = {"all", "extract-data", NULL}; const char *cmds_add[] = {"all", "add", NULL}; const char *cmds_attach[] = {"all", "attach-signature", NULL}; const char *cmds_extract[] = {"all", "extract-signature", NULL}; const char *cmds_remove[] = {"all", "remove-signature", NULL}; const char *cmds_verify[] = {"all", "verify", NULL}; printf("\nUsage: %s", argv0); if (on_list(cmd, cmds_all)) { printf("\n\n%1s[ --version | -v ]\n", ""); printf("%1s[ --help ]\n\n", ""); } if (on_list(cmd, cmds_sign)) { printf("%1s[ sign ] ( -pkcs12 \n", ""); printf("%13s | ( -certs | -spc ) -key \n", ""); printf("%13s | [ -pkcs11engine ] [ -login ] -pkcs11module \n", ""); printf("%15s ( -pkcs11cert | -certs ) -key )\n", ""); #if OPENSSL_VERSION_NUMBER>=0x30000000L printf("%12s[ -nolegacy ]\n", ""); #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ printf("%12s[ -pass ", ""); #ifdef PROVIDE_ASKPASS printf("%1s [ -askpass ]", ""); #endif /* PROVIDE_ASKPASS */ printf("%1s[ -readpass ]\n", ""); printf("%12s(use \"-\" with readpass to read from stdin)\n", ""); printf("%12s[ -ac ]\n", ""); printf("%12s[ -h {md5,sha1,sha2(56),sha384,sha512} ]\n", ""); printf("%12s[ -n ] [ -i ] [ -jp ] [ -comm ]\n", ""); printf("%12s[ -ph ]\n", ""); printf("%12s[ -t [ -t ... ] [ -p ] [ -noverifypeer ]\n", ""); printf("%12s[ -ts [ -ts ... ] [ -p ] [ -noverifypeer ] ]\n", ""); printf("%12s[ -TSA-certs ] [ -TSA-key ]\n", ""); printf("%12s[ -TSA-time ]\n", ""); printf("%12s[ -HTTPS-CAfile ]\n", ""); printf("%12s[ -HTTPS-CRLfile ]\n", ""); printf("%12s[ -time ]\n", ""); printf("%12s[ -addUnauthenticatedBlob ]\n", ""); printf("%12s[ -nest ]\n", ""); printf("%12s[ -verbose ]\n", ""); printf("%12s[ -add-msi-dse ]\n", ""); printf("%12s[ -pem ]\n", ""); printf("%12s[ -in ] [-out ] \n\n", ""); } if (on_list(cmd, cmds_extract_data)) { printf("%1sextract-data [ -pem ]\n", ""); printf("%12s[ -h {md5,sha1,sha2(56),sha384,sha512} ]\n", ""); printf("%12s[ -ph ]\n", ""); printf("%12s[ -add-msi-dse ]\n", ""); printf("%12s[ -in ] [ -out ] \n\n", ""); } if (on_list(cmd, cmds_add)) { printf("%1sadd [-addUnauthenticatedBlob]\n", ""); printf("%12s[ -t [ -t ... ] [ -p ] [ -noverifypeer ]\n", ""); printf("%12s[ -ts [ -ts ... ] [ -p ] [ -noverifypeer ] ]\n", ""); printf("%12s[ -TSA-certs ] [ -TSA-key ]\n", ""); printf("%12s[ -TSA-time ]\n", ""); printf("%12s[ -HTTPS-CAfile ]\n", ""); printf("%12s[ -HTTPS-CRLfile ]\n", ""); printf("%12s[ -h {md5,sha1,sha2(56),sha384,sha512} ]\n", ""); printf("%12s[ -index ]\n", ""); printf("%12s[ -verbose ]\n", ""); printf("%12s[ -add-msi-dse ]\n", ""); printf("%12s[ -in ] [ -out ] \n\n", ""); } if (on_list(cmd, cmds_attach)) { printf("%1sattach-signature [ -sigin ] \n", ""); printf("%12s[ -CAfile ]\n", ""); printf("%12s[ -CRLfile ]\n", ""); printf("%12s[ -TSA-CAfile ]\n", ""); printf("%12s[ -TSA-CRLfile ]\n", ""); printf("%12s[ -time ]\n", ""); printf("%12s[ -h {md5,sha1,sha2(56),sha384,sha512} ]\n", ""); printf("%12s[ -require-leaf-hash {md5,sha1,sha2(56),sha384,sha512}:XXXXXXXXXXXX... ]\n", ""); printf("%12s[ -nest ]\n", ""); printf("%12s[ -add-msi-dse ]\n", ""); printf("%12s[ -in ] [ -out ] \n\n", ""); } if (on_list(cmd, cmds_extract)) { printf("%1sextract-signature [ -pem ]\n", ""); printf("%12s[ -in ] [ -out ] \n\n", ""); } if (on_list(cmd, cmds_remove)) printf("%1sremove-signature [ -in ] [ -out ] \n\n", ""); if (on_list(cmd, cmds_verify)) { printf("%1sverify [ -in ] \n", ""); printf("%12s[ -c | -catalog ]\n", ""); printf("%12s[ -CAfile ]\n", ""); printf("%12s[ -CRLfile ]\n", ""); printf("%12s[ -HTTPS-CAfile ]\n", ""); printf("%12s[ -HTTPS-CRLfile ]\n", ""); printf("%12s[ -TSA-CAfile ]\n", ""); printf("%12s[ -TSA-CRLfile ]\n", ""); printf("%12s[ -p ]\n", ""); printf("%12s[ -index ]\n", ""); printf("%12s[ -ignore-timestamp ]\n", ""); printf("%12s[ -ignore-cdp ]\n", ""); printf("%12s[ -ignore-crl ]\n", ""); printf("%12s[ -time ]\n", ""); printf("%12s[ -require-leaf-hash {md5,sha1,sha2(56),sha384,sha512}:XXXXXXXXXXXX... ]\n", ""); printf("%12s[ -verbose ]\n\n", ""); } } /* * [in] argv0, cmd * [returns] none */ static void help_for(const char *argv0, const char *cmd) { const char *cmds_all[] = {"all", NULL}; const char *cmds_add[] = {"add", NULL}; const char *cmds_attach[] = {"attach-signature", NULL}; const char *cmds_extract[] = {"extract-signature", NULL}; const char *cmds_remove[] = {"remove-signature", NULL}; const char *cmds_sign[] = {"sign", NULL}; const char *cmds_extract_data[] = {"extract-data", NULL}; const char *cmds_verify[] = {"verify", NULL}; const char *cmds_ac[] = {"sign", NULL}; const char *cmds_add_msi_dse[] = {"add", "attach-signature", "sign", "extract-data", NULL}; const char *cmds_addUnauthenticatedBlob[] = {"sign", "add", NULL}; #ifdef PROVIDE_ASKPASS const char *cmds_askpass[] = {"sign", NULL}; #endif /* PROVIDE_ASKPASS */ const char *cmds_CAfile[] = {"attach-signature", "verify", NULL}; const char *cmds_catalog[] = {"verify", NULL}; const char *cmds_certs[] = {"sign", NULL}; const char *cmds_comm[] = {"sign", NULL}; const char *cmds_CRLfile[] = {"attach-signature", "verify", NULL}; const char *cmds_CRLfileHTTPS[] = {"add", "sign", "verify", NULL}; const char *cmds_CRLfileTSA[] = {"attach-signature", "verify", NULL}; const char *cmds_h[] = {"add", "attach-signature", "sign", "extract-data", NULL}; const char *cmds_i[] = {"sign", NULL}; const char *cmds_in[] = {"add", "attach-signature", "extract-signature", "remove-signature", "sign", "extract-data", "verify", NULL}; const char *cmds_index[] = {"add", "verify", NULL}; const char *cmds_jp[] = {"sign", NULL}; const char *cmds_key[] = {"sign", NULL}; #if OPENSSL_VERSION_NUMBER>=0x30000000L const char *cmds_nolegacy[] = {"sign", NULL}; #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ const char *cmds_n[] = {"sign", NULL}; const char *cmds_nest[] = {"attach-signature", "sign", NULL}; const char *cmds_noverifypeer[] = {"add", "sign", NULL}; const char *cmds_out[] = {"add", "attach-signature", "extract-signature", "remove-signature", "sign", "extract-data", NULL}; const char *cmds_p[] = {"add", "sign", "verify", NULL}; const char *cmds_pass[] = {"sign", NULL}; const char *cmds_pem[] = {"sign", "extract-data", "extract-signature", NULL}; const char *cmds_ph[] = {"sign", "extract-data", NULL}; const char *cmds_pkcs11cert[] = {"sign", NULL}; const char *cmds_pkcs11engine[] = {"sign", NULL}; const char *cmds_pkcs11module[] = {"sign", NULL}; const char *cmds_login[] = {"sign", NULL}; const char *cmds_pkcs12[] = {"sign", NULL}; const char *cmds_readpass[] = {"sign", NULL}; const char *cmds_require_leaf_hash[] = {"attach-signature", "verify", NULL}; const char *cmds_sigin[] = {"attach-signature", NULL}; const char *cmds_time[] = {"attach-signature", "sign", "verify", NULL}; const char *cmds_ignore_timestamp[] = {"verify", NULL}; const char *cmds_ignore_cdp[] = {"verify", NULL}; const char *cmds_ignore_crl[] = {"verify", NULL}; const char *cmds_t[] = {"add", "sign", NULL}; const char *cmds_ts[] = {"add", "sign", NULL}; const char *cmds_CAfileHTTPS[] = {"add", "sign", "verify", NULL}; const char *cmds_CAfileTSA[] = {"attach-signature", "verify", NULL}; const char *cmds_certsTSA[] = {"add", "sign", NULL}; const char *cmds_keyTSA[] = {"add", "sign", NULL}; const char *cmds_timeTSA[] = {"add", "sign", NULL}; const char *cmds_verbose[] = {"add", "sign", "verify", NULL}; if (on_list(cmd, cmds_all)) { printf("osslsigncode is a small tool that implements part of the functionality of the Microsoft\n"); printf("tool signtool.exe - more exactly the Authenticode signing and timestamping.\n"); printf("It can sign and timestamp PE (EXE/SYS/DLL/etc), CAB and MSI files,\n"); printf("supports getting the timestamp through a proxy as well.\n"); printf("osslsigncode also supports signature verification, removal and extraction.\n\n"); printf("%-22s = print osslsigncode version and usage\n", "--version | -v"); printf("%-22s = print osslsigncode help menu\n\n", "--help"); printf("Commands:\n"); printf("%-22s = add an unauthenticated blob or a timestamp to a previously-signed file\n", "add"); printf("%-22s = sign file using a given signature\n", "attach-signature"); printf("%-22s = extract signature from a previously-signed file\n", "extract-signature"); printf("%-22s = remove sections of the embedded signature on a file\n", "remove-signature"); printf("%-22s = digitally sign a file\n", "sign"); printf("%-22s = verifies the digital signature of a file\n\n", "verify"); printf("For help on a specific command, enter %s --help\n", argv0); } if (on_list(cmd, cmds_add)) { printf("\nUse the \"add\" command to add an unauthenticated blob or a timestamp to a previously-signed file.\n\n"); printf("Options:\n"); } if (on_list(cmd, cmds_attach)) { printf("\nUse the \"attach-signature\" command to attach the signature stored in the \"sigin\" file.\n"); printf("In order to verify this signature you should specify how to find needed CA or TSA\n"); printf("certificates, if appropriate.\n\n"); printf("Options:\n"); } if (on_list(cmd, cmds_extract)) { printf("\nUse the \"extract-signature\" command to extract the embedded signature from a previously-signed file.\n"); printf("DER is the default format of the output file, but can be changed to PEM.\n\n"); printf("Options:\n"); } if (on_list(cmd, cmds_remove)) { printf("\nUse the \"remove-signature\" command to remove sections of the embedded signature on a file.\n\n"); printf("Options:\n"); } if (on_list(cmd, cmds_sign)) { printf("\nUse the \"sign\" command to sign files using embedded signatures.\n"); printf("Signing protects a file from tampering, and allows users to verify the signer\n"); printf("based on a signing certificate. The options below allow you to specify signing\n"); printf("parameters and to select the signing certificate you wish to use.\n\n"); printf("Options:\n"); } if (on_list(cmd, cmds_extract_data)) { printf("\nUse the \"extract-data\" command to extract a data content to be signed.\n\n"); printf("Options:\n"); } if (on_list(cmd, cmds_verify)) { printf("\nUse the \"verify\" command to verify embedded signatures.\n"); printf("Verification determines if the signing certificate was issued by a trusted party,\n"); printf("whether that certificate has been revoked, and whether the certificate is valid\n"); printf("under a specific policy. Options allow you to specify requirements that must be met\n"); printf("and to specify how to find needed CA or TSA certificates, if appropriate.\n\n"); printf("Options:\n"); } if (on_list(cmd, cmds_ac)) printf("%-24s= additional certificates to be added to the signature block\n", "-ac"); if (on_list(cmd, cmds_add_msi_dse)) printf("%-24s= sign a MSI file with the add-msi-dse option\n", "-add-msi-dse"); if (on_list(cmd, cmds_addUnauthenticatedBlob)) printf("%-24s= add an unauthenticated blob to the PE/MSI file\n", "-addUnauthenticatedBlob"); #ifdef PROVIDE_ASKPASS if (on_list(cmd, cmds_askpass)) printf("%-24s= ask for the private key password\n", "-askpass"); #endif /* PROVIDE_ASKPASS */ if (on_list(cmd, cmds_catalog)) printf("%-24s= specifies the catalog file by name\n", "-c, -catalog"); if (on_list(cmd, cmds_CAfile)) printf("%-24s= the file containing one or more trusted certificates in PEM format\n", "-CAfile"); if (on_list(cmd, cmds_certs)) printf("%-24s= the signing certificate to use\n", "-certs, -spc"); if (on_list(cmd, cmds_comm)) printf("%-24s= set commercial purpose (default: individual purpose)\n", "-comm"); if (on_list(cmd, cmds_CRLfile)) printf("%-24s= the file containing one or more CRLs in PEM format\n", "-CRLfile"); if (on_list(cmd, cmds_h)) { printf("%-24s= {md5|sha1|sha2(56)|sha384|sha512}\n", "-h"); printf("%26sset of cryptographic hash functions\n", ""); } if (on_list(cmd, cmds_i)) printf("%-24s= specifies a URL for expanded description of the signed content\n", "-i"); if (on_list(cmd, cmds_in)) printf("%-24s= input file\n", "-in"); if (on_list(cmd, cmds_index)) printf("%-24s= use the signature at a certain position\n", "-index"); if (on_list(cmd, cmds_jp)) { printf("%-24s= low | medium | high\n", "-jp"); printf("%26slevels of permissions in Microsoft Internet Explorer 4.x for CAB files\n", ""); printf("%26sonly \"low\" level is now supported\n", ""); } #if OPENSSL_VERSION_NUMBER>=0x30000000L if (on_list(cmd, cmds_nolegacy)) printf("%-24s= disable legacy mode and don't automatically load the legacy provider\n", "-nolegacy"); #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ if (on_list(cmd, cmds_key)) printf("%-24s= the private key to use or PKCS#11 URI identifies a key in the token\n", "-key"); if (on_list(cmd, cmds_n)) printf("%-24s= specifies a description of the signed content\n", "-n"); if (on_list(cmd, cmds_nest)) printf("%-24s= add the new nested signature instead of replacing the first one\n", "-nest"); if (on_list(cmd, cmds_noverifypeer)) printf("%-24s= do not verify the Time-Stamp Authority's SSL certificate\n", "-noverifypeer"); if (on_list(cmd, cmds_out)) printf("%-24s= output file\n", "-out"); if (on_list(cmd, cmds_p)) printf("%-24s= proxy to connect to the desired Time-Stamp Authority server or CRL distribution point\n", "-p"); if (on_list(cmd, cmds_pass)) printf("%-24s= the private key password\n", "-pass"); if (on_list(cmd, cmds_pem)) printf("%-24s= PKCS#7 output data format PEM to use (default: DER)\n", "-pem"); if (on_list(cmd, cmds_ph)) printf("%-24s= generate page hashes for executable files\n", "-ph"); if (on_list(cmd, cmds_pkcs11cert)) printf("%-24s= PKCS#11 URI identifies a certificate in the token\n", "-pkcs11cert"); if (on_list(cmd, cmds_pkcs11engine)) printf("%-24s= PKCS#11 engine\n", "-pkcs11engine"); if (on_list(cmd, cmds_pkcs11module)) printf("%-24s= PKCS#11 module\n", "-pkcs11module"); if (on_list(cmd, cmds_login)) printf("%-24s= force login to the token\n", "-login"); if (on_list(cmd, cmds_pkcs12)) printf("%-24s= PKCS#12 container with the certificate and the private key\n", "-pkcs12"); if (on_list(cmd, cmds_readpass)) printf("%-24s= the private key password source\n", "-readpass"); if (on_list(cmd, cmds_require_leaf_hash)) { printf("%-24s= {md5|sha1|sha2(56)|sha384|sha512}:XXXXXXXXXXXX...\n", "-require-leaf-hash"); printf("%26sspecifies an optional hash algorithm to use when computing\n", ""); printf("%26sthe leaf certificate (in DER form) hash and compares\n", ""); printf("%26sthe provided hash against the computed hash\n", ""); } if (on_list(cmd, cmds_sigin)) printf("%-24s= a file containing the signature to be attached\n", "-sigin"); if (on_list(cmd, cmds_ignore_timestamp)) printf("%-24s= disable verification of the Timestamp Server signature\n", "-ignore-timestamp"); if (on_list(cmd, cmds_ignore_cdp)) printf("%-24s= disable fetching CRL Distribution Points\n", "-ignore-cdp"); if (on_list(cmd, cmds_ignore_crl)) printf("%-24s= disable fetching and verifying CRL Distribution Points\n", "-ignore-crl"); if (on_list(cmd, cmds_t)) { printf("%-24s= specifies that the digital signature will be timestamped\n", "-t"); printf("%26sby the Time-Stamp Authority (TSA) indicated by the URL\n", ""); printf("%26sthis option cannot be used with the -ts option\n", ""); } if (on_list(cmd, cmds_ts)) { printf("%-24s= specifies the URL of the RFC 3161 Time-Stamp Authority server\n", "-ts"); printf("%26sthis option cannot be used with the -t option\n", ""); } if (on_list(cmd, cmds_time)) printf("%-24s= the unix-time to set the signing and/or verifying time\n", "-time"); if (on_list(cmd, cmds_CAfileHTTPS)) printf("%-24s= the file containing one or more HTTPS certificates in PEM format\n", "-HTTPS-CAfile"); if (on_list(cmd, cmds_CRLfileHTTPS)) printf("%-24s= the file containing one or more HTTPS CRLs in PEM format\n", "-HTTPS-CRLfile"); if (on_list(cmd, cmds_CAfileTSA)) printf("%-24s= the file containing one or more Time-Stamp Authority certificates in PEM format\n", "-TSA-CAfile"); if (on_list(cmd, cmds_CRLfileTSA)) printf("%-24s= the file containing one or more Time-Stamp Authority CRLs in PEM format\n", "-TSA-CRLfile"); if (on_list(cmd, cmds_certsTSA)) printf("%-24s= built-in Time-Stamp Authority signing certificate\n", "-TSA-certs"); if (on_list(cmd, cmds_keyTSA)) printf("%-24s= built-in Time-Stamp Authority private key or PKCS#11 URI identifies a key in the token\n", "-TSA-key"); if (on_list(cmd, cmds_timeTSA)) printf("%-24s= the unix-time to set the built-in Time-Stamp Authority signing\n", "-TSA-time"); if (on_list(cmd, cmds_verbose)) printf("%-24s= include additional output in the log\n", "-verbose"); usage(argv0, cmd); } #ifdef PROVIDE_ASKPASS /* * [in] prompt: "Password: " * [returns] password */ static char *getpassword(const char *prompt) { #ifdef HAVE_TERMIOS_H struct termios ofl, nfl; char *p, passbuf[1024], *pass; fputs(prompt, stdout); tcgetattr(fileno(stdin), &ofl); nfl = ofl; nfl.c_lflag &= ~(unsigned int)ECHO; nfl.c_lflag |= ECHONL; if (tcsetattr(fileno(stdin), TCSANOW, &nfl) != 0) { fprintf(stderr, "Failed to set terminal attributes\n"); return NULL; /* FAILED */ } p = fgets(passbuf, sizeof passbuf, stdin); if (tcsetattr(fileno(stdin), TCSANOW, &ofl) != 0) printf("Warning: Failed to restore terminal attributes\n"); if (!p) { fprintf(stderr, "Failed to read password\n"); return NULL; /* FAILED */ } passbuf[strlen(passbuf)-1] = 0x00; pass = OPENSSL_strdup(passbuf); memset(passbuf, 0, sizeof passbuf); return pass; #else /* HAVE_TERMIOS_H */ return getpass(prompt); #endif /* HAVE_TERMIOS_H */ } #endif /* PROVIDE_ASKPASS */ /* * [in, out] options: structure holds the input data * [returns] 0 on error or 1 on success */ static int read_password(GLOBAL_OPTIONS *options) { char passbuf[4096] = {0}; int passlen; const u_char utf8_bom[] = {0xef, 0xbb, 0xbf}; if (options->readpass) { if (!strcmp(options->readpass, "-")) { passlen = (int)read(fileno(stdin), passbuf, sizeof(passbuf)-1); } else { #ifdef WIN32 HANDLE fhandle, fmap; LPVOID faddress; fhandle = CreateFile(options->readpass, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL); if (fhandle == INVALID_HANDLE_VALUE) { return 0; /* FAILED */ } fmap = CreateFileMapping(fhandle, NULL, PAGE_READONLY, 0, 0, NULL); if (fmap == NULL) { return 0; /* FAILED */ } faddress = MapViewOfFile(fmap, FILE_MAP_READ, 0, 0, 0); CloseHandle(fmap); if (faddress == NULL) { return 0; /* FAILED */ } passlen = (int)GetFileSize(fhandle, NULL); memcpy(passbuf, faddress, passlen); UnmapViewOfFile(faddress); CloseHandle(fhandle); #else /* WIN32 */ int passfd = open(options->readpass, O_RDONLY); if (passfd < 0) { return 0; /* FAILED */ } passlen = (int)read(passfd, passbuf, sizeof passbuf - 1); close(passfd); #endif /* WIN32 */ } if (passlen <= 0) { return 0; /* FAILED */ } while (passlen > 0 && (passbuf[passlen-1] == 0x0a || passbuf[passlen-1] == 0x0d)) { passlen--; } passbuf[passlen] = 0x00; if (!memcmp(passbuf, utf8_bom, sizeof utf8_bom)) { options->pass = OPENSSL_strdup(passbuf + sizeof utf8_bom); } else { options->pass = OPENSSL_strdup(passbuf); } memset(passbuf, 0, sizeof passbuf); #ifdef PROVIDE_ASKPASS } else if (options->askpass) { options->pass = getpassword("Password: "); #endif /* PROVIDE_ASKPASS */ } return 1; /* OK */ } /* * Parse a PKCS#12 container with certificates and a private key. * If successful the private key will be written to options->pkey, * the corresponding certificate to options->cert * and any additional certificates to options->certs. * [in, out] options: structure holds the input data * [returns] 0 on error or 1 on success */ static int read_pkcs12file(GLOBAL_OPTIONS *options) { BIO *btmp; PKCS12 *p12; int ret = 0; btmp = BIO_new_file(options->pkcs12file, "rb"); if (!btmp) { fprintf(stderr, "Failed to read PKCS#12 file: %s\n", options->pkcs12file); return 0; /* FAILED */ } p12 = d2i_PKCS12_bio(btmp, NULL); if (!p12) { fprintf(stderr, "Failed to extract PKCS#12 data: %s\n", options->pkcs12file); goto out; /* FAILED */ } if (!PKCS12_parse(p12, options->pass ? options->pass : "", &options->pkey, &options->cert, &options->certs)) { fprintf(stderr, "Failed to parse PKCS#12 file: %s (Wrong password?)\n", options->pkcs12file); PKCS12_free(p12); goto out; /* FAILED */ } PKCS12_free(p12); ret = 1; /* OK */ out: BIO_free(btmp); return ret; } /* * Obtain a copy of the whole X509_CRL chain * [in] chain: STACK_OF(X509_CRL) structure * [returns] pointer to STACK_OF(X509_CRL) structure */ static STACK_OF(X509_CRL) *X509_CRL_chain_up_ref(STACK_OF(X509_CRL) *chain) { STACK_OF(X509_CRL) *ret; int i; ret = sk_X509_CRL_dup(chain); if (ret == NULL) return NULL; for (i = 0; i < sk_X509_CRL_num(ret); i++) { X509_CRL *x = sk_X509_CRL_value(ret, i); if (!X509_CRL_up_ref(x)) goto err; } return ret; err: while (i-- > 0) X509_CRL_free(sk_X509_CRL_value(ret, i)); sk_X509_CRL_free(ret); return NULL; } /* * Load certificates from a file. * If successful all certificates will be written to options->certs * and optional CRLs will be written to options->crls. * [in, out] options: structure holds the input data * [returns] 0 on error or 1 on success */ static int read_certfile(GLOBAL_OPTIONS *options) { BIO *btmp; int ret = 0; btmp = BIO_new_file(options->certfile, "rb"); if (!btmp) { fprintf(stderr, "Failed to read certificate file: %s\n", options->certfile); return 0; /* FAILED */ } /* .pem certificate file */ options->certs = X509_chain_read_certs(btmp, NULL); /* .der certificate file */ if (!options->certs) { X509 *x = NULL; (void)BIO_seek(btmp, 0); if (d2i_X509_bio(btmp, &x)) { options->certs = sk_X509_new_null(); if (!sk_X509_push(options->certs, x)) { X509_free(x); goto out; /* FAILED */ } printf("Warning: The certificate file contains a single x509 certificate\n"); } } /* .spc or .p7b certificate file (PKCS#7 structure) */ if (!options->certs) { PKCS7 *p7; (void)BIO_seek(btmp, 0); p7 = d2i_PKCS7_bio(btmp, NULL); if (!p7) goto out; /* FAILED */ options->certs = X509_chain_up_ref(p7->d.sign->cert); /* additional CRLs may be supplied as part of a PKCS#7 signed data structure */ if (p7->d.sign->crl) options->crls = X509_CRL_chain_up_ref(p7->d.sign->crl); PKCS7_free(p7); } ret = 1; /* OK */ out: if (ret == 0) fprintf(stderr, "No certificate found\n"); BIO_free(btmp); return ret; } /* * Load additional (cross) certificates from a .pem file * [in, out] options: structure holds the input data * [returns] 0 on error or 1 on success */ static int read_xcertfile(GLOBAL_OPTIONS *options) { BIO *btmp; int ret = 0; btmp = BIO_new_file(options->xcertfile, "rb"); if (!btmp) { fprintf(stderr, "Failed to read cross certificates file: %s\n", options->xcertfile); return 0; /* FAILED */ } options->xcerts = X509_chain_read_certs(btmp, NULL); if (!options->xcerts) { fprintf(stderr, "Failed to read cross certificates file: %s\n", options->xcertfile); goto out; /* FAILED */ } ret = 1; /* OK */ out: BIO_free(btmp); return ret; } /* * Load the private key from a file * [in, out] options: structure holds the input data * [returns] 0 on error or 1 on success */ static int read_keyfile(GLOBAL_OPTIONS *options) { BIO *btmp; int ret = 0; btmp = BIO_new_file(options->keyfile, "rb"); if (!btmp) { fprintf(stderr, "Failed to read private key file: %s\n", options->keyfile); return 0; /* FAILED */ } if (((options->pkey = d2i_PrivateKey_bio(btmp, NULL)) == NULL && (BIO_seek(btmp, 0) == 0) && (options->pkey = PEM_read_bio_PrivateKey(btmp, NULL, NULL, options->pass ? options->pass : NULL)) == NULL && (BIO_seek(btmp, 0) == 0) && (options->pkey = PEM_read_bio_PrivateKey(btmp, NULL, NULL, NULL)) == NULL)) { fprintf(stderr, "Failed to decode private key file: %s (Wrong password?)\n", options->keyfile); goto out; /* FAILED */ } ret = 1; /* OK */ out: BIO_free(btmp); return ret; } /* * Decode Microsoft Private Key (PVK) file. * PVK is a proprietary Microsoft format that stores a cryptographic private key. * PVK files are often password-protected. * A PVK file may have an associated .spc (PKCS7) certificate file. * [in, out] options: structure holds the input data * [returns] PVK file */ static char *find_pvk_key(GLOBAL_OPTIONS *options) { u_char magic[4]; /* Microsoft Private Key format Header Hexdump */ const u_char pvkhdr[4] = {0x1e, 0xf1, 0xb5, 0xb0}; char *pvkfile = NULL; BIO *btmp; if (!options->keyfile #ifndef OPENSSL_NO_ENGINE || options->p11module #endif /* OPENSSL_NO_ENGINE */ ) return NULL; /* FAILED */ btmp = BIO_new_file(options->keyfile, "rb"); if (!btmp) return NULL; /* FAILED */ magic[0] = 0x00; BIO_read(btmp, magic, 4); if (!memcmp(magic, pvkhdr, 4)) { pvkfile = options->keyfile; options->keyfile = NULL; } BIO_free(btmp); return pvkfile; } /* * [in, out] options: structure holds the input data * [returns] 0 on error or 1 on success */ static int read_pvk_key(GLOBAL_OPTIONS *options) { BIO *btmp; btmp = BIO_new_file(options->pvkfile, "rb"); if (!btmp) { fprintf(stderr, "Failed to read private key file: %s\n", options->pvkfile); return 0; /* FAILED */ } options->pkey = b2i_PVK_bio(btmp, NULL, options->pass ? options->pass : NULL); if (!options->pkey && options->askpass) { (void)BIO_seek(btmp, 0); options->pkey = b2i_PVK_bio(btmp, NULL, NULL); } BIO_free(btmp); if (!options->pkey) { fprintf(stderr, "Failed to decode private key file: %s\n", options->pvkfile); return 0; /* FAILED */ } return 1; /* OK */ } #ifndef OPENSSL_NO_ENGINE /* * Load an engine in a shareable library * [in] options: structure holds the input data * [returns] pointer to ENGINE */ static ENGINE *engine_dynamic(GLOBAL_OPTIONS *options) { ENGINE *engine; char *id; engine = ENGINE_by_id("dynamic"); if (!engine) { fprintf(stderr, "Failed to load 'dynamic' engine\n"); return NULL; /* FAILED */ } if (options->p11engine) { /* strip directory and extension */ char *ptr; ptr = strrchr(options->p11engine, '/'); if (!ptr) /* no slash -> try backslash */ ptr = strrchr(options->p11engine, '\\'); if (ptr) /* directory separator found */ ptr++; /* skip it */ else /* directory separator not found */ ptr = options->p11engine; id = OPENSSL_strdup(ptr); ptr = strchr(id, '.'); if (ptr) /* file extensions found */ *ptr = '\0'; /* remove them */ } else { id = OPENSSL_strdup("pkcs11"); } if (!ENGINE_ctrl_cmd_string(engine, "SO_PATH", options->p11engine, 0) || !ENGINE_ctrl_cmd_string(engine, "ID", id, 0) || !ENGINE_ctrl_cmd_string(engine, "LIST_ADD", "1", 0) || !ENGINE_ctrl_cmd_string(engine, "LOAD", NULL, 0)) { fprintf(stderr, "Failed to set 'dynamic' engine\n"); ENGINE_free(engine); engine = NULL; /* FAILED */ } OPENSSL_free(id); return engine; } /* * Load a pkcs11 engine * [in] none * [returns] pointer to ENGINE */ static ENGINE *engine_pkcs11(void) { ENGINE *engine = ENGINE_by_id("pkcs11"); if (!engine) { fprintf(stderr, "Failed to find and load 'pkcs11' engine\n"); return NULL; /* FAILED */ } return engine; /* OK */ } /* * Load the private key and the signer certificate from a security token * [in, out] options: structure holds the input data * [in] engine: ENGINE structure * [returns] 0 on error or 1 on success */ static int read_token(GLOBAL_OPTIONS *options, ENGINE *engine) { if (options->p11module && !ENGINE_ctrl_cmd_string(engine, "MODULE_PATH", options->p11module, 0)) { fprintf(stderr, "Failed to set pkcs11 engine MODULE_PATH to '%s'\n", options->p11module); ENGINE_free(engine); return 0; /* FAILED */ } if (options->pass != NULL && !ENGINE_ctrl_cmd_string(engine, "PIN", options->pass, 0)) { fprintf(stderr, "Failed to set pkcs11 PIN\n"); ENGINE_free(engine); return 0; /* FAILED */ } if (!ENGINE_init(engine)) { fprintf(stderr, "Failed to initialize pkcs11 engine\n"); ENGINE_free(engine); return 0; /* FAILED */ } if (options->login && !ENGINE_ctrl_cmd_string(engine, "FORCE_LOGIN", 0, 0)) { fprintf(stderr, "Failed to force a login to the pkcs11 engine\n"); ENGINE_free(engine); return 0; /* FAILED */ } /* * ENGINE_init() returned a functional reference, so free the structural * reference from ENGINE_by_id(). */ ENGINE_free(engine); if (options->p11cert) { struct { const char *id; X509 *cert; } parms; parms.id = options->p11cert; parms.cert = NULL; ENGINE_ctrl_cmd(engine, "LOAD_CERT_CTRL", 0, &parms, NULL, 1); if (!parms.cert) { fprintf(stderr, "Failed to load certificate %s\n", options->p11cert); ENGINE_finish(engine); return 0; /* FAILED */ } else options->cert = parms.cert; } options->pkey = ENGINE_load_private_key(engine, options->keyfile, NULL, NULL); /* Free the functional reference from ENGINE_init */ ENGINE_finish(engine); if (!options->pkey) { fprintf(stderr, "Failed to load private key %s\n", options->keyfile); return 0; /* FAILED */ } return 1; /* OK */ } #endif /* OPENSSL_NO_ENGINE */ /* * [in, out] options: structure holds the input data * [returns] 0 on error or 1 on success */ static int read_crypto_params(GLOBAL_OPTIONS *options) { int ret = 0; /* Microsoft Private Key format support */ options->pvkfile = find_pvk_key(options); if (options->pvkfile) { if (!read_certfile(options) || !read_pvk_key(options)) goto out; /* FAILED */ /* PKCS#12 container with certificates and the private key ("-pkcs12" option) */ } else if (options->pkcs12file) { if (!read_pkcs12file(options)) goto out; /* FAILED */ #ifndef OPENSSL_NO_ENGINE /* PKCS11 engine and module support */ } else if ((options->p11engine) || (options->p11module)) { ENGINE *engine; if (options->p11engine) engine = engine_dynamic(options); else engine = engine_pkcs11(); if (!engine) goto out; /* FAILED */ printf("Engine \"%s\" set.\n", ENGINE_get_id(engine)); /* Load the private key and the signer certificate from the security token */ if (!read_token(options, engine)) goto out; /* FAILED */ /* Load the signer certificate and the whole certificate chain from a file */ if (options->certfile && !read_certfile(options)) goto out; /* FAILED */ /* PEM / DER / SPC file format support */ } else if (!read_certfile(options) || !read_keyfile(options)) goto out; /* FAILED */ #endif /* OPENSSL_NO_ENGINE */ /* Load additional (cross) certificates ("-ac" option) */ if (options->xcertfile && !read_xcertfile(options)) goto out; /* FAILED */ ret = 1; /* OK */ out: /* reset password */ if (options->pass) { memset(options->pass, 0, strlen(options->pass)); OPENSSL_free(options->pass); } return ret; } /* * [in] none * [returns] default CAfile */ static char *get_cafile(void) { #ifndef WIN32 const char *files[] = { "/etc/ssl/certs/ca-certificates.crt", "/etc/pki/tls/certs/ca-bundle.crt", "/usr/share/ssl/certs/ca-bundle.crt", "/usr/local/share/certs/ca-root-nss.crt", "/etc/ssl/cert.pem", NULL }; int i; for (i=0; files[i]; i++) { if (!access(files[i], R_OK)) { return OPENSSL_strdup(files[i]); } } #endif /* WIN32 */ return NULL; } static void print_version(void) { char *cafile = get_cafile(); #ifdef PACKAGE_STRING printf("%s, using:\n", PACKAGE_STRING); #else /* PACKAGE_STRING */ printf("%s, using:\n", "osslsigncode custom build"); #endif /* PACKAGE_STRING */ printf("\t%s (Library: %s)\n", OPENSSL_VERSION_TEXT, OpenSSL_version(OPENSSL_VERSION)); #if OPENSSL_VERSION_NUMBER<0x30000000L #ifdef ENABLE_CURL printf("\t%s\n", curl_version()); #else /* ENABLE_CURL */ printf("\t%s\n", "no libcurl available"); #endif /* ENABLE_CURL */ #endif /* OPENSSL_VERSION_NUMBER<0x30000000L */ if (cafile) { printf("Default -CAfile location: %s\n", cafile); OPENSSL_free(cafile); } else { printf("No default -CAfile location detected\n"); } #ifdef PACKAGE_BUGREPORT printf("\nPlease send bug-reports to " PACKAGE_BUGREPORT "\n"); #endif /* PACKAGE_BUGREPORT */ printf("\n"); } /* * [in] argv * [returns] cmd_type_t: command */ static cmd_type_t get_command(char **argv) { if (!strcmp(argv[1], "--help")) { print_version(); help_for(argv[0], "all"); return CMD_HELP; } else if (!strcmp(argv[1], "-v") || !strcmp(argv[1], "--version")) { print_version(); return CMD_HELP; } else if (!strcmp(argv[1], "sign")) return CMD_SIGN; else if (!strcmp(argv[1], "extract-data")) return CMD_EXTRACT_DATA; else if (!strcmp(argv[1], "extract-signature")) return CMD_EXTRACT; else if (!strcmp(argv[1], "attach-signature")) return CMD_ATTACH; else if (!strcmp(argv[1], "remove-signature")) return CMD_REMOVE; else if (!strcmp(argv[1], "verify")) return CMD_VERIFY; else if (!strcmp(argv[1], "add")) return CMD_ADD; return CMD_DEFAULT; } #if OPENSSL_VERSION_NUMBER>=0x30000000L DEFINE_STACK_OF(OSSL_PROVIDER) static STACK_OF(OSSL_PROVIDER) *providers = NULL; static void provider_free(OSSL_PROVIDER *prov) { OSSL_PROVIDER_unload(prov); } static void providers_cleanup(void) { sk_OSSL_PROVIDER_pop_free(providers, provider_free); providers = NULL; } static int provider_load(OSSL_LIB_CTX *libctx, const char *pname) { OSSL_PROVIDER *prov= OSSL_PROVIDER_load(libctx, pname); if (prov == NULL) { fprintf(stderr, "Unable to load provider: %s\n", pname); return 0; /* FAILED */ } if (providers == NULL) { providers = sk_OSSL_PROVIDER_new_null(); } if (providers == NULL || !sk_OSSL_PROVIDER_push(providers, prov)) { providers_cleanup(); return 0; /* FAILED */ } return 1; /* OK */ } static int use_legacy(void) { /* load the legacy provider if not loaded already */ if (!OSSL_PROVIDER_available(NULL, "legacy")) { if (!provider_load(NULL, "legacy")) return 0; /* FAILED */ /* load the default provider explicitly */ if (!provider_load(NULL, "default")) return 0; /* FAILED */ } return 1; /* OK */ } #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ static int file_exists(const char *filename) { if (filename) { FILE *file = fopen(filename, "rb"); if (file) { fclose(file); return 1; /* File exists */ } } return 0; /* File does not exist */ } /* * [in] argc, argv * [in, out] options: structure holds the input data * [returns] 0 on error or 1 on success */ static int main_configure(int argc, char **argv, GLOBAL_OPTIONS *options) { int i; char *failarg = NULL; const char *argv0; cmd_type_t cmd = CMD_SIGN; argv0 = argv[0]; if (argc > 1) { cmd = get_command(argv); if (cmd == CMD_DEFAULT) { cmd = CMD_SIGN; } else { argv++; argc--; } } options->cmd = cmd; options->md = EVP_sha256(); options->time = INVALID_TIME; options->jp = -1; options->index = -1; options->nested_number = -1; #if OPENSSL_VERSION_NUMBER>=0x30000000L /* Use legacy PKCS#12 container with RC2-40-CBC private key and certificate encryption algorithm */ options->legacy = 1; #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ if (cmd == CMD_HELP) { return 0; /* FAILED */ } if (cmd == CMD_SIGN || cmd == CMD_VERIFY || cmd == CMD_ATTACH) { options->cafile = get_cafile(); options->https_cafile = get_cafile(); options->tsa_cafile = get_cafile(); } for (argc--,argv++; argc >= 1; argc--,argv++) { if (!strcmp(*argv, "-in")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->infile = *(++argv); } else if (!strcmp(*argv, "-out")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->outfile = *(++argv); } else if (!strcmp(*argv, "-sigin")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->sigfile = *(++argv); } else if ((cmd == CMD_SIGN) && (!strcmp(*argv, "-spc") || !strcmp(*argv, "-certs"))) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->certfile = *(++argv); } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-ac")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->xcertfile = *(++argv); } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-key")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->keyfile = *(++argv); } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-pkcs12")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->pkcs12file = *(++argv); } else if ((cmd == CMD_SIGN || cmd == CMD_EXTRACT || cmd == CMD_EXTRACT_DATA) && !strcmp(*argv, "-pem")) { options->output_pkcs7 = 1; #ifndef OPENSSL_NO_ENGINE } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-pkcs11cert")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->p11cert = *(++argv); } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-pkcs11engine")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->p11engine = *(++argv); } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-pkcs11module")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->p11module = *(++argv); } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-login")) { options->login = 1; #endif /* OPENSSL_NO_ENGINE */ #if OPENSSL_VERSION_NUMBER>=0x30000000L } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-nolegacy")) { options->legacy = 0; #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-pass")) { if (options->askpass || options->readpass) { usage(argv0, "all"); return 0; /* FAILED */ } if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->pass = OPENSSL_strdup(*(++argv)); memset(*argv, 0, strlen(*argv)); #ifdef PROVIDE_ASKPASS } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-askpass")) { if (options->pass || options->readpass) { usage(argv0, "all"); return 0; /* FAILED */ } options->askpass = 1; #endif /* PROVIDE_ASKPASS */ } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-readpass")) { if (options->askpass || options->pass) { usage(argv0, "all"); return 0; /* FAILED */ } if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->readpass = *(++argv); } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-comm")) { options->comm = 1; } else if ((cmd == CMD_SIGN || cmd == CMD_EXTRACT_DATA) && !strcmp(*argv, "-ph")) { options->pagehash = 1; } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-n")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->desc = *(++argv); } else if ((cmd == CMD_SIGN || cmd == CMD_ADD || cmd == CMD_ATTACH || cmd == CMD_EXTRACT_DATA) && !strcmp(*argv, "-h")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } ++argv; if (!strcmp(*argv, "md5")) { options->md = EVP_md5(); } else if (!strcmp(*argv, "sha1")) { options->md = EVP_sha1(); } else if (!strcmp(*argv, "sha2") || !strcmp(*argv, "sha256")) { options->md = EVP_sha256(); } else if (!strcmp(*argv, "sha384")) { options->md = EVP_sha384(); } else if (!strcmp(*argv, "sha512")) { options->md = EVP_sha512(); } else { usage(argv0, "all"); return 0; /* FAILED */ } } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "-i")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->url = *(++argv); } else if ((cmd == CMD_ATTACH || cmd == CMD_SIGN || cmd == CMD_VERIFY) && (!strcmp(*argv, "-time") || !strcmp(*argv, "-st"))) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->time = (time_t)strtoull(*(++argv), NULL, 10); } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-t")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->turl[options->nturl++] = *(++argv); } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-ts")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->tsurl[options->ntsurl++] = *(++argv); } else if ((cmd == CMD_SIGN || cmd == CMD_ADD || cmd == CMD_VERIFY) && !strcmp(*argv, "-p")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->proxy = *(++argv); } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-noverifypeer")) { options->noverifypeer = 1; } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-addUnauthenticatedBlob")) { options->addBlob = 1; } else if ((cmd == CMD_SIGN || cmd == CMD_ATTACH) && !strcmp(*argv, "-nest")) { options->nest = 1; } else if ((cmd == CMD_ADD || cmd == CMD_VERIFY) && !strcmp(*argv, "-index")) { char *tmp_str; if (--argc < 1 ) { usage(argv0, "all"); return 0; /* FAILED */ } options->index = (int)strtol(*(++argv), &tmp_str, 10); if (tmp_str == *argv || *tmp_str != '\0' || errno == ERANGE) { /* not a number */ usage(argv0, "all"); return 0; /* FAILED */ } } else if ((cmd == CMD_VERIFY) && !strcmp(*argv, "-ignore-timestamp")) { options->ignore_timestamp = 1; } else if ((cmd == CMD_VERIFY) && !strcmp(*argv, "-ignore-cdp")) { options->ignore_cdp = 1; } else if ((cmd == CMD_VERIFY) && !strcmp(*argv, "-ignore-crl")) { options->ignore_crl = 1; } else if ((cmd == CMD_SIGN || cmd == CMD_ADD || cmd == CMD_VERIFY) && !strcmp(*argv, "-verbose")) { options->verbose = 1; } else if ((cmd == CMD_SIGN || cmd == CMD_EXTRACT_DATA || cmd == CMD_ADD || cmd == CMD_ATTACH) && !strcmp(*argv, "-add-msi-dse")) { options->add_msi_dse = 1; } else if ((cmd == CMD_VERIFY) && (!strcmp(*argv, "-c") || !strcmp(*argv, "-catalog"))) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->catalog = *(++argv); } else if ((cmd == CMD_VERIFY || cmd == CMD_ATTACH) && !strcmp(*argv, "-CAfile")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } OPENSSL_free(options->cafile); options->cafile = OPENSSL_strdup(*++argv); } else if ((cmd == CMD_VERIFY || cmd == CMD_ATTACH) && !strcmp(*argv, "-CRLfile")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->crlfile = OPENSSL_strdup(*++argv); } else if ((cmd == CMD_SIGN || cmd == CMD_ADD || cmd == CMD_VERIFY) && !strcmp(*argv, "-HTTPS-CAfile")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } OPENSSL_free(options->https_cafile); options->https_cafile = OPENSSL_strdup(*++argv); } else if ((cmd == CMD_SIGN || cmd == CMD_ADD || cmd == CMD_VERIFY) && !strcmp(*argv, "-HTTPS-CRLfile")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->https_crlfile = OPENSSL_strdup(*++argv); } else if ((cmd == CMD_VERIFY || cmd == CMD_ATTACH) && (!strcmp(*argv, "-untrusted") || !strcmp(*argv, "-TSA-CAfile"))) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } OPENSSL_free(options->tsa_cafile); options->tsa_cafile = OPENSSL_strdup(*++argv); } else if ((cmd == CMD_VERIFY || cmd == CMD_ATTACH) && (!strcmp(*argv, "-CRLuntrusted") || !strcmp(*argv, "-TSA-CRLfile"))) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->tsa_crlfile = OPENSSL_strdup(*++argv); } else if ((cmd == CMD_VERIFY || cmd == CMD_ATTACH) && !strcmp(*argv, "-require-leaf-hash")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->leafhash = (*++argv); } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-TSA-certs")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->tsa_certfile = *(++argv); } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-TSA-key")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->tsa_keyfile = *(++argv); } else if ((cmd == CMD_SIGN || cmd == CMD_ADD) && !strcmp(*argv, "-TSA-time")) { if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } options->tsa_time = (time_t)strtoull(*(++argv), NULL, 10); } else if ((cmd == CMD_ADD) && !strcmp(*argv, "--help")) { help_for(argv0, "add"); cmd = CMD_HELP; return 0; /* FAILED */ } else if ((cmd == CMD_ATTACH) && !strcmp(*argv, "--help")) { help_for(argv0, "attach-signature"); cmd = CMD_HELP; return 0; /* FAILED */ } else if ((cmd == CMD_EXTRACT) && !strcmp(*argv, "--help")) { help_for(argv0, "extract-signature"); cmd = CMD_HELP; return 0; /* FAILED */ } else if ((cmd == CMD_REMOVE) && !strcmp(*argv, "--help")) { help_for(argv0, "remove-signature"); cmd = CMD_HELP; return 0; /* FAILED */ } else if ((cmd == CMD_SIGN) && !strcmp(*argv, "--help")) { help_for(argv0, "sign"); cmd = CMD_HELP; return 0; /* FAILED */ } else if ((cmd == CMD_EXTRACT_DATA) && !strcmp(*argv, "--help")) { help_for(argv0, "extract-data"); cmd = CMD_HELP; return 0; /* FAILED */ } else if ((cmd == CMD_VERIFY) && !strcmp(*argv, "--help")) { help_for(argv0, "verify"); cmd = CMD_HELP; return 0; /* FAILED */ } else if (!strcmp(*argv, "-jp")) { char *ap; if (--argc < 1) { usage(argv0, "all"); return 0; /* FAILED */ } ap = *(++argv); for (i=0; ap[i]; i++) ap[i] = (char)tolower((int)ap[i]); if (!strcmp(ap, "low")) { options->jp = 0; } else if (!strcmp(ap, "medium")) { options->jp = 1; } else if (!strcmp(ap, "high")) { options->jp = 2; } if (options->jp != 0) { /* XXX */ usage(argv0, "all"); return 0; /* FAILED */ } } else { failarg = *argv; break; } } if (!options->infile && argc > 0) { options->infile = *(argv++); argc--; } if (cmd != CMD_VERIFY && (!options->outfile && argc > 0)) { if (!strcmp(*argv, "-out")) { argv++; argc--; } if (argc > 0) { options->outfile = *(argv++); argc--; } } if (cmd != CMD_VERIFY && file_exists(options->outfile)) { fprintf(stderr, "Overwriting an existing file is not supported.\n"); return 0; /* FAILED */ } if (argc > 0 || (options->nturl && options->ntsurl) || (options->nturl && options->tsa_certfile && options->tsa_keyfile) || (options->ntsurl && options->tsa_certfile && options->tsa_keyfile) || !options->infile || (cmd != CMD_VERIFY && !options->outfile) || (cmd == CMD_SIGN && !((options->certfile && options->keyfile) || #ifndef OPENSSL_NO_ENGINE options->p11engine || options->p11module || #endif /* OPENSSL_NO_ENGINE */ options->pkcs12file))) { if (failarg) fprintf(stderr, "Unknown option: %s\n", failarg); usage(argv0, "all"); return 0; /* FAILED */ } #ifndef WIN32 if ((cmd == CMD_VERIFY || cmd == CMD_ATTACH) && access(options->cafile, R_OK)) { printf("Use the \"-CAfile\" option to add one or more trusted CA certificates to verify the signature.\n"); return 0; /* FAILED */ } #endif /* WIN32 */ #if OPENSSL_VERSION_NUMBER>=0x30000000L if (cmd == CMD_SIGN && options->legacy && !use_legacy()) { printf("Warning: Legacy mode disabled\n"); } #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ return 1; /* OK */ } int main(int argc, char **argv) { FILE_FORMAT_CTX *ctx = NULL; GLOBAL_OPTIONS options; PKCS7 *p7 = NULL, *cursig = NULL; BIO *outdata = NULL; BIO *hash = NULL; int ret = -1; /* reset options */ memset(&options, 0, sizeof(GLOBAL_OPTIONS)); /* Set up OpenSSL */ if (!OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL)) DO_EXIT_0("Failed to init crypto\n"); /* create some MS Authenticode OIDS we need later on */ if (!OBJ_create(SPC_STATEMENT_TYPE_OBJID, NULL, NULL) /* PKCS9_COUNTER_SIGNATURE exists as OpenSSL OBJ_pkcs9_countersignature */ || !OBJ_create(MS_JAVA_SOMETHING, NULL, NULL) || !OBJ_create(SPC_SP_OPUS_INFO_OBJID, NULL, NULL) || !OBJ_create(SPC_NESTED_SIGNATURE_OBJID, NULL, NULL) || !OBJ_create(SPC_UNAUTHENTICATED_DATA_BLOB_OBJID, NULL, NULL) || !OBJ_create(SPC_RFC3161_OBJID, NULL, NULL) || !OBJ_create(PKCS9_SEQUENCE_NUMBER, NULL, NULL)) DO_EXIT_0("Failed to create objects\n"); /* commands and options initialization */ if (!main_configure(argc, argv, &options)) goto err_cleanup; if (!read_password(&options)) { DO_EXIT_1("Failed to read password from file: %s\n", options.readpass); } /* read key and certificates */ if (options.cmd == CMD_SIGN && !read_crypto_params(&options)) DO_EXIT_0("Failed to read key or certificates\n"); if (options.cmd != CMD_VERIFY) { /* Create message digest BIO */ hash = BIO_new(BIO_f_md()); if (!BIO_set_md(hash, options.md)) { DO_EXIT_0("Unable to set the message digest of BIO\n"); } /* Create outdata file */ outdata = BIO_new_file(options.outfile, "w+bx"); if (!outdata && errno != EEXIST) outdata = BIO_new_file(options.outfile, "w+b"); if (!outdata) { BIO_free_all(hash); DO_EXIT_1("Failed to create file: %s\n", options.outfile); } } ctx = file_format_script.ctx_new(&options, hash, outdata); if (!ctx) ctx = file_format_msi.ctx_new(&options, hash, outdata); if (!ctx) ctx = file_format_pe.ctx_new(&options, hash, outdata); if (!ctx) ctx = file_format_cab.ctx_new(&options, hash, outdata); if (!ctx) ctx = file_format_appx.ctx_new(&options, hash, outdata); if (!ctx) ctx = file_format_cat.ctx_new(&options, hash, outdata); if (!ctx) { if (outdata && options.outfile) { /* unlink outfile */ remove_file(options.outfile); } BIO_free_all(hash); BIO_free_all(outdata); outdata = NULL; ret = 1; /* FAILED */ DO_EXIT_0("Initialization error or unsupported input file type.\n"); } if (options.cmd == CMD_VERIFY) { ret = verify_signed_file(ctx, &options); goto skip_signing; } else if (options.cmd == CMD_EXTRACT_DATA) { if (!ctx->format->pkcs7_contents_get) { DO_EXIT_0("Unsupported command: extract-data\n"); } p7 = ctx->format->pkcs7_contents_get(ctx, hash, options.md); if (!p7) { DO_EXIT_0("Unable to extract pkcs7 contents\n"); } ret = data_write_pkcs7(ctx, outdata, p7); PKCS7_free(p7); goto skip_signing; } else if (options.cmd == CMD_EXTRACT) { if (!ctx->format->pkcs7_extract) { DO_EXIT_0("Unsupported command: extract-signature\n"); } p7 = ctx->format->pkcs7_extract(ctx); if (!p7) { DO_EXIT_0("Unable to extract existing signature\n"); } ret = data_write_pkcs7(ctx, outdata, p7); PKCS7_free(p7); goto skip_signing; } else if (options.cmd == CMD_REMOVE) { if (!ctx->format->remove_pkcs7) { DO_EXIT_0("Unsupported command: remove-signature\n"); } ret = ctx->format->remove_pkcs7(ctx, hash, outdata); if (ret) { DO_EXIT_0("Unable to remove existing signature\n"); } if (ctx->format->update_data_size) { ctx->format->update_data_size(ctx, outdata, NULL); } goto skip_signing; } else if (options.cmd == CMD_ADD) { if (!ctx->format->pkcs7_extract) { DO_EXIT_0("Unsupported command: add\n"); } /* Obtain a current signature from previously-signed file */ p7 = ctx->format->pkcs7_extract(ctx); if (!p7) { DO_EXIT_0("Unable to extract existing signature\n"); } if (ctx->format->process_data) { if (!ctx->format->process_data(ctx, hash, outdata)) { DO_EXIT_0("Unable to read input file\n"); } } } else if (options.cmd == CMD_ATTACH) { if (options.nest) { if (!ctx->format->pkcs7_extract_to_nest) { printf("Warning: Unsupported nesting (multiple signature)\n"); } else { /* Obtain a current signature from previously-signed file */ cursig = ctx->format->pkcs7_extract_to_nest(ctx); if (!cursig) { DO_EXIT_0("Unable to extract existing signature\n"); } options.nested_number = nested_signatures_number_get(cursig); if (options.nested_number < 0) { PKCS7_free(cursig); DO_EXIT_0("Unable to get number of nested signatures\n"); } } } /* Obtain an existing PKCS#7 signature from a "sigin" file */ p7 = pkcs7_get_sigfile(ctx); if (!p7) { PKCS7_free(cursig); DO_EXIT_0("Unable to extract valid signature\n"); } if (ctx->format->process_data) { if (!ctx->format->process_data(ctx, hash, outdata)) { DO_EXIT_0("Unable to read input file\n"); } } } else if (options.cmd == CMD_SIGN) { if (options.nest) { if (!ctx->format->pkcs7_extract_to_nest) { printf("Warning: Unsupported nesting (multiple signature)\n"); } else { /* Obtain a current signature from previously-signed file */ cursig = ctx->format->pkcs7_extract_to_nest(ctx); if (!cursig) { DO_EXIT_0("Unable to extract existing signature\n"); } options.nested_number = nested_signatures_number_get(cursig); if (options.nested_number < 0) { PKCS7_free(cursig); DO_EXIT_0("Unable to get number of nested signatures\n"); } } } if (ctx->format->process_data) { if (!ctx->format->process_data(ctx, hash, outdata)) { DO_EXIT_0("Unable to read input file\n"); } } if (ctx->format->pkcs7_signature_new) { /* Create a new PKCS#7 signature */ p7 = ctx->format->pkcs7_signature_new(ctx, hash); if (!p7) { DO_EXIT_0("Unable to prepare new signature\n"); } } } else { DO_EXIT_0("Unsupported command\n"); } if (options.index > 0) { /* CMD_ADD or CMD_VERIFY */ ret = add_nested_timestamp_and_blob(p7, ctx, options.index); } else { ret = add_timestamp_and_blob(p7, ctx); } if (ret) { PKCS7_free(p7); DO_EXIT_0("Unable to set unauthenticated attributes\n"); } if (cursig) { /* CMD_SIGN or CMD_ATTACH */ if (!cursig_set_nested(cursig, p7)) DO_EXIT_0("Unable to append the nested signature to the current signature\n"); PKCS7_free(p7); p7 = cursig; cursig = NULL; } if (ctx->format->append_pkcs7) { ret = ctx->format->append_pkcs7(ctx, outdata, p7); if (ret) { PKCS7_free(p7); DO_EXIT_0("Append signature to outfile failed\n"); } } if (ctx->format->update_data_size) { ctx->format->update_data_size(ctx, outdata, p7); } PKCS7_free(p7); skip_signing: if (ctx->format->bio_free) { ctx->format->bio_free(hash, outdata); outdata = NULL; } if (!ret && options.cmd == CMD_ATTACH) { ret = check_attached_data(&options); if (!ret) printf("Signature successfully attached\n"); /* else * the new PKCS#7 signature has been successfully appended to the outfile * but only its verification failed (incorrect verification parameters?) * so the output file is not deleted */ } err_cleanup: if (outdata) { BIO *head = hash; int outdata_in_hash = 0; while (head) { BIO *tail = BIO_pop(head); if (head == outdata) outdata_in_hash = 1; BIO_free(head); head = tail; } if (!outdata_in_hash) BIO_free_all(outdata); if (options.outfile) { /* unlink outfile */ remove_file(options.outfile); } } if (ctx && ctx->format->ctx_cleanup) { ctx->format->ctx_cleanup(ctx); } #if OPENSSL_VERSION_NUMBER>=0x30000000L providers_cleanup(); #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ if (ret) ERR_print_errors_fp(stderr); if (options.cmd == CMD_HELP) ret = 0; /* OK */ else printf(ret ? "Failed\n" : "Succeeded\n"); free_options(&options); return ret; } /* Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: */ osslsigncode-2.9/osslsigncode.h000066400000000000000000000350141464004761700167410ustar00rootroot00000000000000/* * Copyright (C) 2021-2023 Michał Trojnara * Author: Małgorzata Olszówka */ #define OPENSSL_API_COMPAT 0x10100000L #define OPENSSL_NO_DEPRECATED #if defined(_MSC_VER) || defined(__MINGW32__) #define HAVE_WINDOWS_H #endif /* _MSC_VER || __MINGW32__ */ #ifdef HAVE_WINDOWS_H #define NOCRYPT #define WIN32_LEAN_AND_MEAN #include #include #endif /* HAVE_WINDOWS_H */ #ifdef HAVE_CONFIG_H #include "config.h" #endif /* HAVE_CONFIG_H */ #include #include #include #include #include #include #include #include #include #ifndef _WIN32 #include #include #ifdef HAVE_SYS_MMAN_H #include #endif /* HAVE_SYS_MMAN_H */ #ifdef HAVE_TERMIOS_H #include #endif /* HAVE_TERMIOS_H */ #endif /* _WIN32 */ #include #include #include #include #include #include #include #include #ifndef OPENSSL_NO_ENGINE #include #endif /* OPENSSL_NO_ENGINE */ #include #include #include #include #include #include #if OPENSSL_VERSION_NUMBER>=0x30000000L #include #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ #include #include #include #include #include #include /* X509_PURPOSE */ #ifdef ENABLE_CURL #ifdef __CYGWIN__ #ifndef SOCKET #define SOCKET UINT_PTR #endif /* SOCKET */ #endif /* __CYGWIN__ */ #include #endif /* ENABLE_CURL */ /* Request nonce length, in bits (must be a multiple of 8). */ #define NONCE_LENGTH 64 #define MAX_TS_SERVERS 256 #if defined (HAVE_TERMIOS_H) || defined (HAVE_GETPASS) #define PROVIDE_ASKPASS 1 #endif #ifdef _MSC_VER /* not WIN32, because strcasecmp exists in MinGW */ #define strcasecmp _stricmp #endif #ifdef WIN32 #define remove_file(filename) _unlink(filename) #else #define remove_file(filename) unlink(filename) #endif /* WIN32 */ #define GET_UINT8_LE(p) ((const u_char *)(p))[0] #define GET_UINT16_LE(p) (uint16_t)(((const u_char *)(p))[0] | \ (((const u_char *)(p))[1] << 8)) #define GET_UINT32_LE(p) (uint32_t)(((const u_char *)(p))[0] | \ (((const u_char *)(p))[1] << 8) | \ (((const u_char *)(p))[2] << 16) | \ (((const u_char *)(p))[3] << 24)) #define PUT_UINT8_LE(i, p) ((u_char *)(p))[0] = (u_char)((i) & 0xff); #define PUT_UINT16_LE(i,p) ((u_char *)(p))[0] = (u_char)((i) & 0xff); \ ((u_char *)(p))[1] = (u_char)(((i) >> 8) & 0xff) #define PUT_UINT32_LE(i,p) ((u_char *)(p))[0] = (u_char)((i) & 0xff); \ ((u_char *)(p))[1] = (u_char)(((i) >> 8) & 0xff); \ ((u_char *)(p))[2] = (u_char)(((i) >> 16) & 0xff); \ ((u_char *)(p))[3] = (u_char)(((i) >> 24) & 0xff) #ifndef FALSE #define FALSE 0 #endif #ifndef TRUE #define TRUE 1 #endif #define SIZE_64K 65536 /* 2^16 */ #define SIZE_16M 16777216 /* 2^24 */ /* * Macro names: * linux: __BYTE_ORDER == __LITTLE_ENDIAN | __BIG_ENDIAN * BYTE_ORDER == LITTLE_ENDIAN | BIG_ENDIAN * bsd: _BYTE_ORDER == _LITTLE_ENDIAN | _BIG_ENDIAN * BYTE_ORDER == LITTLE_ENDIAN | BIG_ENDIAN * solaris: _LITTLE_ENDIAN | _BIG_ENDIAN */ #ifndef BYTE_ORDER #define LITTLE_ENDIAN 1234 #define BIG_ENDIAN 4321 #define BYTE_ORDER LITTLE_ENDIAN #endif /* BYTE_ORDER */ #if !defined(BYTE_ORDER) || !defined(LITTLE_ENDIAN) || !defined(BIG_ENDIAN) #error "Cannot determine the endian-ness of this platform" #endif #ifndef LOWORD #define LOWORD(x) ((x) & 0xFFFF) #endif /* LOWORD */ #ifndef HIWORD #define HIWORD(x) (((x) >> 16) & 0xFFFF) #endif /* HIWORD */ #if BYTE_ORDER == BIG_ENDIAN #define LE_UINT16(x) ((((x) >> 8) & 0x00FF) | \ (((x) << 8) & 0xFF00)) #define LE_UINT32(x) (((x) >> 24) | \ (((x) & 0x00FF0000) >> 8) | \ (((x) & 0x0000FF00) << 8) | \ ((x) << 24)) #else #define LE_UINT16(x) (x) #define LE_UINT32(x) (x) #endif /* BYTE_ORDER == BIG_ENDIAN */ #define MIN(a,b) ((a) < (b) ? a : b) #define INVALID_TIME ((time_t)-1) /* Microsoft OID Authenticode */ #define SPC_INDIRECT_DATA_OBJID "1.3.6.1.4.1.311.2.1.4" #define SPC_STATEMENT_TYPE_OBJID "1.3.6.1.4.1.311.2.1.11" #define SPC_SP_OPUS_INFO_OBJID "1.3.6.1.4.1.311.2.1.12" #define SPC_PE_IMAGE_DATA_OBJID "1.3.6.1.4.1.311.2.1.15" #define SPC_CAB_DATA_OBJID "1.3.6.1.4.1.311.2.1.25" #define SPC_SIPINFO_OBJID "1.3.6.1.4.1.311.2.1.30" #define SPC_PE_IMAGE_PAGE_HASHES_V1 "1.3.6.1.4.1.311.2.3.1" /* SHA1 */ #define SPC_PE_IMAGE_PAGE_HASHES_V2 "1.3.6.1.4.1.311.2.3.2" /* SHA256 */ #define SPC_NESTED_SIGNATURE_OBJID "1.3.6.1.4.1.311.2.4.1" /* Microsoft OID Time Stamping */ #define SPC_TIME_STAMP_REQUEST_OBJID "1.3.6.1.4.1.311.3.2.1" #define SPC_RFC3161_OBJID "1.3.6.1.4.1.311.3.3.1" /* Microsoft OID Crypto 2.0 */ #define MS_CTL_OBJID "1.3.6.1.4.1.311.10.1" /* Microsoft OID Catalog */ #define CAT_NAMEVALUE_OBJID "1.3.6.1.4.1.311.12.2.1" /* Microsoft OID Microsoft_Java */ #define MS_JAVA_SOMETHING "1.3.6.1.4.1.311.15.1" #define SPC_UNAUTHENTICATED_DATA_BLOB_OBJID "1.3.6.1.4.1.42921.1.2.1" /* Public Key Cryptography Standards PKCS#9 */ #define PKCS9_MESSAGE_DIGEST "1.2.840.113549.1.9.4" #define PKCS9_SIGNING_TIME "1.2.840.113549.1.9.5" #define PKCS9_COUNTER_SIGNATURE "1.2.840.113549.1.9.6" #define PKCS9_SEQUENCE_NUMBER "1.2.840.113549.1.9.25.4" /* WIN_CERTIFICATE structure declared in Wintrust.h */ #define WIN_CERT_REVISION_2_0 0x0200 #define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002 /* * FLAG_PREV_CABINET is set if the cabinet file is not the first in a set * of cabinet files. When this bit is set, the szCabinetPrev and szDiskPrev * fields are present in this CFHEADER. */ #define FLAG_PREV_CABINET 0x0001 /* * FLAG_NEXT_CABINET is set if the cabinet file is not the last in a set of * cabinet files. When this bit is set, the szCabinetNext and szDiskNext * fields are present in this CFHEADER. */ #define FLAG_NEXT_CABINET 0x0002 /* * FLAG_RESERVE_PRESENT is set if the cabinet file contains any reserved * fields. When this bit is set, the cbCFHeader, cbCFFolder, and cbCFData * fields are present in this CFHEADER. */ #define FLAG_RESERVE_PRESENT 0x0004 #define DO_EXIT_0(x) { fprintf(stderr, x); goto err_cleanup; } #define DO_EXIT_1(x, y) { fprintf(stderr, x, y); goto err_cleanup; } #define DO_EXIT_2(x, y, z) { fprintf(stderr, x, y, z); goto err_cleanup; } /* Default policy if request did not specify it. */ #define TSA_POLICY1 "1.2.3.4.1" typedef enum { CMD_SIGN, CMD_EXTRACT, CMD_EXTRACT_DATA, CMD_REMOVE, CMD_VERIFY, CMD_ADD, CMD_ATTACH, CMD_HELP, CMD_DEFAULT } cmd_type_t; typedef unsigned char u_char; typedef struct { char *infile; char *outfile; char *sigfile; char *certfile; char *xcertfile; char *keyfile; char *pvkfile; char *pkcs12file; int output_pkcs7; #ifndef OPENSSL_NO_ENGINE char *p11engine; char *p11module; char *p11cert; int login; #endif /* OPENSSL_NO_ENGINE */ int askpass; char *readpass; char *pass; int comm; int pagehash; char *desc; const EVP_MD *md; char *url; time_t time; char *turl[MAX_TS_SERVERS]; int nturl; char *tsurl[MAX_TS_SERVERS]; int ntsurl; char *proxy; int noverifypeer; int addBlob; int nest; int index; int ignore_timestamp; int ignore_cdp; int ignore_crl; int verbose; int add_msi_dse; char *catalog; char *cafile; char *crlfile; char *https_cafile; char *https_crlfile; char *tsa_cafile; char *tsa_crlfile; char *leafhash; int jp; #if OPENSSL_VERSION_NUMBER>=0x30000000L int legacy; #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ EVP_PKEY *pkey; X509 *cert; STACK_OF(X509) *certs; STACK_OF(X509) *xcerts; STACK_OF(X509_CRL) *crls; cmd_type_t cmd; char *indata; char *tsa_certfile; char *tsa_keyfile; time_t tsa_time; int nested_number; } GLOBAL_OPTIONS; /* * ASN.1 definitions (more or less from official MS Authenticode docs) */ typedef struct { int type; union { ASN1_BMPSTRING *unicode; ASN1_IA5STRING *ascii; } value; } SpcString; DECLARE_ASN1_FUNCTIONS(SpcString) typedef struct { ASN1_OCTET_STRING *classId; ASN1_OCTET_STRING *serializedData; } SpcSerializedObject; DECLARE_ASN1_FUNCTIONS(SpcSerializedObject) typedef struct { int type; union { ASN1_IA5STRING *url; SpcSerializedObject *moniker; SpcString *file; } value; } SpcLink; DECLARE_ASN1_FUNCTIONS(SpcLink) typedef struct { SpcString *programName; SpcLink *moreInfo; } SpcSpOpusInfo; DECLARE_ASN1_FUNCTIONS(SpcSpOpusInfo) typedef struct { ASN1_INTEGER *a; ASN1_OCTET_STRING *string; ASN1_INTEGER *b; ASN1_INTEGER *c; ASN1_INTEGER *d; ASN1_INTEGER *e; ASN1_INTEGER *f; } SpcSipInfo; DECLARE_ASN1_FUNCTIONS(SpcSipInfo) typedef struct { ASN1_OBJECT *type; ASN1_TYPE *value; } SpcAttributeTypeAndOptionalValue; DECLARE_ASN1_FUNCTIONS(SpcAttributeTypeAndOptionalValue) typedef struct { ASN1_OBJECT *algorithm; ASN1_TYPE *parameters; } AlgorithmIdentifier; DECLARE_ASN1_FUNCTIONS(AlgorithmIdentifier) typedef struct { AlgorithmIdentifier *digestAlgorithm; ASN1_OCTET_STRING *digest; } DigestInfo; DECLARE_ASN1_FUNCTIONS(DigestInfo) typedef struct { SpcAttributeTypeAndOptionalValue *data; DigestInfo *messageDigest; } SpcIndirectDataContent; DECLARE_ASN1_FUNCTIONS(SpcIndirectDataContent) typedef struct CatalogAuthAttr_st { ASN1_OBJECT *type; ASN1_TYPE *contents; } CatalogAuthAttr; DEFINE_STACK_OF(CatalogAuthAttr) DECLARE_ASN1_FUNCTIONS(CatalogAuthAttr) typedef struct { AlgorithmIdentifier *digestAlgorithm; ASN1_OCTET_STRING *digest; } MessageImprint; DECLARE_ASN1_FUNCTIONS(MessageImprint) typedef struct { ASN1_OBJECT *type; ASN1_OCTET_STRING *signature; } TimeStampRequestBlob; DECLARE_ASN1_FUNCTIONS(TimeStampRequestBlob) typedef struct { ASN1_OBJECT *type; TimeStampRequestBlob *blob; } TimeStampRequest; DECLARE_ASN1_FUNCTIONS(TimeStampRequest) /* RFC3161 Time stamping */ typedef struct { ASN1_INTEGER *status; STACK_OF(ASN1_UTF8STRING) *statusString; ASN1_BIT_STRING *failInfo; } PKIStatusInfo; DECLARE_ASN1_FUNCTIONS(PKIStatusInfo) typedef struct { PKIStatusInfo *status; PKCS7 *token; } TimeStampResp; DECLARE_ASN1_FUNCTIONS(TimeStampResp) typedef struct { ASN1_INTEGER *version; MessageImprint *messageImprint; ASN1_OBJECT *reqPolicy; ASN1_INTEGER *nonce; ASN1_BOOLEAN certReq; STACK_OF(X509_EXTENSION) *extensions; } TimeStampReq; DECLARE_ASN1_FUNCTIONS(TimeStampReq) typedef struct { ASN1_INTEGER *seconds; ASN1_INTEGER *millis; ASN1_INTEGER *micros; } TimeStampAccuracy; DECLARE_ASN1_FUNCTIONS(TimeStampAccuracy) typedef struct { ASN1_INTEGER *version; ASN1_OBJECT *policy_id; MessageImprint *messageImprint; ASN1_INTEGER *serial; ASN1_GENERALIZEDTIME *time; TimeStampAccuracy *accuracy; ASN1_BOOLEAN ordering; ASN1_INTEGER *nonce; GENERAL_NAME *tsa; STACK_OF(X509_EXTENSION) *extensions; } TimeStampToken; DECLARE_ASN1_FUNCTIONS(TimeStampToken) typedef struct { ASN1_OCTET_STRING *digest; STACK_OF(CatalogAuthAttr) *attributes; } CatalogInfo; DEFINE_STACK_OF(CatalogInfo) DECLARE_ASN1_FUNCTIONS(CatalogInfo) typedef struct { /* 1.3.6.1.4.1.311.12.1.1 MS_CATALOG_LIST */ SpcAttributeTypeAndOptionalValue *type; ASN1_OCTET_STRING *identifier; ASN1_UTCTIME *time; /* 1.3.6.1.4.1.311.12.1.2 CatalogVersion = 1 * 1.3.6.1.4.1.311.12.1.3 CatalogVersion = 2 */ SpcAttributeTypeAndOptionalValue *version; STACK_OF(CatalogInfo) *header_attributes; /* 1.3.6.1.4.1.311.12.2.1 CAT_NAMEVALUE_OBJID */ ASN1_TYPE *filename; } MsCtlContent; DECLARE_ASN1_FUNCTIONS(MsCtlContent) typedef struct { char *server; const char *port; int use_proxy; int timeout; SSL_CTX *ssl_ctx; } HTTP_TLS_Info; typedef struct file_format_st FILE_FORMAT; typedef struct script_ctx_st SCRIPT_CTX; typedef struct msi_ctx_st MSI_CTX; typedef struct pe_ctx_st PE_CTX; typedef struct cab_ctx_st CAB_CTX; typedef struct cat_ctx_st CAT_CTX; typedef struct appx_ctx_st APPX_CTX; typedef struct { FILE_FORMAT *format; GLOBAL_OPTIONS *options; union { SCRIPT_CTX *script_ctx; MSI_CTX *msi_ctx; PE_CTX *pe_ctx; CAB_CTX *cab_ctx; CAT_CTX *cat_ctx; APPX_CTX *appx_ctx; }; } FILE_FORMAT_CTX; extern FILE_FORMAT file_format_script; extern FILE_FORMAT file_format_msi; extern FILE_FORMAT file_format_pe; extern FILE_FORMAT file_format_cab; extern FILE_FORMAT file_format_cat; extern FILE_FORMAT file_format_appx; struct file_format_st { FILE_FORMAT_CTX *(*ctx_new) (GLOBAL_OPTIONS *option, BIO *hash, BIO *outdata); const EVP_MD *(*md_get) (FILE_FORMAT_CTX *ctx); ASN1_OBJECT *(*data_blob_get) (u_char **p, int *plen, FILE_FORMAT_CTX *ctx); PKCS7 *(*pkcs7_contents_get) (FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md); int (*hash_length_get) (FILE_FORMAT_CTX *ctx); u_char *(*digest_calc) (FILE_FORMAT_CTX *ctx, const EVP_MD *md); int (*verify_digests) (FILE_FORMAT_CTX *ctx, PKCS7 *p7); int (*verify_indirect_data) (FILE_FORMAT_CTX *ctx, SpcAttributeTypeAndOptionalValue *obj); PKCS7 *(*pkcs7_extract) (FILE_FORMAT_CTX *ctx); PKCS7 *(*pkcs7_extract_to_nest) (FILE_FORMAT_CTX *ctx); int (*remove_pkcs7) (FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); int (*process_data) (FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); PKCS7 *(*pkcs7_signature_new) (FILE_FORMAT_CTX *ctx, BIO *hash); int (*append_pkcs7) (FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); void (*update_data_size) (FILE_FORMAT_CTX *data, BIO *outdata, PKCS7 *p7); void (*bio_free) (BIO *hash, BIO *outdata); void (*ctx_cleanup) (FILE_FORMAT_CTX *ctx); int (*is_detaching_supported) (void); }; /* Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: */ osslsigncode-2.9/pe.c000066400000000000000000001225101464004761700146420ustar00rootroot00000000000000/* * PE file support library * * Copyright (C) 2021-2023 Michał Trojnara * Author: Małgorzata Olszówka * * MS PE/COFF documentation * https://docs.microsoft.com/en-us/windows/win32/debug/pe-format */ #include "osslsigncode.h" #include "helpers.h" const u_char classid_page_hash[] = { 0xa6, 0xb5, 0x86, 0xd5, 0xb4, 0xa1, 0x24, 0x66, 0xae, 0x05, 0xa2, 0x17, 0xda, 0x8e, 0x60, 0xd6 }; typedef struct { ASN1_BIT_STRING *flags; SpcLink *file; } SpcPeImageData; DECLARE_ASN1_FUNCTIONS(SpcPeImageData) ASN1_SEQUENCE(SpcPeImageData) = { ASN1_SIMPLE(SpcPeImageData, flags, ASN1_BIT_STRING), ASN1_EXP_OPT(SpcPeImageData, file, SpcLink, 0) } ASN1_SEQUENCE_END(SpcPeImageData) IMPLEMENT_ASN1_FUNCTIONS(SpcPeImageData) struct pe_ctx_st { uint32_t header_size; uint32_t pe32plus; uint16_t magic; uint32_t pe_checksum; uint32_t nrvas; uint32_t sigpos; uint32_t siglen; uint32_t fileend; }; /* FILE_FORMAT method prototypes */ static FILE_FORMAT_CTX *pe_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata); static ASN1_OBJECT *pe_spc_image_data_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx); static PKCS7 *pe_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md); static int pe_hash_length_get(FILE_FORMAT_CTX *ctx); static u_char *pe_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md); static int pe_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7); static int pe_verify_indirect_data(FILE_FORMAT_CTX *ctx, SpcAttributeTypeAndOptionalValue *obj); static PKCS7 *pe_pkcs7_extract(FILE_FORMAT_CTX *ctx); static PKCS7 *pe_pkcs7_extract_to_nest(FILE_FORMAT_CTX *ctx); static int pe_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static int pe_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static PKCS7 *pe_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash); static int pe_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); static void pe_update_data_size(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); static void pe_bio_free(BIO *hash, BIO *outdata); static void pe_ctx_cleanup(FILE_FORMAT_CTX *ctx); static int pe_is_detaching_supported(void); FILE_FORMAT file_format_pe = { .ctx_new = pe_ctx_new, .data_blob_get = pe_spc_image_data_get, .pkcs7_contents_get = pe_pkcs7_contents_get, .hash_length_get = pe_hash_length_get, .digest_calc = pe_digest_calc, .verify_digests = pe_verify_digests, .verify_indirect_data = pe_verify_indirect_data, .pkcs7_extract = pe_pkcs7_extract, .pkcs7_extract_to_nest = pe_pkcs7_extract_to_nest, .remove_pkcs7 = pe_remove_pkcs7, .process_data = pe_process_data, .pkcs7_signature_new = pe_pkcs7_signature_new, .append_pkcs7 = pe_append_pkcs7, .update_data_size = pe_update_data_size, .bio_free = pe_bio_free, .ctx_cleanup = pe_ctx_cleanup, .is_detaching_supported = pe_is_detaching_supported }; /* Prototypes */ static PE_CTX *pe_ctx_get(char *indata, uint32_t filesize); static PKCS7 *pe_pkcs7_get_file(char *indata, PE_CTX *pe_ctx); static uint32_t pe_calc_checksum(BIO *bio, uint32_t header_size); static uint32_t pe_calc_realchecksum(FILE_FORMAT_CTX *ctx); static int pe_modify_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static BIO *pe_digest_calc_bio(FILE_FORMAT_CTX *ctx, const EVP_MD *md); static int pe_page_hash_get(u_char **ph, int *phlen, int *phtype, SpcAttributeTypeAndOptionalValue *obj); static u_char *pe_page_hash_calc(int *rphlen, FILE_FORMAT_CTX *ctx, int phtype); static int pe_verify_page_hash(FILE_FORMAT_CTX *ctx, u_char *ph, int phlen, int phtype); static SpcLink *pe_page_hash_link_get(FILE_FORMAT_CTX *ctx, int phtype); static int pe_check_file(FILE_FORMAT_CTX *ctx); /* * FILE_FORMAT method definitions */ /* * Allocate and return a PE file format context. * [in, out] options: structure holds the input data * [out] hash: message digest BIO * [in] outdata: outdata file BIO * [returns] pointer to PE file format context */ static FILE_FORMAT_CTX *pe_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata) { FILE_FORMAT_CTX *ctx; PE_CTX *pe_ctx; uint32_t filesize; filesize = get_file_size(options->infile); if (filesize == 0) return NULL; /* FAILED */ options->indata = map_file(options->infile, filesize); if (!options->indata) { return NULL; /* FAILED */ } if (memcmp(options->indata, "MZ", 2)) { unmap_file(options->indata, filesize); return NULL; /* FAILED */ } pe_ctx = pe_ctx_get(options->indata, filesize); if (!pe_ctx) { unmap_file(options->indata, filesize); return NULL; /* FAILED */ } ctx = OPENSSL_malloc(sizeof(FILE_FORMAT_CTX)); ctx->format = &file_format_pe; ctx->options = options; ctx->pe_ctx = pe_ctx; /* Push hash on outdata, if hash is NULL the function does nothing */ BIO_push(hash, outdata); if (options->jp >= 0) printf("Warning: -jp option is only valid for CAB files\n"); if (options->add_msi_dse == 1) printf("Warning: -add-msi-dse option is only valid for MSI files\n"); return ctx; } /* * Allocate and return SpcPeImageData object. * [out] p: SpcPeImageData data * [out] plen: SpcPeImageData data length * [in] ctx: structure holds input and output data * [returns] pointer to ASN1_OBJECT structure corresponding to SPC_PE_IMAGE_DATA_OBJID */ static ASN1_OBJECT *pe_spc_image_data_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx) { int phtype; ASN1_OBJECT *dtype; SpcPeImageData *pid = SpcPeImageData_new(); ASN1_BIT_STRING_set_bit(pid->flags, 0, 1); if (ctx->options->pagehash) { SpcLink *link; phtype = NID_sha1; if (EVP_MD_size(ctx->options->md) > EVP_MD_size(EVP_sha1())) phtype = NID_sha256; link = pe_page_hash_link_get(ctx, phtype); if (!link) return NULL; /* FAILED */ pid->file = link; } else { pid->file = spc_link_obsolete_get(); } *plen = i2d_SpcPeImageData(pid, NULL); *p = OPENSSL_malloc((size_t)*plen); i2d_SpcPeImageData(pid, p); *p -= *plen; dtype = OBJ_txt2obj(SPC_PE_IMAGE_DATA_OBJID, 1); SpcPeImageData_free(pid); return dtype; /* OK */ } /* * Allocate and return a data content to be signed. * [in] ctx: structure holds input and output data * [in] hash: message digest BIO * [in] md: message digest algorithm * [returns] data content */ static PKCS7 *pe_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md) { ASN1_OCTET_STRING *content; BIO *bhash; /* squash the unused parameter warning */ (void)hash; bhash = pe_digest_calc_bio(ctx, md); if (!bhash) { return NULL; /* FAILED */ } content = spc_indirect_data_content_get(bhash, ctx); BIO_free_all(bhash); return pkcs7_set_content(content); } /* * [in] ctx: structure holds input and output data * [returns] the size of the message digest when passed an EVP_MD structure (the size of the hash) */ static int pe_hash_length_get(FILE_FORMAT_CTX *ctx) { return EVP_MD_size(ctx->options->md); } /* * Returns a message digest value of a signed or unsigned PE file. * [in] ctx: structure holds input and output data * [in] md: message digest algorithm * [returns] pointer to calculated message digest */ static u_char *pe_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md) { u_char *mdbuf; BIO *bhash = pe_digest_calc_bio(ctx, md); if (!bhash) { return 0; /* FAILED */ } mdbuf = OPENSSL_malloc((size_t)EVP_MD_size(md)); BIO_gets(bhash, (char*)mdbuf, EVP_MD_size(md)); BIO_free_all(bhash); return mdbuf; /* OK */ } /* * Calculate message digest and page_hash and compare to values retrieved * from PKCS#7 signedData. * [in] ctx: structure holds input and output data * [in] p7: PKCS#7 signature * [returns] 0 on error or 1 on success */ static int pe_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) { int mdtype = -1, phtype = -1, phlen = 0; const EVP_MD *md; u_char mdbuf[EVP_MAX_MD_SIZE]; u_char *cmdbuf = NULL; u_char *ph = NULL; if (is_content_type(p7, SPC_INDIRECT_DATA_OBJID)) { ASN1_STRING *content_val = p7->d.sign->contents->d.other->value.sequence; const u_char *p = content_val->data; SpcIndirectDataContent *idc = d2i_SpcIndirectDataContent(NULL, &p, content_val->length); if (idc) { if (!pe_page_hash_get(&ph, &phlen, &phtype, idc->data)) { fprintf(stderr, "Failed to extract a page hash\n\n"); SpcIndirectDataContent_free(idc); return 0; /* FAILED */ } if (idc->messageDigest && idc->messageDigest->digest && idc->messageDigest->digestAlgorithm) { mdtype = OBJ_obj2nid(idc->messageDigest->digestAlgorithm->algorithm); memcpy(mdbuf, idc->messageDigest->digest->data, (size_t)idc->messageDigest->digest->length); } SpcIndirectDataContent_free(idc); } } if (mdtype == -1) { fprintf(stderr, "Failed to extract current message digest\n\n"); OPENSSL_free(ph); return 0; /* FAILED */ } md = EVP_get_digestbynid(mdtype); cmdbuf = pe_digest_calc(ctx, md); if (!cmdbuf) { fprintf(stderr, "Failed to calculate message digest\n\n"); OPENSSL_free(ph); return 0; /* FAILED */ } if (!compare_digests(mdbuf, cmdbuf, mdtype)) { fprintf(stderr, "Signature verification: failed\n\n"); OPENSSL_free(ph); OPENSSL_free(cmdbuf); return 0; /* FAILED */ } if (!pe_verify_page_hash(ctx, ph, phlen, phtype)) { fprintf(stderr, "Signature verification: failed\n\n"); OPENSSL_free(ph); OPENSSL_free(cmdbuf); return 0; /* FAILED */ } OPENSSL_free(ph); OPENSSL_free(cmdbuf); return 1; /* OK */ } /* * Verify page hash. * [in] ctx: structure holds input and output data * [in] obj: SPC_INDIRECT_DATA OID: 1.3.6.1.4.1.311.2.1.4 containing page hash * [returns] 0 on error or 1 on success */ static int pe_verify_indirect_data(FILE_FORMAT_CTX *ctx, SpcAttributeTypeAndOptionalValue *obj) { int phtype = -1, phlen = 0; u_char *ph = NULL; if (!pe_page_hash_get(&ph, &phlen, &phtype, obj)) { fprintf(stderr, "Failed to extract a page hash\n\n"); return 0; /* FAILED */ } if (!pe_verify_page_hash(ctx, ph, phlen, phtype)) { fprintf(stderr, "Page hash verification: failed\n\n"); OPENSSL_free(ph); return 0; /* FAILED */ } OPENSSL_free(ph); return 1; /* OK */ } /* * Extract existing signature in DER format. * [in] ctx: structure holds input and output data * [returns] pointer to PKCS#7 structure */ static PKCS7 *pe_pkcs7_extract(FILE_FORMAT_CTX *ctx) { if (!pe_check_file(ctx)) { return NULL; /* FAILED */ } return pe_pkcs7_get_file(ctx->options->indata, ctx->pe_ctx); } /* * Extract existing signature in DER format. * [in] ctx: structure holds input and output data * [returns] pointer to PKCS#7 structure */ static PKCS7 *pe_pkcs7_extract_to_nest(FILE_FORMAT_CTX *ctx) { return pe_pkcs7_extract(ctx); } /* * Remove existing signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] 1 on error or 0 on success */ static int pe_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { if (!pe_check_file(ctx)) { return 1; /* FAILED, no signature */ } /* Strip current signature */ ctx->pe_ctx->fileend = ctx->pe_ctx->sigpos; if (!pe_modify_header(ctx, hash, outdata)) { fprintf(stderr, "Unable to modify file header\n"); return 1; /* FAILED */ } return 0; /* OK */ } /* * Modify specific type data and calculate a hash (message digest) of data. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] 1 on error or 0 on success */ static int pe_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { if (ctx->pe_ctx->sigpos > 0) { /* Strip current signature */ ctx->pe_ctx->fileend = ctx->pe_ctx->sigpos; } if (!pe_modify_header(ctx, hash, outdata)) { fprintf(stderr, "Unable to modify file header\n"); return 0; /* FAILED */ } return 1; /* OK */ } /* * Create a new PKCS#7 signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [returns] pointer to PKCS#7 structure */ static PKCS7 *pe_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash) { ASN1_OCTET_STRING *content; PKCS7 *p7 = pkcs7_create(ctx); if (!p7) { fprintf(stderr, "Creating a new signature failed\n"); return NULL; /* FAILED */ } if (!add_indirect_data_object(p7)) { fprintf(stderr, "Adding SPC_INDIRECT_DATA_OBJID failed\n"); PKCS7_free(p7); return NULL; /* FAILED */ } content = spc_indirect_data_content_get(hash, ctx); if (!content) { fprintf(stderr, "Failed to get spcIndirectDataContent\n"); return NULL; /* FAILED */ } if (!sign_spc_indirect_data_content(p7, content)) { fprintf(stderr, "Failed to set signed content\n"); PKCS7_free(p7); ASN1_OCTET_STRING_free(content); return NULL; /* FAILED */ } ASN1_OCTET_STRING_free(content); return p7; } /* * Append signature to the outfile. * [in, out] ctx: structure holds input and output data (unused) * [out] outdata: outdata file BIO * [in] p7: PKCS#7 signature * [returns] 1 on error or 0 on success */ static int pe_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) { u_char *p = NULL; int len; /* signature length */ int padlen; /* signature padding length */ u_char buf[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; /* squash the unused parameter warning */ (void)ctx; if (((len = i2d_PKCS7(p7, NULL)) <= 0) || (p = OPENSSL_malloc((size_t)len)) == NULL) { fprintf(stderr, "i2d_PKCS memory allocation failed: %d\n", len); return 1; /* FAILED */ } i2d_PKCS7(p7, &p); p -= len; padlen = len % 8 ? 8 - len % 8 : 0; PUT_UINT32_LE(len + 8 + padlen, buf); PUT_UINT16_LE(WIN_CERT_REVISION_2_0, buf + 4); PUT_UINT16_LE(WIN_CERT_TYPE_PKCS_SIGNED_DATA, buf + 6); BIO_write(outdata, buf, 8); BIO_write(outdata, p, len); /* pad (with 0's) asn1 blob to 8 byte boundary */ if (padlen > 0) { memset(p, 0, (size_t)padlen); BIO_write(outdata, p, padlen); } OPENSSL_free(p); return 0; /* OK */ } /* * Update signature position and size, write back new checksum. * [in, out] ctx: structure holds input and output data * [out] outdata: outdata file BIO * [in] p7: PKCS#7 signature * [returns] none */ static void pe_update_data_size(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) { uint32_t checksum; u_char buf[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; if (p7) { int len = i2d_PKCS7(p7, NULL); int padlen = len % 8 ? 8 - len % 8 : 0; /* Update signature position and size */ (void)BIO_seek(outdata, ctx->pe_ctx->header_size + 152 + ctx->pe_ctx->pe32plus * 16); /* Previous file end = signature table start */ PUT_UINT32_LE(ctx->pe_ctx->fileend, buf); BIO_write(outdata, buf, 4); PUT_UINT32_LE(len + 8 + padlen, buf); BIO_write(outdata, buf, 4); } /* else CMD_REMOVE */ /* write back checksum */ checksum = pe_calc_checksum(outdata, ctx->pe_ctx->header_size); (void)BIO_seek(outdata, ctx->pe_ctx->header_size + 88); PUT_UINT32_LE(checksum, buf); BIO_write(outdata, buf, 4); } /* * Free up an entire message digest BIO chain. * [out] hash: message digest BIO * [out] outdata: outdata file BIO (unused) * [returns] none */ static void pe_bio_free(BIO *hash, BIO *outdata) { /* squash the unused parameter warning */ (void)outdata; BIO_free_all(hash); } /* * Deallocate a FILE_FORMAT_CTX structure and PE format specific structure, * unmap indata file. * [out] ctx: structure holds input and output data * [out] hash: message digest BIO * [in] outdata: outdata file BIO * [returns] none */ static void pe_ctx_cleanup(FILE_FORMAT_CTX *ctx) { unmap_file(ctx->options->indata, ctx->pe_ctx->fileend); OPENSSL_free(ctx->pe_ctx); OPENSSL_free(ctx); } static int pe_is_detaching_supported(void) { return 1; /* OK */ } /* * PE helper functions */ /* * Verify mapped PE file and create PE format specific structure. * [in] indata: mapped PE file * [in] filesize: size of PE file * [returns] pointer to PE format specific structure */ static PE_CTX *pe_ctx_get(char *indata, uint32_t filesize) { PE_CTX *pe_ctx; uint32_t header_size, pe32plus, pe_checksum, nrvas, sigpos, siglen; uint16_t magic; if (filesize < 64) { fprintf(stderr, "Corrupt DOS file - too short\n"); return NULL; /* FAILED */ } /* SizeOfHeaders field specifies the combined size of an MS-DOS stub, PE header, * and section headers rounded up to a multiple of FileAlignment. * SizeOfHeaders must be < filesize and cannot be < 0x0000002C (44) in Windows 7 * because of a bug when checking section names for compatibility purposes */ header_size = GET_UINT32_LE(indata + 60); if (header_size < 44 || header_size > filesize) { fprintf(stderr, "Unexpected SizeOfHeaders field: 0x%08X\n", header_size); return NULL; /* FAILED */ } if (filesize < header_size + 176) { fprintf(stderr, "Corrupt PE file - too short\n"); return NULL; /* FAILED */ } if (memcmp(indata + header_size, "PE\0\0", 4)) { fprintf(stderr, "Unrecognized DOS file type\n"); return NULL; /* FAILED */ } /* Magic field identifies the state of the image file. The most common number is * 0x10B, which identifies it as a normal executable file, * 0x20B identifies it as a PE32+ executable, * 0x107 identifies it as a ROM image (not supported) */ magic = GET_UINT16_LE(indata + header_size + 24); if (magic == 0x20b) { pe32plus = 1; } else if (magic == 0x10b) { pe32plus = 0; } else { fprintf(stderr, "Corrupt PE file - found unknown magic %04X\n", magic); return NULL; /* FAILED */ } /* The image file checksum */ pe_checksum = GET_UINT32_LE(indata + header_size + 88); /* NumberOfRvaAndSizes field specifies the number of data-directory entries * in the remainder of the optional header. Each describes a location and size. */ nrvas = GET_UINT32_LE(indata + header_size + 116 + pe32plus * 16); if (nrvas < 5) { fprintf(stderr, "Can not handle PE files without certificate table resource\n"); return NULL; /* FAILED */ } /* Certificate Table field specifies the attribute certificate table address (4 bytes) and size (4 bytes) */ sigpos = GET_UINT32_LE(indata + header_size + 152 + pe32plus * 16); siglen = GET_UINT32_LE(indata + header_size + 152 + pe32plus * 16 + 4); /* Since fix for MS Bulletin MS12-024 we can really assume that signature should be last part of file */ if ((sigpos != 0 || siglen != 0) && (sigpos == 0 || siglen == 0 || sigpos >= filesize || sigpos + siglen != filesize)) { printf("Warning: Ignoring PE signature not at the end of the file\n"); sigpos = 0; siglen = 0; } pe_ctx = OPENSSL_zalloc(sizeof(PE_CTX)); pe_ctx->header_size = header_size; pe_ctx->pe32plus = pe32plus; pe_ctx->magic = magic; pe_ctx->pe_checksum = pe_checksum; pe_ctx->nrvas = nrvas; pe_ctx->sigpos = sigpos; pe_ctx->siglen = siglen; pe_ctx->fileend = filesize; return pe_ctx; /* OK */ } /* * Retrieve and verify a decoded PKCS#7 structure corresponding * to the existing signature of the PE file. * [in] indata: mapped PE file * [in] pe_ctx: PE format specific structures * [returns] pointer to PKCS#7 structure */ static PKCS7 *pe_pkcs7_get_file(char *indata, PE_CTX *pe_ctx) { uint32_t pos = 0; if (pe_ctx->siglen == 0 || pe_ctx->siglen > pe_ctx->fileend) { fprintf(stderr, "Corrupted signature length: 0x%08X\n", pe_ctx->siglen); return NULL; /* FAILED */ } while (pos < pe_ctx->siglen) { uint32_t len = GET_UINT32_LE(indata + pe_ctx->sigpos + pos); uint16_t certrev = GET_UINT16_LE(indata + pe_ctx->sigpos + pos + 4); uint16_t certtype = GET_UINT16_LE(indata + pe_ctx->sigpos + pos + 6); if (certrev == WIN_CERT_REVISION_2_0 && certtype == WIN_CERT_TYPE_PKCS_SIGNED_DATA) { /* skip 8 bytes from the attribute certificate table */ const u_char *blob = (u_char *)indata + pe_ctx->sigpos + pos + 8; return d2i_PKCS7(NULL, &blob, len - 8); } /* quadword align data */ len += len % 8 ? 8 - len % 8 : 0; pos += len; } return NULL; /* FAILED */ } /* * Calculate checksum. * A signed PE file is padded (with 0's) to 8 byte boundary, * ignore any last odd byte in an unsigned file. * [in] outdata: outdata file BIO * [in] header_size: PE header size * [returns] checksum */ static uint32_t pe_calc_checksum(BIO *outdata, uint32_t header_size) { uint32_t checkSum = 0, offset = 0; int nread; unsigned short *buf = OPENSSL_malloc(SIZE_64K); /* recalculate the checksum */ (void)BIO_seek(outdata, 0); while ((nread = BIO_read(outdata, buf, SIZE_64K)) > 0) { unsigned short val; int i; for (i = 0; i < nread / 2; i++) { val = LE_UINT16(buf[i]); if (offset == header_size + 88 || offset == header_size + 90) val = 0; checkSum += val; checkSum = LOWORD(LOWORD(checkSum) + HIWORD(checkSum)); offset += 2; } } OPENSSL_free(buf); checkSum = LOWORD(LOWORD(checkSum) + HIWORD(checkSum)); checkSum += offset; return checkSum; } /* * Compute a checkSum value of the signed or unsigned PE file. * [in] ctx: structure holds input and output data * [returns] checksum */ static uint32_t pe_calc_realchecksum(FILE_FORMAT_CTX *ctx) { uint32_t n = 0, checkSum = 0, offset = 0; BIO *bio = BIO_new(BIO_s_mem()); unsigned short *buf = OPENSSL_malloc(SIZE_64K); /* calculate the checkSum */ while (n < ctx->pe_ctx->fileend) { size_t i, written, nread; size_t left = ctx->pe_ctx->fileend - n; unsigned short val; if (left > SIZE_64K) left = SIZE_64K; if (!BIO_write_ex(bio, ctx->options->indata + n, left, &written)) goto err; /* FAILED */ (void)BIO_seek(bio, 0); n += (uint32_t)written; if (!BIO_read_ex(bio, buf, written, &nread)) goto err; /* FAILED */ for (i = 0; i < nread / 2; i++) { val = LE_UINT16(buf[i]); if (offset == ctx->pe_ctx->header_size + 88 || offset == ctx->pe_ctx->header_size + 90) { val = 0; } checkSum += val; checkSum = LOWORD(LOWORD(checkSum) + HIWORD(checkSum)); offset += 2; } } checkSum = LOWORD(LOWORD(checkSum) + HIWORD(checkSum)); checkSum += offset; err: OPENSSL_free(buf); BIO_free(bio); return checkSum; } /* * Modify PE header. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] 1 on error or 0 on success */ static int pe_modify_header(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { size_t i, len, written; char *buf; i = len = ctx->pe_ctx->header_size + 88; if (!BIO_write_ex(hash, ctx->options->indata, len, &written) || written != len) { return 0; /* FAILED */ } buf = OPENSSL_malloc(SIZE_64K); memset(buf, 0, 4); BIO_write(outdata, buf, 4); /* zero out checksum */ i += 4; len = 60 + ctx->pe_ctx->pe32plus * 16; if (!BIO_write_ex(hash, ctx->options->indata + i, len, &written) || written != len) { OPENSSL_free(buf); return 0; /* FAILED */ } i += 60 + ctx->pe_ctx->pe32plus * 16; memset(buf, 0, 8); BIO_write(outdata, buf, 8); /* zero out sigtable offset + pos */ i += 8; len = ctx->pe_ctx->fileend - i; while (len > 0) { if (!BIO_write_ex(hash, ctx->options->indata + i, len, &written)) { OPENSSL_free(buf); return 0; /* FAILED */ } len -= written; i += written; } /* pad (with 0's) pe file to 8 byte boundary */ len = 8 - ctx->pe_ctx->fileend % 8; if (len != 8) { memset(buf, 0, len); if (!BIO_write_ex(hash, buf, len, &written) || written != len) { OPENSSL_free(buf); return 0; /* FAILED */ } ctx->pe_ctx->fileend += (uint32_t)len; } OPENSSL_free(buf); return 1; /* OK */ } /* * Compute a message digest value of a signed or unsigned PE file. * [in] ctx: structure holds input and output data * [in] md: message digest algorithm * [returns] calculated message digest BIO */ static BIO *pe_digest_calc_bio(FILE_FORMAT_CTX *ctx, const EVP_MD *md) { size_t written; uint32_t idx = 0, fileend; BIO *bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(bhash); return 0; /* FAILED */ } BIO_push(bhash, BIO_new(BIO_s_null())); if (ctx->pe_ctx->sigpos) fileend = ctx->pe_ctx->sigpos; else fileend = ctx->pe_ctx->fileend; /* ctx->pe_ctx->header_size + 88 + 4 + 60 + ctx->pe_ctx->pe32plus * 16 + 8 */ if (!BIO_write_ex(bhash, ctx->options->indata, ctx->pe_ctx->header_size + 88, &written) || written != ctx->pe_ctx->header_size + 88) { BIO_free_all(bhash); return 0; /* FAILED */ } idx += (uint32_t)written + 4; if (!BIO_write_ex(bhash, ctx->options->indata + idx, 60 + ctx->pe_ctx->pe32plus * 16, &written) || written != 60 + ctx->pe_ctx->pe32plus * 16) { BIO_free_all(bhash); return 0; /* FAILED */ } idx += (uint32_t)written + 8; if (!bio_hash_data(bhash, ctx->options->indata, idx, fileend)) { fprintf(stderr, "Unable to calculate digest\n"); BIO_free_all(bhash); return 0; /* FAILED */ } if (!ctx->pe_ctx->sigpos) { /* pad (with 0's) unsigned PE file to 8 byte boundary */ int len = 8 - ctx->pe_ctx->fileend % 8; if (len > 0 && len != 8) { char *buf = OPENSSL_malloc(8); memset(buf, 0, (size_t)len); BIO_write(bhash, buf, len); OPENSSL_free(buf); } } return bhash; } /* * Page hash support */ /* * Retrieve a page hash from SPC_INDIRECT_DATA structure. * [out] ph: page hash * [out] phlen: page hash length * [out] phtype: NID_sha1 or NID_sha256 * [in] obj: SPC_INDIRECT_DATA OID: 1.3.6.1.4.1.311.2.1.4 containing page hash * [returns] 0 on error or 1 on success */ static int pe_page_hash_get(u_char **ph, int *phlen, int *phtype, SpcAttributeTypeAndOptionalValue *obj) { const u_char *blob; SpcPeImageData *id; SpcSerializedObject *so; int l, l2; char buf[128]; if (!obj || !obj->value) return 0; /* FAILED */ blob = obj->value->value.sequence->data; id = d2i_SpcPeImageData(NULL, &blob, obj->value->value.sequence->length); if (!id) { return 0; /* FAILED */ } if (!id->file) { SpcPeImageData_free(id); return 0; /* FAILED */ } if (id->file->type != 1) { SpcPeImageData_free(id); return 1; /* OK - This is not SpcSerializedObject structure that contains page hashes */ } so = id->file->value.moniker; if (so->classId->length != sizeof classid_page_hash || memcmp(so->classId->data, classid_page_hash, sizeof classid_page_hash)) { SpcPeImageData_free(id); return 0; /* FAILED */ } /* skip ASN.1 SET hdr */ l = asn1_simple_hdr_len(so->serializedData->data, so->serializedData->length); blob = so->serializedData->data + l; obj = d2i_SpcAttributeTypeAndOptionalValue(NULL, &blob, so->serializedData->length - l); SpcPeImageData_free(id); if (!obj) return 0; /* FAILED */ *phtype = 0; buf[0] = 0x00; OBJ_obj2txt(buf, sizeof buf, obj->type, 1); if (!strcmp(buf, SPC_PE_IMAGE_PAGE_HASHES_V1)) { *phtype = NID_sha1; } else if (!strcmp(buf, SPC_PE_IMAGE_PAGE_HASHES_V2)) { *phtype = NID_sha256; } else { SpcAttributeTypeAndOptionalValue_free(obj); return 0; /* FAILED */ } /* Skip ASN.1 SET hdr */ l2 = asn1_simple_hdr_len(obj->value->value.sequence->data, obj->value->value.sequence->length); /* Skip ASN.1 OCTET STRING hdr */ l = asn1_simple_hdr_len(obj->value->value.sequence->data + l2, obj->value->value.sequence->length - l2); l += l2; *phlen = obj->value->value.sequence->length - l; *ph = OPENSSL_malloc((size_t)*phlen); memcpy(*ph, obj->value->value.sequence->data + l, (size_t)*phlen); SpcAttributeTypeAndOptionalValue_free(obj); return 1; /* OK */ } /* * Calculate page hash for the PE file. * [out] rphlen: page hash length * [in] ctx: structure holds input and output data * [in] phtype: NID_sha1 or NID_sha256 * [returns] pointer to calculated page hash */ static u_char *pe_page_hash_calc(int *rphlen, FILE_FORMAT_CTX *ctx, int phtype) { uint16_t nsections, opthdr_size; uint32_t alignment, pagesize, hdrsize; uint32_t rs, ro, l, lastpos = 0; int pphlen, phlen, i, pi = 1; size_t written; u_char *res, *zeroes; char *sections; const EVP_MD *md = EVP_get_digestbynid(phtype); BIO *bhash; /* NumberOfSections indicates the size of the section table, * which immediately follows the headers, can be up to 65535 under Vista and later */ nsections = GET_UINT16_LE(ctx->options->indata + ctx->pe_ctx->header_size + 6); if (nsections == 0) { fprintf(stderr, "Corrupted number of sections: 0x%08X\n", nsections); return NULL; /* FAILED */ } /* FileAlignment is the alignment factor (in bytes) that is used to align * the raw data of sections in the image file. The value should be a power * of 2 between 512 and 64 K, inclusive. The default is 512. */ alignment = GET_UINT32_LE(ctx->options->indata + ctx->pe_ctx->header_size + 60); if (alignment < 512 || alignment > UINT16_MAX) { fprintf(stderr, "Corrupted file alignment factor: 0x%08X\n", alignment); return NULL; /* FAILED */ } /* SectionAlignment is the alignment (in bytes) of sections when they are * loaded into memory. It must be greater than or equal to FileAlignment. * The default is the page size for the architecture. * The large page size is at most 4 MB. * https://devblogs.microsoft.com/oldnewthing/20210510-00/?p=105200 */ pagesize = GET_UINT32_LE(ctx->options->indata + ctx->pe_ctx->header_size + 56); if (pagesize == 0 || pagesize < alignment || pagesize > 4194304) { fprintf(stderr, "Corrupted page size: 0x%08X\n", pagesize); return NULL; /* FAILED */ } /* SizeOfHeaders is the combined size of an MS-DOS stub, PE header, * and section headers rounded up to a multiple of FileAlignment. */ hdrsize = GET_UINT32_LE(ctx->options->indata + ctx->pe_ctx->header_size + 84); if (hdrsize < ctx->pe_ctx->header_size || hdrsize > UINT32_MAX) { fprintf(stderr, "Corrupted headers size: 0x%08X\n", hdrsize); return NULL; /* FAILED */ } /* SizeOfOptionalHeader is the size of the optional header, which is * required for executable files, but for object files should be zero, * and can't be bigger than the file */ opthdr_size = GET_UINT16_LE(ctx->options->indata + ctx->pe_ctx->header_size + 20); if (opthdr_size == 0 || opthdr_size > ctx->pe_ctx->fileend) { fprintf(stderr, "Corrupted optional header size: 0x%08X\n", opthdr_size); return NULL; /* FAILED */ } pphlen = 4 + EVP_MD_size(md); phlen = pphlen * (3 + (int)nsections + (int)(ctx->pe_ctx->fileend / pagesize)); bhash = BIO_new(BIO_f_md()); if (!BIO_set_md(bhash, md)) { fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(bhash); return NULL; /* FAILED */ } BIO_push(bhash, BIO_new(BIO_s_null())); if (!BIO_write_ex(bhash, ctx->options->indata, ctx->pe_ctx->header_size + 88, &written) || written != ctx->pe_ctx->header_size + 88) { BIO_free_all(bhash); return NULL; /* FAILED */ } if (!BIO_write_ex(bhash, ctx->options->indata + ctx->pe_ctx->header_size + 92, 60 + ctx->pe_ctx->pe32plus*16, &written) || written != 60 + ctx->pe_ctx->pe32plus*16) { BIO_free_all(bhash); return NULL; /* FAILED */ } if (!BIO_write_ex(bhash, ctx->options->indata + ctx->pe_ctx->header_size + 160 + ctx->pe_ctx->pe32plus*16, hdrsize - (ctx->pe_ctx->header_size + 160 + ctx->pe_ctx->pe32plus*16), &written) || written != hdrsize - (ctx->pe_ctx->header_size + 160 + ctx->pe_ctx->pe32plus*16)) { BIO_free_all(bhash); return NULL; /* FAILED */ } zeroes = OPENSSL_zalloc((size_t)pagesize); if (!BIO_write_ex(bhash, zeroes, pagesize - hdrsize, &written) || written != pagesize - hdrsize) { BIO_free_all(bhash); OPENSSL_free(zeroes); return NULL; /* FAILED */ } res = OPENSSL_malloc((size_t)phlen); memset(res, 0, 4); BIO_gets(bhash, (char*)res + 4, EVP_MD_size(md)); BIO_free_all(bhash); sections = ctx->options->indata + ctx->pe_ctx->header_size + 24 + opthdr_size; for (i=0; i= UINT32_MAX) { sections += 40; continue; } for (l=0; loptions->indata + ro + l, rs - l, &written) || written != rs - l) { BIO_free_all(bhash); OPENSSL_free(zeroes); OPENSSL_free(res); return NULL; /* FAILED */ } if (!BIO_write_ex(bhash, zeroes, pagesize - (rs - l), &written) || written != pagesize - (rs - l)) { BIO_free_all(bhash); OPENSSL_free(zeroes); OPENSSL_free(res); return NULL; /* FAILED */ } } else { if (!BIO_write_ex(bhash, ctx->options->indata + ro + l, pagesize, &written) || written != pagesize) { BIO_free_all(bhash); OPENSSL_free(zeroes); OPENSSL_free(res); return NULL; /* FAILED */ } } BIO_gets(bhash, (char*)res + pi*pphlen + 4, EVP_MD_size(md)); BIO_free_all(bhash); } lastpos = ro + rs; sections += 40; } PUT_UINT32_LE(lastpos, res + pi*pphlen); memset(res + pi*pphlen + 4, 0, (size_t)EVP_MD_size(md)); pi++; OPENSSL_free(zeroes); *rphlen = pi*pphlen; return res; } /* * Calculate page hash for the PE file, compare with the given value and print values. * [in] ctx: structure holds input and output data * [in] ph: page hash * [in] phlen: page hash length * [in] phtype: NID_sha1 or NID_sha256 * [returns] 0 on error or 1 on success */ static int pe_verify_page_hash(FILE_FORMAT_CTX *ctx, u_char *ph, int phlen, int phtype) { int mdok, cphlen = 0; u_char *cph; if (!ph) return 1; /* OK */ cph = pe_page_hash_calc(&cphlen, ctx, phtype); mdok = (phlen == cphlen) && !memcmp(ph, cph, (size_t)phlen); printf("Page hash algorithm : %s\n", OBJ_nid2sn(phtype)); if (ctx->options->verbose) { print_hash("Page hash ", "", ph, phlen); print_hash("Calculated page hash ", mdok ? "\n" : "... MISMATCH!!!\n", cph, cphlen); } else { print_hash("Page hash ", "...", ph, (phlen < 32) ? phlen : 32); print_hash("Calculated page hash ", mdok ? "...\n" : "... MISMATCH!!!\n", cph, (cphlen < 32) ? cphlen : 32); } OPENSSL_free(cph); return mdok; } /* * Create a new SpcLink structure. * [in] ctx: structure holds input and output data * [in] phtype: NID_sha1 or NID_sha256 * [returns] pointer to SpcLink structure */ static SpcLink *pe_page_hash_link_get(FILE_FORMAT_CTX *ctx, int phtype) { u_char *ph, *p, *tmp; int l, phlen; ASN1_TYPE *tostr; SpcAttributeTypeAndOptionalValue *aval; ASN1_TYPE *taval; SpcSerializedObject *so; SpcLink *link; STACK_OF(ASN1_TYPE) *oset, *aset; ph = pe_page_hash_calc(&phlen, ctx, phtype); if (!ph) { fprintf(stderr, "Failed to calculate page hash\n"); return NULL; /* FAILED */ } if (ctx->options->verbose) print_hash("Calculated page hash ", "", ph, phlen); else print_hash("Calculated page hash ", "...", ph, (phlen < 32) ? phlen : 32); tostr = ASN1_TYPE_new(); tostr->type = V_ASN1_OCTET_STRING; tostr->value.octet_string = ASN1_OCTET_STRING_new(); ASN1_OCTET_STRING_set(tostr->value.octet_string, ph, phlen); OPENSSL_free(ph); oset = sk_ASN1_TYPE_new_null(); sk_ASN1_TYPE_push(oset, tostr); l = i2d_ASN1_SET_ANY(oset, NULL); tmp = p = OPENSSL_malloc((size_t)l); i2d_ASN1_SET_ANY(oset, &tmp); ASN1_TYPE_free(tostr); sk_ASN1_TYPE_free(oset); aval = SpcAttributeTypeAndOptionalValue_new(); aval->type = OBJ_txt2obj((phtype == NID_sha1) ? SPC_PE_IMAGE_PAGE_HASHES_V1 : SPC_PE_IMAGE_PAGE_HASHES_V2, 1); aval->value = ASN1_TYPE_new(); aval->value->type = V_ASN1_SET; aval->value->value.set = ASN1_STRING_new(); ASN1_STRING_set(aval->value->value.set, p, l); OPENSSL_free(p); l = i2d_SpcAttributeTypeAndOptionalValue(aval, NULL); tmp = p = OPENSSL_malloc((size_t)l); i2d_SpcAttributeTypeAndOptionalValue(aval, &tmp); SpcAttributeTypeAndOptionalValue_free(aval); taval = ASN1_TYPE_new(); taval->type = V_ASN1_SEQUENCE; taval->value.sequence = ASN1_STRING_new(); ASN1_STRING_set(taval->value.sequence, p, l); OPENSSL_free(p); aset = sk_ASN1_TYPE_new_null(); sk_ASN1_TYPE_push(aset, taval); l = i2d_ASN1_SET_ANY(aset, NULL); tmp = p = OPENSSL_malloc((size_t)l); l = i2d_ASN1_SET_ANY(aset, &tmp); ASN1_TYPE_free(taval); sk_ASN1_TYPE_free(aset); so = SpcSerializedObject_new(); ASN1_OCTET_STRING_set(so->classId, classid_page_hash, sizeof classid_page_hash); ASN1_OCTET_STRING_set(so->serializedData, p, l); OPENSSL_free(p); link = SpcLink_new(); link->type = 1; link->value.moniker = so; return link; } /* * Print current and calculated PE checksum, * check if the signature exists. * [in, out] ctx: structure holds input and output data * [returns] 0 on error or 1 on success */ static int pe_check_file(FILE_FORMAT_CTX *ctx) { uint32_t real_pe_checksum, sum = 0; if (!ctx) { fprintf(stderr, "Init error\n"); return 0; /* FAILED */ } real_pe_checksum = pe_calc_realchecksum(ctx); if (ctx->pe_ctx->pe_checksum == real_pe_checksum) { printf("PE checksum : %08X\n", real_pe_checksum); } else { printf("Current PE checksum : %08X\n", ctx->pe_ctx->pe_checksum); printf("Calculated PE checksum: %08X\n", real_pe_checksum); printf("Warning: invalid PE checksum\n"); } if (ctx->pe_ctx->sigpos == 0 || ctx->pe_ctx->siglen == 0 || ctx->pe_ctx->sigpos > ctx->pe_ctx->fileend) { fprintf(stderr, "No signature found\n"); return 0; /* FAILED */ } /* * If the sum of the rounded dwLength values does not equal the Size value, * then either the attribute certificate table or the Size field is corrupted. */ while (sum < ctx->pe_ctx->siglen) { uint32_t len = GET_UINT32_LE(ctx->options->indata + ctx->pe_ctx->sigpos + sum); if (ctx->pe_ctx->siglen - len > 8) { fprintf(stderr, "Corrupted attribute certificate table\n"); fprintf(stderr, "Attribute certificate table size : %08X\n", ctx->pe_ctx->siglen); fprintf(stderr, "Attribute certificate entry length: %08X\n\n", len); return 0; /* FAILED */ } /* quadword align data */ len += len % 8 ? 8 - len % 8 : 0; sum += len; } if (sum != ctx->pe_ctx->siglen) { fprintf(stderr, "Corrupted attribute certificate table\n"); fprintf(stderr, "Attribute certificate table size : %08X\n", ctx->pe_ctx->siglen); fprintf(stderr, "Sum of the rounded dwLength values: %08X\n\n", sum); return 0; /* FAILED */ } return 1; /* OK */ } /* Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: */ osslsigncode-2.9/script.c000066400000000000000000000672671464004761700155630ustar00rootroot00000000000000/* * Script file support library * * Copyright (C) 2021-2024 Michał Trojnara */ #include "osslsigncode.h" #include "helpers.h" #include "utf.h" typedef enum {comment_hash, comment_xml, comment_c, comment_not_found} comment_style; typedef struct { const char *extension; comment_style comment; } SCRIPT_FORMAT; const SCRIPT_FORMAT supported_formats[] = { {".ps1", comment_hash}, {".ps1xml", comment_xml}, {".psc1", comment_xml}, {".psd1", comment_hash}, {".psm1", comment_hash}, {".cdxml", comment_xml}, {".mof", comment_c}, {NULL, comment_not_found}, }; const char *signature_header = "SIG # Begin signature block"; const char *signature_footer = "SIG # End signature block"; typedef struct { const char *open; const char *close; } SCRIPT_COMMENT; const SCRIPT_COMMENT comment_text[] = { [comment_hash] = {"# ", ""}, [comment_xml] = {""}, [comment_c] = {"/* ", " */"} }; struct script_ctx_st { const SCRIPT_COMMENT *comment_text; int utf; uint32_t sigpos; uint32_t fileend; }; #define LINE_MAX_LEN 100 /* FILE_FORMAT method prototypes */ static FILE_FORMAT_CTX *script_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata); static ASN1_OBJECT *script_spc_sip_info_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx); static PKCS7 *script_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md); static int script_hash_length_get(FILE_FORMAT_CTX *ctx); static u_char *script_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md); static int script_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7); static PKCS7 *script_pkcs7_extract(FILE_FORMAT_CTX *ctx); static PKCS7 *script_pkcs7_extract_to_nest(FILE_FORMAT_CTX *ctx); static int script_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static int script_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata); static PKCS7 *script_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash); static int script_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7); static void script_bio_free(BIO *hash, BIO *outdata); static void script_ctx_cleanup(FILE_FORMAT_CTX *ctx); static int script_is_detaching_supported(void); FILE_FORMAT file_format_script = { .ctx_new = script_ctx_new, .data_blob_get = script_spc_sip_info_get, .pkcs7_contents_get = script_pkcs7_contents_get, .hash_length_get = script_hash_length_get, .digest_calc = script_digest_calc, .verify_digests = script_verify_digests, .pkcs7_extract = script_pkcs7_extract, .pkcs7_extract_to_nest = script_pkcs7_extract_to_nest, .remove_pkcs7 = script_remove_pkcs7, .process_data = script_process_data, .pkcs7_signature_new = script_pkcs7_signature_new, .append_pkcs7 = script_append_pkcs7, .bio_free = script_bio_free, .ctx_cleanup = script_ctx_cleanup, .is_detaching_supported = script_is_detaching_supported }; /* helper functions */ static SCRIPT_CTX *script_ctx_get(char *indata, uint32_t filesize, const SCRIPT_COMMENT *comment, int utf); static int write_commented(FILE_FORMAT_CTX *ctx, BIO *outdata, const char *data, size_t length); static int write_in_encoding(FILE_FORMAT_CTX *ctx, BIO *outdata, const char *line, size_t length); static size_t utf8_to_utf16(const char *data, size_t len, uint16_t **out_utf16); static size_t utf16_to_utf8(const uint16_t *data, size_t len, char **out_utf8); static BIO *script_digest_calc_bio(FILE_FORMAT_CTX *ctx, const EVP_MD *md); static int script_digest_convert(BIO *hash, FILE_FORMAT_CTX *ctx, size_t len); static int script_write_bio(BIO *data, char *indata, size_t len); static int script_check_file(FILE_FORMAT_CTX *ctx); /* * Allocate and return a script file format context. * [in, out] options: structure holds the input data * [out] hash: message digest BIO * [in] outdata: outdata file BIO (unused) * [returns] pointer to script file format context */ static FILE_FORMAT_CTX *script_ctx_new(GLOBAL_OPTIONS *options, BIO *hash, BIO *outdata) { FILE_FORMAT_CTX *ctx; SCRIPT_CTX *script_ctx; const SCRIPT_FORMAT *fmt; uint32_t filesize; const uint8_t utf16_bom[] = {0xff, 0xfe}; size_t name_len; int utf; /* squash the unused parameter warning */ (void)outdata; /* find out whether our format is supported */ name_len = strlen(options->infile); for (fmt = supported_formats; fmt->comment != comment_not_found; fmt++) { size_t ext_len = strlen(fmt->extension); if(name_len > ext_len && !strcasecmp(options->infile + name_len - ext_len, fmt->extension)) break; } if (fmt->comment == comment_not_found) return NULL; printf("Script file format: %s\n", fmt->extension); filesize = get_file_size(options->infile); if (filesize == 0) return NULL; /* FAILED */ options->indata = map_file(options->infile, filesize); if (!options->indata) { return NULL; /* FAILED */ } utf = memcmp(options->indata, utf16_bom, sizeof utf16_bom) ? 8 : 16; /* initialize script context */ script_ctx = script_ctx_get(options->indata, filesize, comment_text + fmt->comment, utf); if (!script_ctx) { unmap_file(options->indata, filesize); return NULL; /* FAILED */ } /* initialize file format context */ ctx = OPENSSL_malloc(sizeof(FILE_FORMAT_CTX)); memset(ctx, 0, sizeof(FILE_FORMAT_CTX)); ctx->format = &file_format_script; ctx->options = options; ctx->script_ctx = script_ctx; if (hash) BIO_push(hash, BIO_new(BIO_s_null())); /* FIXME: user interface logic belongs to osslsigncode.c */ if (options->pagehash == 1) printf("Warning: -ph option is only valid for PE files\n"); if (options->jp >= 0) printf("Warning: -jp option is only valid for CAB files\n"); return ctx; } /* * Allocate and return SpcSipInfo object. * Subject Interface Package (SIP) is an internal Microsoft API for * transforming arbitrary files into a digestible stream. * These ClassIDs are found in the indirect data section and identify * the type of processor needed to validate the signature. * https://github.com/sassoftware/relic/blob/620d0b75ec67c0158a8a9120950abe04327d922f/lib/authenticode/structs.go#L154 * [out] p: SpcSipInfo data * [out] plen: SpcSipInfo data length * [in] ctx: structure holds input and output data * [returns] pointer to ASN1_OBJECT structure corresponding to SPC_SIPINFO_OBJID */ static ASN1_OBJECT *script_spc_sip_info_get(u_char **p, int *plen, FILE_FORMAT_CTX *ctx) { const u_char SpcUUIDSipInfoPs[] = { 0x1f, 0xcc, 0x3b, 0x60, 0x59, 0x4b, 0x08, 0x4e, 0xb7, 0x24, 0xd2, 0xc6, 0x29, 0x7e, 0xf3, 0x51 }; ASN1_OBJECT *dtype; SpcSipInfo *si = SpcSipInfo_new(); /* squash the unused parameter warning */ (void)ctx; ASN1_INTEGER_set(si->a, 65536); ASN1_INTEGER_set(si->b, 0); ASN1_INTEGER_set(si->c, 0); ASN1_INTEGER_set(si->d, 0); ASN1_INTEGER_set(si->e, 0); ASN1_INTEGER_set(si->f, 0); ASN1_OCTET_STRING_set(si->string, SpcUUIDSipInfoPs, sizeof SpcUUIDSipInfoPs); *plen = i2d_SpcSipInfo(si, NULL); *p = OPENSSL_malloc((size_t)*plen); i2d_SpcSipInfo(si, p); *p -= *plen; dtype = OBJ_txt2obj(SPC_SIPINFO_OBJID, 1); SpcSipInfo_free(si); return dtype; /* OK */ } /* * Allocate and return a data content to be signed. * [in] ctx: structure holds input and output data * [in] hash: message digest BIO * [in] md: message digest algorithm * [returns] data content */ static PKCS7 *script_pkcs7_contents_get(FILE_FORMAT_CTX *ctx, BIO *hash, const EVP_MD *md) { ASN1_OCTET_STRING *content; BIO *bhash; /* squash the unused parameter warning */ (void)hash; bhash = script_digest_calc_bio(ctx, md); if (!bhash) { return NULL; /* FAILED */ } content = spc_indirect_data_content_get(bhash, ctx); BIO_free_all(bhash); return pkcs7_set_content(content); } static int script_hash_length_get(FILE_FORMAT_CTX *ctx) { return EVP_MD_size(ctx->options->md); } /* * Compute a simple sha1/sha256 message digest of the MSI file * for use with a catalog file. * [in] ctx: structure holds input and output data * [in] md: message digest algorithm * [returns] pointer to calculated message digest */ static u_char *script_digest_calc(FILE_FORMAT_CTX *ctx, const EVP_MD *md) { u_char *mdbuf; BIO *hash = BIO_new(BIO_f_md()); if (!BIO_set_md(hash, md)) { fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(hash); return NULL; /* FAILED */ } BIO_push(hash, BIO_new(BIO_s_null())); if (!script_write_bio(hash, ctx->options->indata, ctx->script_ctx->fileend)) { BIO_free_all(hash); return NULL; /* FAILED */ } mdbuf = OPENSSL_malloc((size_t)EVP_MD_size(md)); BIO_gets(hash, (char*)mdbuf, EVP_MD_size(md)); BIO_free_all(hash); return mdbuf; /* OK */ } /* * Calculate the hash and compare to PKCS#7 signedData. * [in] ctx: structure holds input and output data * [in] p7: PKCS#7 signature * [returns] 0 on error or 1 on success */ static int script_verify_digests(FILE_FORMAT_CTX *ctx, PKCS7 *p7) { int mdtype = -1; u_char mdbuf[EVP_MAX_MD_SIZE]; u_char *cmdbuf = NULL; const EVP_MD *md; BIO *bhash; /* FIXME: this shared code most likely belongs in osslsigncode.c */ if (is_content_type(p7, SPC_INDIRECT_DATA_OBJID)) { ASN1_STRING *content_val = p7->d.sign->contents->d.other->value.sequence; const u_char *p = content_val->data; SpcIndirectDataContent *idc = d2i_SpcIndirectDataContent(NULL, &p, content_val->length); if (idc) { if (idc->messageDigest && idc->messageDigest->digest && idc->messageDigest->digestAlgorithm) { mdtype = OBJ_obj2nid(idc->messageDigest->digestAlgorithm->algorithm); memcpy(mdbuf, idc->messageDigest->digest->data, (size_t)idc->messageDigest->digest->length); } SpcIndirectDataContent_free(idc); } } if (mdtype == -1) { fprintf(stderr, "Failed to extract current message digest\n\n"); return 0; /* FAILED */ } md = EVP_get_digestbynid(mdtype); bhash = script_digest_calc_bio(ctx, md); if (!bhash) return 0; /* FAILED */ cmdbuf = OPENSSL_malloc((size_t)EVP_MD_size(md)); BIO_gets(bhash, (char*)cmdbuf, EVP_MD_size(md)); BIO_free_all(bhash); if (!compare_digests(mdbuf, cmdbuf, mdtype)) { fprintf(stderr, "Signature verification: failed\n\n"); OPENSSL_free(cmdbuf); return 0; /* FAILED */ } OPENSSL_free(cmdbuf); return 1; /* OK */ } /* * Extract existing signature in DER format. * [in] ctx: structure holds input and output data * [returns] pointer to PKCS#7 structure */ static PKCS7 *script_pkcs7_extract(FILE_FORMAT_CTX *ctx) { const char *signature_data = ctx->options->indata + ctx->script_ctx->sigpos; size_t signature_len = ctx->script_ctx->fileend - ctx->script_ctx->sigpos; size_t base64_len; char *ptr; BIO *bio_mem, *bio_b64 = NULL; char *base64_data = NULL; char *clean_base64 = NULL; int clean_base64_len = 0; const char *open_tag = ctx->script_ctx->comment_text->open; const char *close_tag = ctx->script_ctx->comment_text->close; size_t open_tag_len = strlen(open_tag); size_t close_tag_len = strlen(close_tag); size_t signature_header_len = strlen(signature_header); size_t signature_footer_len = strlen(signature_footer); PKCS7 *retval = NULL; if (!script_check_file(ctx)) { return NULL; /* FAILED, no signature */ } /* extract Base64 signature */ if (ctx->script_ctx->utf == 8) { base64_len = signature_len; base64_data = OPENSSL_malloc(base64_len); memcpy(base64_data, signature_data, base64_len); } else { base64_len = utf16_to_utf8((const void *)signature_data, signature_len, &base64_data); } /* allocate memory for cleaned Base64 */ clean_base64 = OPENSSL_malloc(base64_len); if (!clean_base64) { fprintf(stderr, "Malloc failed\n"); goto cleanup; } /* copy clean Base64 data */ for (ptr = base64_data;;) { /* find the opening tag */ for(;;) { if (ptr + open_tag_len >= base64_data + base64_len) { fprintf(stderr, "Signature line too long\n"); goto cleanup; } if (!memcmp(ptr, open_tag, (size_t)open_tag_len)) { ptr += open_tag_len; break; } ptr++; } /* process signature_header and signature_footer */ if (ptr + signature_header_len < base64_data + base64_len && !memcmp(ptr, signature_header, signature_header_len)) ptr += signature_header_len; if (ptr + signature_footer_len <= base64_data + base64_len && !memcmp(ptr, signature_footer, signature_footer_len)) break; /* success */ /* copy until the closing tag */ for(;;) { if (ptr + close_tag_len >= base64_data + base64_len) { fprintf(stderr, "Signature line too long\n"); goto cleanup; } if (close_tag_len) { if (!memcmp(ptr, close_tag, (size_t)close_tag_len)) { ptr += close_tag_len; break; } } if (*ptr == '\r') { ptr++; } else if (*ptr == '\n') { ptr++; break; } else { clean_base64[clean_base64_len++] = *ptr++; } } } /* prepare for Base64 decoding */ bio_mem = BIO_new_mem_buf(clean_base64, clean_base64_len); bio_b64 = BIO_new(BIO_f_base64()); BIO_push(bio_b64, bio_mem); BIO_set_flags(bio_b64, BIO_FLAGS_BASE64_NO_NL); /* decode DER */ retval = d2i_PKCS7_bio(bio_b64, NULL); cleanup: OPENSSL_free(base64_data); OPENSSL_free(clean_base64); BIO_free_all(bio_b64); return retval; } /* * Extract existing signature in DER format. * [in] ctx: structure holds input and output data * [returns] pointer to PKCS#7 structure */ static PKCS7 *script_pkcs7_extract_to_nest(FILE_FORMAT_CTX *ctx) { return script_pkcs7_extract(ctx); } /* * Remove existing signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] 1 on error or 0 on success */ static int script_remove_pkcs7(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { /* squash the unused parameter warning */ (void)hash; if (!script_check_file(ctx)) { return 1; /* FAILED, no signature */ } if (!script_write_bio(outdata, ctx->options->indata, ctx->script_ctx->sigpos)) { return 1; /* FAILED */ } return 0; /* OK */ } /* * Initialize outdata file and calculate a hash (message digest) of data. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] 1 on error or 0 on success */ static int script_process_data(FILE_FORMAT_CTX *ctx, BIO *hash, BIO *outdata) { if (ctx->script_ctx->sigpos > 0) { /* Strip current signature */ ctx->script_ctx->fileend = ctx->script_ctx->sigpos; } if (!script_write_bio(outdata, ctx->options->indata, ctx->script_ctx->fileend)) return 0; /* FAILED */ if (!script_digest_convert(hash, ctx, ctx->script_ctx->fileend)) return 0; /* FAILED */ return 1; /* OK */ } /* * Create a new PKCS#7 signature. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [returns] pointer to PKCS#7 structure */ static PKCS7 *script_pkcs7_signature_new(FILE_FORMAT_CTX *ctx, BIO *hash) { ASN1_OCTET_STRING *content; PKCS7 *p7 = pkcs7_create(ctx); if (!p7) { fprintf(stderr, "Creating a new signature failed\n"); return NULL; /* FAILED */ } if (!add_indirect_data_object(p7)) { fprintf(stderr, "Adding SPC_INDIRECT_DATA_OBJID failed\n"); PKCS7_free(p7); return NULL; /* FAILED */ } content = spc_indirect_data_content_get(hash, ctx); if (!content) { fprintf(stderr, "Failed to get spcIndirectDataContent\n"); return NULL; /* FAILED */ } if (!sign_spc_indirect_data_content(p7, content)) { fprintf(stderr, "Failed to set signed content\n"); PKCS7_free(p7); ASN1_OCTET_STRING_free(content); return NULL; /* FAILED */ } ASN1_OCTET_STRING_free(content); return p7; } /* * Append signature to the outfile. * [in, out] ctx: structure holds input and output data * [out] outdata: outdata file BIO * [in] p7: PKCS#7 signature * [returns] 1 on error or 0 on success */ static int script_append_pkcs7(FILE_FORMAT_CTX *ctx, BIO *outdata, PKCS7 *p7) { BIO *bio, *b64; BUF_MEM *buffer; size_t i; static const char crlf[] = {0x0d, 0x0a}; int ret = 1; /* convert to BASE64 */ b64 = BIO_new(BIO_f_base64()); /* BIO for base64 encoding */ if (!b64) return 1; /* FAILED */ BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); bio = BIO_new(BIO_s_mem()); /* BIO to hold the base64 data */ if (!bio) { BIO_free(b64); return 1; /* FAILED */ } bio = BIO_push(b64, bio); /* chain base64 BIO onto memory BIO */ if (!i2d_PKCS7_bio(bio, p7)) { BIO_free_all(bio); return 1; /* FAILED */ } (void)BIO_flush(bio); BIO_get_mem_ptr(bio, &buffer); (void)BIO_set_close(bio, BIO_NOCLOSE); /* split to individual lines and write to outdata */ if (!write_commented(ctx, outdata, signature_header, strlen(signature_header))) goto cleanup; for (i = 0; i < buffer->length; i += 64) { if (!write_commented(ctx, outdata, buffer->data + i, buffer->length - i < 64 ? buffer->length - i : 64)) { goto cleanup; } } if (!write_commented(ctx, outdata, signature_footer, strlen(signature_footer))) goto cleanup; /* signtool expects CRLF terminator at the end of the text file */ if (!write_in_encoding(ctx, outdata, crlf, sizeof crlf)) goto cleanup; ret = 0; /* OK */ cleanup: BUF_MEM_free(buffer); BIO_free_all(bio); return ret; } /* * Free up an entire outdata BIO chain. * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] none */ static void script_bio_free(BIO *hash, BIO *outdata) { BIO_free_all(hash); BIO_free_all(outdata); } /* * Deallocate a FILE_FORMAT_CTX structure and script format specific structures. * [in, out] ctx: structure holds input and output data * [out] hash: message digest BIO * [out] outdata: outdata file BIO * [returns] none */ static void script_ctx_cleanup(FILE_FORMAT_CTX *ctx) { unmap_file(ctx->options->indata, ctx->script_ctx->fileend); OPENSSL_free(ctx->script_ctx); OPENSSL_free(ctx); } static int script_is_detaching_supported(void) { return 1; /* OK */ } /* * Script helper functions */ static SCRIPT_CTX *script_ctx_get(char *indata, uint32_t filesize, const SCRIPT_COMMENT *comment, int utf) { SCRIPT_CTX *script_ctx; const char *input_pos, *signature_pos, *ptr; uint32_t line[LINE_MAX_LEN], commented_header[40], cr, lf; size_t sig_pos = 0, line_pos = 0, commented_header_len = 0; size_t commented_header_size = sizeof commented_header / sizeof(uint32_t); utf8DecodeRune("\r", 1, &cr); utf8DecodeRune("\n", 1, &lf); /* compute runes for the commented signature header */ for (ptr = comment->open; *ptr && commented_header_len < commented_header_size; commented_header_len++) ptr = utf8DecodeRune(ptr, 1, commented_header + commented_header_len); for (ptr = signature_header; *ptr && commented_header_len < commented_header_size; commented_header_len++) ptr = utf8DecodeRune(ptr, 1, commented_header + commented_header_len); for (ptr = comment->close; *ptr && commented_header_len < commented_header_size; commented_header_len++) ptr = utf8DecodeRune(ptr, 1, commented_header + commented_header_len); /* find the signature header */ for (signature_pos = input_pos = indata; input_pos < indata + filesize; ) { const char *input_prev = input_pos; input_pos = utf == 8 ? utf8DecodeRune(input_pos, (size_t)(indata + filesize - input_pos), line + line_pos) : (const char *)utf16DecodeRune((const void *)input_pos, (size_t)(indata + filesize - input_pos)/2, line + line_pos); if (!memcmp(line + line_pos, &lf, sizeof lf)) { if (line_pos >= commented_header_len && !memcmp(line, commented_header, commented_header_len * sizeof(uint32_t))) { sig_pos = (size_t)(signature_pos - indata); if (!memcmp(line + line_pos - 1, &cr, sizeof cr)) sig_pos -= (size_t)utf / 8; break; /* SUCCEEDED */ } line_pos = 0; signature_pos = input_prev; /* previous line */ } else if (line_pos < LINE_MAX_LEN - 1) { line_pos++; /* we can ignore lines longer than our buffer */ } } printf("Signature position: %zu\n", sig_pos); script_ctx = OPENSSL_malloc(sizeof(SCRIPT_CTX)); script_ctx->comment_text = comment; script_ctx->utf = utf; script_ctx->fileend = filesize; script_ctx->sigpos = (uint32_t)sig_pos; return script_ctx; /* OK */ } /* write a commented line to the bio: * - prepend with CRLF ("\r\n") * - add opening/closing comment tags * - adjust encoding if needed * [returns] 0 on error or 1 on success */ static int write_commented(FILE_FORMAT_CTX *ctx, BIO *outdata, const char *data, size_t length) { const char *open_tag = ctx->script_ctx->comment_text->open; const char *close_tag = ctx->script_ctx->comment_text->close; size_t open_tag_len = strlen(open_tag); size_t close_tag_len = strlen(close_tag); char *line; /* the buffer needs to be long enough for: * - CRLF ("\r\n") * - opening tag * - up to 64 bytes of data * - closing tag * - trailing NUL ("\0") */ line = OPENSSL_malloc(2 + open_tag_len + length + close_tag_len + 1); strcpy(line, "\r\n"); strcat(line, open_tag); memcpy(line + 2 + open_tag_len, data, length); line[2 + open_tag_len + length] = '\0'; strcat(line, close_tag); /* adjust encoding */ if (!write_in_encoding(ctx, outdata, line, strlen(line))) { OPENSSL_free(line); return 0; /* FAILED */ } OPENSSL_free(line); return 1; /* OK */ } /* adjust encoding if needed * [returns] 0 on error or 1 on success */ static int write_in_encoding(FILE_FORMAT_CTX *ctx, BIO *outdata, const char *line, size_t length) { size_t written; if (ctx->script_ctx->utf == 8) { if (!BIO_write_ex(outdata, line, length, &written) || written != length) { return 0; /* FAILED */ } } else { uint16_t *utf16_data = NULL; size_t utf16_len = utf8_to_utf16(line, length, &utf16_data); if (!BIO_write_ex(outdata, utf16_data, utf16_len, &written) || written != utf16_len) { OPENSSL_free(utf16_data); return 0; /* FAILED */ } OPENSSL_free(utf16_data); } return 1; /* OK */ } /* convert len bytes of UTF-8 to UTF-16 * return the number of output bytes */ static size_t utf8_to_utf16(const char *data, size_t len, uint16_t **out_utf16) { size_t utf16_len = utf8UTF16Count(data, len); *out_utf16 = OPENSSL_malloc(utf16_len * sizeof(uint16_t)); if (!*out_utf16) return 0; /* memory allocation failed */ const char *s = data; uint16_t *d = *out_utf16; uint32_t rune; size_t remaining_len = len; while (remaining_len > 0) { s = utf8DecodeRune(s, remaining_len, &rune); if (!s || s < data) break; /* invalid UTF-8 sequence */ size_t consumed = (size_t)(s - data); remaining_len -= consumed; data = s; d += utf16EncodeRune(rune, d); } return (size_t)(2 * (d - *out_utf16)); } /* convert len bytes of UTF-16 to UTF-8 * return the number of output bytes */ static size_t utf16_to_utf8(const uint16_t *data, size_t len, char **out_utf8) { size_t utf8_len = utf16UTF8Count(data, len/2); *out_utf8 = OPENSSL_malloc(utf8_len); if (!*out_utf8) return 0; /* memory allocation failed */ const uint16_t *s = data; char *d = *out_utf8; uint32_t rune; size_t remaining_len = len/2; while (remaining_len > 0) { s = utf16DecodeRune(s, remaining_len, &rune); if (!s || s < data) break; /* invalid UTF-16 sequence */ size_t consumed = (size_t)(s - data); remaining_len -= consumed; data = s; d += utf8EncodeRune(rune, d); } return (size_t)(d - *out_utf8); } /* * Compute a message digest value of a signed or unsigned script file. * [in] ctx: structure holds input and output data * [in] md: message digest algorithm * [returns] calculated message digest BIO */ static BIO *script_digest_calc_bio(FILE_FORMAT_CTX *ctx, const EVP_MD *md) { size_t fileend; BIO *hash = BIO_new(BIO_f_md()); if (ctx->script_ctx->sigpos) fileend = ctx->script_ctx->sigpos; else fileend = ctx->script_ctx->fileend; if (!BIO_set_md(hash, md)) { fprintf(stderr, "Unable to set the message digest of BIO\n"); BIO_free_all(hash); return NULL; /* FAILED */ } BIO_push(hash, BIO_new(BIO_s_null())); if (!script_digest_convert(hash, ctx, fileend)) { fprintf(stderr, "Unable calc a message digest value\n"); BIO_free_all(hash); return NULL; /* FAILED */ } return hash; } /* * Compute a message digest value * [in, out] hash: message digest BIO * [in] ctx: structure holds input and output data * [in] len: mapped file length * [returns] 0 on error or 1 on success */ static int script_digest_convert(BIO *hash, FILE_FORMAT_CTX *ctx, size_t len) { if (ctx->script_ctx->utf == 8) { /* need to convert to UTF-16 */ uint16_t *utf16_data = NULL; size_t utf16_len = utf8_to_utf16(ctx->options->indata, len, &utf16_data); if (!script_write_bio(hash, (char *)utf16_data, utf16_len)) { OPENSSL_free(utf16_data); return 0; /* FAILED */ } OPENSSL_free(utf16_data); } else { /* already UTF-16 -> no need to convert */ if (!script_write_bio(hash, ctx->options->indata, len)) { return 0; /* FAILED */ } } return 1; /* OK */ } /* * Write len bytes from data to BIO * [in, out] bio: message digest or outdata BIO * [in] indata: mapped file * [in] len: indata length * [returns] 0 on error or 1 on success */ static int script_write_bio(BIO *bio, char *indata, size_t len) { size_t i = 0, written; while (len > 0) { if (!BIO_write_ex(bio, indata + i, len, &written)) return 0; /* FAILED */ len -= written; i += written; } return 1; /* OK */ } /* * Check if the signature exists. * [in, out] ctx: structure holds input and output data * [returns] 0 on error or 1 on success */ static int script_check_file(FILE_FORMAT_CTX *ctx) { if (!ctx) { fprintf(stderr, "Init error\n"); return 0; /* FAILED */ } if (ctx->script_ctx->sigpos == 0 || ctx->script_ctx->sigpos > ctx->script_ctx->fileend) { fprintf(stderr, "No signature found\n"); return 0; /* FAILED */ } return 1; /* OK */ } /* Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: */ osslsigncode-2.9/tests/000077500000000000000000000000001464004761700152335ustar00rootroot00000000000000osslsigncode-2.9/tests/.gitignore000066400000000000000000000000261464004761700172210ustar00rootroot00000000000000__pycache__ .pylintrc osslsigncode-2.9/tests/certs/000077500000000000000000000000001464004761700163535ustar00rootroot00000000000000osslsigncode-2.9/tests/certs/ca-bundle.crt000066400000000000000000000053131464004761700207210ustar00rootroot00000000000000# Certum Trusted Network CA -----BEGIN CERTIFICATE----- MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3 WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8 J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI 03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= -----END CERTIFICATE----- # DigiCert Assured ID Root CA -----BEGIN CERTIFICATE----- MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe +o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== -----END CERTIFICATE----- osslsigncode-2.9/tests/check_cryptography.py000066400000000000000000000017221464004761700214770ustar00rootroot00000000000000#!/usr/bin/python3 """Check cryptography module.""" import sys try: import cryptography print(cryptography.__version__, end="") except ModuleNotFoundError as ierr: print("Module not installed: {}".format(ierr)) sys.exit(1) except ImportError as ierr: print("Module not found: {}".format(ierr)) sys.exit(1) class UnsupportedVersion(Exception): """Unsupported version""" def main() -> None: """Check python3-cryptography version""" try: version = tuple(int(num) for num in cryptography.__version__.split('.')) if version < (37, 0, 2): raise UnsupportedVersion("unsupported python3-cryptography version") except UnsupportedVersion as err: print(" {}".format(err), end="") sys.exit(1) if __name__ == '__main__': main() # pylint: disable=pointless-string-statement """Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: """ osslsigncode-2.9/tests/client_http.py000066400000000000000000000023541464004761700201260ustar00rootroot00000000000000#!/usr/bin/python3 """Implementation of a HTTP client""" import os import sys import http.client RESULT_PATH = os.getcwd() def main() -> None: """Creating a POST Request""" ret = 0 try: file_path = os.path.join(RESULT_PATH, "./Testing/logs/url.log") with open(file_path, mode="r", encoding="utf-8") as file: url = file.readline() host, port = url.split(":") conn = http.client.HTTPConnection(host, port) conn.request('POST', '/kill_server') response = conn.getresponse() print("HTTP status code:", response.getcode(), end=', ') try: text = response.read() print(text.decode("UTF-8"), end='', flush=True) except OSError as err: print(f"Warning: {err}") conn.close() except OSError as err: print(f"OSError: {err}") ret = err.errno except Exception as err: # pylint: disable=broad-except print(f"HTTP client error: {err}") ret = err finally: sys.exit(ret) if __name__ == '__main__': main() # pylint: disable=pointless-string-statement """ Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: """ osslsigncode-2.9/tests/conf/000077500000000000000000000000001464004761700161605ustar00rootroot00000000000000osslsigncode-2.9/tests/conf/.gitignore000066400000000000000000000000061464004761700201440ustar00rootroot00000000000000*.log osslsigncode-2.9/tests/conf/openssl_tsa.cnf000066400000000000000000000031321464004761700212010ustar00rootroot00000000000000# OpenSSL Timestamp Authority configuration file oid_section = new_oids [ new_oids ] tsa_policy1 = 1.2.3.4.1 tsa_policy2 = 1.2.3.4.5.6 tsa_policy3 = 1.2.3.4.5.7 [ req ] # Options for the `req` tool default_bits = 2048 encrypt_key = yes default_md = sha256 utf8 = yes string_mask = utf8only prompt = no distinguished_name = ca_distinguished_name [ ca_distinguished_name ] countryName = "PL" organizationName = "osslsigncode" organizationalUnitName = "Timestamp Authority" commonName = "Test TSA" # Time Stamping Authority command "openssl-ts" [ tsa ] default_tsa = tsa_config [ tsa_config ] dir = ./Testing/certs signer_cert = $dir/TSA.pem signer_key = $dir/TSA.key certs = $dir/tsa-chain.pem serial = $dir/tsa-serial default_policy = tsa_policy1 other_policies = tsa_policy2, tsa_policy3 signer_digest = sha256 digests = sha256, sha384, sha512 accuracy = secs:1, millisecs:500, microsecs:100 ordering = yes tsa_name = yes ess_cert_id_chain = yes ess_cert_id_alg = sha256 crypto_device = builtin osslsigncode-2.9/tests/exec.py000066400000000000000000000023721464004761700165350ustar00rootroot00000000000000#!/usr/bin/python3 """Implementation of a single ctest script.""" import sys from subprocess import Popen, PIPE def parse(value): """Read parameter from file.""" prefix = 'FILE ' if value.startswith(prefix): with open(value[len(prefix):], mode="r", encoding="utf-8") as file: return file.read().strip() return value def main() -> None: """Run osslsigncode with its options.""" if len(sys.argv) > 1: try: params = map(parse, sys.argv[1:]) proc = Popen(params, stdout=PIPE, stderr=PIPE, text=True) stdout, stderr = proc.communicate() print(stdout, file=sys.stderr) if stderr: print("Error:\n" + "-" * 58 + "\n" + stderr, file=sys.stderr) sys.exit(proc.returncode) except Exception as err: # pylint: disable=broad-except # all exceptions are critical print(err, file=sys.stderr) else: print("Usage:\n\t{} COMMAND [ARG]...'".format(sys.argv[0]), file=sys.stderr) sys.exit(1) if __name__ == "__main__": main() # pylint: disable=pointless-string-statement """Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: """ osslsigncode-2.9/tests/files/000077500000000000000000000000001464004761700163355ustar00rootroot00000000000000osslsigncode-2.9/tests/files/unsigned.256appx000066400000000000000000005504051464004761700213110ustar00rootroot00000000000000PK-`V unsigned.exe xE0=dBz2d(Q$@N BYCęHv]]vu]uu ޸8@. E/z`BNU%wy}Ω˩S:e#fFO00[b gވ3a k3`yibYU CQayyhXRlrJ 9K:  qiWd ßI`$(0xOXa a сp|Pb)QO _e52L%?=0O?^.],߫ }g18}iX :!80y*{$$N OoqVz%GQiahZo")D%~*t\ub_z)к<]T/=gn3Je]:,׋]7%fV=54_^uft1@O}$X~|r|Sn ὘RwnG^S;~Q?)],/QTrl)K3O&paJ1ɹXgdYt75b\=:%drR+xv$;;d3=yʏSLN!-X\Ǩ߱1gZ` RAJ0xf'B&s%XBmTK"cXoy]Q;<|֑ԞCw=Bb9Uǎ6Gq*-YY}zMXm:t@dCJ`R̃G0ܡ,[jpȷ@.5&_Aw3EshDFL h[{EwMTOȫЪxBjQX|AG2I\ 4Mdnj?vo<ײdt ٍn'_ZsDp6'_r;`<mضcdR;c4L6V߆ɮN't&0K-J=EZm.Igs=5-_r99;nM+qH@UO+7pDG!3 3Zڽ/*zMmà%(x@\Ppة9ӟL;XT$oq!ٓ6C82΁,νp?"9[^v=[wFr.С@#o0xElg,tHt$Bw,vۛ8ɳ$ÿ;K׉lACJ(4^' e1.4NjV'OR*+4Nb|NgGE0ԟə#3 :tWZLg8j}#J4exty{eKNEkVgq/C~qS2;ўvz^%$jzf6$5 S!`u;Q$dWz^$/2_ەz|$# B~\i*L"؀D~X-N&Sј G›*ci~qP ٗ$ PsG8AvJ8>}5d ,B:7!@hk^!} HX0)dd[ "K`f4 ibV*UB>A@(QMK*5J'6B뻡iN +HvΞhOK+`f0syGc炔'U#1),?v8 ܢi KmQ {psd$@bAgrނ&skB_gQgRlD;yl=R'Kn_d.=o&)U s1$"ok1qC~4Q@3R36#N2,4rP mwa *uyA)?[ ~4ޭ= 48Z@ʺd|򎣁#"=R\@}{d}c+!aSA$t=d:#{ @'lb|`>-Z !$SќO4\aߓ߽Hc{QiѨ ኢFWR.JJ!ǑOj"h&ovSw 2 =T=,/ \N4٤Hhd'!٩V&,=R&u\ek'NB8]h;2;ynf K\[f([P`ɂv]:`7}"O@B#%hck#5!|b*'˿Yug*8S'G%xOy7naѢ7byξSxR; '~ Y0@q7P ^J:Cae8}7mR_7p3e7 ]f7n>ʹ6aqdBJvS7oգk+y.0٤~ T/2PAH y=$AL|%"/qtT$8O@,CcxH "K)5mVWWD~Bx̠ݷf:/@C>HƊwR96vK,:g::'o.'XXC=DT_JAwezJ 8&Lz>.B c^/0+-11#L;Z(FHA4'T@5qX[CkÍPef0^pN@KG jC^9؏-<+huߎ bN_x]ZpRBC7hj6ਣD߂GGMtP%HH?\3BȕR 'HcCDN?8W z׿.~ RI?F!$tMOţ6qӂsX[XbnQ0Dy,er_Vi{T dqT#.Q8݋a{Ǵ~B;[ӆ7_䞆; .% _}:Q0rg[ rqhT9os]L/ Jݶ{ޣ?0G !zuV0ï)q>``īIO_\,L;& mӇ?{6 MN_ٙJ򳻏{t3$[ RmftnQ] aeu4 &5@STQV<ƹ`i e<Ȓs$ڇbe&ټ8Г?D_Ի#4#ssy^nTjHMrwܦ\>*2mTIlP??D~[@fph[lGE8k5a~Ao7-ZQ3I-xRPyWKl1)Mp!A s!gχ{i }lZnbo\0CtآOz1(%5 }1(3Uv&0Bq=/mlF0kqƣWsm,*.hH`¯1Vp6`A^pNCxGGu-yAJJ XFsb;Gq>1u(Kxc}ka2 2;A tQS"` [b87v9C,}9&a ʾҏk/C31TWa>i7ت+O,AH?Ά9:55*h*peXA2#F1HgY/h;ܓl/t6ԣz@s:N&F?uG6Dr4 =]~] ,CdQ|W!(Fe+sEsL!>{-ฆ JSw| k?ηBW"uYmBt>67m%ُf-@$QGz DgSt'Fs+[`L 8d[nd"T{/j,\m+*,<Y8 zRof{fԡMT?ϜGD3G[Gwk2Lވ {rth;/_}j}k-{3} JJIlW< 8}C'7>c7)8h}s xa;\LDI?K g+ uvN{.}MCmnP.*wJuqm[/ ?\o v sѳقţw u"`,3P } ^:sf !xV(Q*rLgfz5ܝ.+70wJ;Q-겢3pI.z ?0^_wbCX{=+\25\/cL> V=p+áQm 4}&IvdbS] i\G'81ø..֤VC O/:"2泜 @{Rp3ksf71'_uNtш?8V#zr_"$#SR28ymbؿ`;W:\C=n?mlpdيK䅭xH< tt8;uz|H8<jkd>\ϑ:9^]jzFAPJI΁oyoz6}@p;V'zxW -ÃF?Oތy2w cvO}y{Ej<}az_}-L4"} {EkBGjvpgQ&E T谿C:ŝ@'b8+g@75v8d@ Ώt#߿¥&atQ~b?Uc?Srz:߯N(.CfrFr. RNZ Iv]CCւh;v~QH[ߗOdc7aJnj(m0!piཇ|' C:O,]z X]*3VJ@^Gj.# AH#:+Wg& Z=EXw㒈Pɹ눾Y$Vɍ $4mLm߅>LcI !l]0>Ch̠5'X(-B|R $u%9?j\fP]vq ]ImZK, d q~YO5hq '@J^ޣy[)_ҝ,n/&]lCyW} y!~9w`ZεT0щQIU~0.ր%mKm["Cv0QջΓ-03#ZTh/[kI`T}B*W2v#M1"-/_wP[[js9BU3];( Ig7 >XG5b/wPYxVa㿝`w IZQH)h!%T ڀ}M8IBJpdmcRƎoyX t^^^)(w`r_ ܫ8͗+ښ͟CoJ M%h7f,F){S@}Oh0O'3_AzJe{“Bc<4Jt0nqrՈH/͌_Oa)? Ze!/P% GX- ۚPyC(3PF:c֎p7=huŴD<*B,! Ud*+g. msXF5sb$"?) ;a^DKuP ٬#T#T3@=>TF&c$ J7%:_a Ԯt4n\hkgPQ'ikiTlQ)={?B;,JȖ S87JW+R+h_:ME6vBj!l1?Tjp5XMA"Cd+kRG߼1]Ȏ+`VQ6'Qy"NBsv涪{xo$Ggs56 {ڤO K9@P1 =1˘AN|(,}&O%۪TLɐdg"u}2 8H \r0x?^.,Hr9|8 &-"Q\I UsqQ{♰ŀr; 9y>ٔckmR+55gOy&E`WM>ȏ͇޻ \v*լ} briA􉳇/W<*IZ{do;3$9ʿp3? Gω~-PXn!]ǔܚ&}+\=|ԎKhό03ng3XMq|} ([[`w*pA[ _ǴXG=^s7?7Q]˭Y, LЬ,mRԆ vcͭ;H&DLt2:Kl\yT*=BM)8xa31B#|/"5"u4 ;ĈYx (~ JZe2n ceQH``rRg ACFtQzVGx[@*+a)=<ϿkkWsA[if7*F 9Gh9Ky ChLZعhXJa4dbY  ͊iT@^3&W:Lk KԆIV(Z9eAi2U3Ha[7v8ڐ]Il ?مڨ0g,j8ikўyB$͡b{sІ Zz% <‰Mo{< b Ĥٔ06nK*q{lxހ{;+Q?i5cm8-Cx769/#RPv|k۔Du0i1gLy?c8NW\`݀Y5,H$Riy%]x --0 9{0z7}jfb:X^C{o;dN@Isf p|{ Ѐ=_.x:Ϛ9kN Eq. ^9 ұ\M@ޟ@b1js=D2\ġvxAͳ a&c"2B} Y~U0xi("Ԑ%dQm (BkH.nzj 89M$t;xtҏ D ys8JdMC, DEqRcx@ Ր7aTCx dR7LO#KyG`dpP+Z6H9ࠃ L n3(|dŭWDNrX[wHo C/)}81\Ϩ#CiS&?!~G.&"B/,D`NhT~Ov8%pC;z!|^y;N)g!&-sB-WГ#vMHIFǓI1p5ȋgH L H'D*dP+% L$P+! $0*%3(PHnH llkR}%Wܥ&S&(#wɐ3cZ6Hd)ׁ{smNR ,B77lVv Ui6Mݸ_%>͚񳆫ϸ=#vLˣ}@$Ɣx ]nDraPōU|C*(D2J^h,/xi"H!d[£`{_0=Nv_55WFVi}JtO|Zko5ݑLB{htJڝ.gإ8OQ {twU h]8ߌI tRexК@Kor{bѐz&=s%.nMdcEi_E>{RE#rv?gRn2RޤAJVC@npȁ|ޗE;ovŭI7JJAc7]^4E-W{> #:쒱&%Er i" V@wZ$i(Q0b Ex Y=~֏&|m_0jVZo23wUt?eo%dh]iBQiPt?~M|~p&} I ErfwuyQϫn;-_Q ,jW}~ -D/ erPG|r)ޚw 66ss>DHo7ۜvDRls۹lYǨYc7Y9i^R }ẉx̨"^ivg|A~\,IsRck͝=yNp_!Ku+; aVÜ?ngߋxdYtNzN=+<7 >@N+~-HPD~K-,Ip`@n 򫠥ul H2ۇG:%T,xrs2ΓW O҃lH9C;<~RBkqsWƜCo%lY"(B$ԊL }xP[`VJWV"F>+yl:$AK?X+X޼3Osm\tUibԦ֌D /fO˛'6hL{r~9^Lo32gvO=1rdl{uR9纎̧jKm6xYA[;yzBJ$.QFN<k*i,^sLMgD?8qG _cșq3b֋=| 4Gh5{V%0]V]H6ɕ6R-3*~29|r=sx{p"~9['9#〟@Jzh&d堵lE/&ޅnp ^v(뻚ႩÓyIC#t0+[k`՗ oQjs?̧`ě!x(?&=6=g "Tq)6k3܆& Ao:F~d9 IOY%!)r};Aw9' uZXj2{";Sl҇h|7)Y=\x 5΁aܣB~wCk:L]]饽6`]6_{n^:u! :qDaNНP{lJxyдKAbxϝ]=[n>n=.9oB ,ҏ ̈́ޡ"Dn"L(hi?o}VKm`/UZ3ۿpoڻdFK]S{חNs%:й?KsǢ/c%Q[&kw ~d82RR >j(0NiqUSW85%%Ml}/FBG['߅&5LF]rS&5%=^5-Sإݸ :nxqs}Ik7qV!;g- pA၇RFmdel͉EҨEk*{n %^ Ut ^!7Bo=Mlr8ex)y m`ϳ/<9h~(}vT+߯&~@MnQY|bίSh.7GU"[$?ֱ%A}gD <@m7!.1_qjf'Ւ<Ƞ&ZJQG=/_{ʥu7?%c-?=[dKݖ>'l'?߄T? -/6TW;DCiA0T(,+M+%[Ԑ6o%EեeU*CZmlZfъBq9`fِZ;jjuZ겉e&!X\YX6" mIgn $ rN3NGx pFg4<Jyq8  3 #}w“R_aMt ǎbtc*y#N(2;@D ¡@i=p657īc2BDު \*>xdpO( lQ Z JiWi ,P= EQ 7(9- )p;([S`Q \?W`oVL~?S R\V,TEeʙ\,̬T*բ9|JtTK*xfV^_J│նjKvNpi* ~5V^I:RVP1tiq*J_,+_^Xx,-leŕ̳ڂj@2G1v92'NC 5PPn,Z,mVnEʊeŋJELXQhEa-MdBbV-f! W2X伋J+W SbqQae"qU%E4Q]\gXZVάЊekYTDCCb a3T9}2Jh84[8EeE2&բrR|j=.\RQ%2V(A <-.*-KrELPBΔcSPլ(^QT wAY2>MX˺e9ʋVT2E_kj{:w~ee(I+v~Y#.9:?D&t[GyL{M4,V8OY? FFCB:vyQg)GtO_V\^\UZªk8 _.3L30Z\:}YTR2 &UV^]]9ij>IHO&]|kӋ8J˖.-V@OZ95=#=#*KjJorIV1EhݪE"Mx ɺزeQVQR;Fy jp)*1,^kURFp}Z kbd..'A٘E9ּًۜZs̵0O KZ6sU2,#>eABJ?6jE)GgmlNJ%Uy8Ti)R訠 ~a#!nG#MX3gvuAӡѫI e +gc 7&dTHSbb}@eVB0>iς4|FٱViXKU~b)@,QIcy̨7]Ϩ7bȨrĨXeZFjcA-boXC%{cVW24ػ4+e>{j6ΝʨhdK\3n_Lkn'u@ zBc!knMam4&CFNcsK]4֟xdwGjnj\_ďWjB(cG.i8KDzpWJ4UE *HkGFYU< RTVH1mt@!QϷΞ3ĬMG}g\7"296 f(#s~.QҌz<"FLˇyl 7w#~neԿW*"q6 9/F4yPIe2(ҕHB ,w*%^NXD/YfNʃW&BzQiG#JJ(]QwbFrm2`O bЄB s֦P|V`M`> N±Q5dPZݷ P6H=Ƣ](úkcNWY(L?j)nʉ' ACUhoc!ʚعU+0ic՜"2M;vR'mZI8:v:S؉Į_y%qI{gfE9=;}=r~Ν;w&yR.7l kSDBj-GT[0 `>-`%p3DD+C@d  1&1sc@W&1 ̭*0R{0ֳBj1Ư c'5{װ_Hjs I I# cDsG_e3|%갿HMqDޱv'Bc('$n@峰_:7hS8oo8 kn wjrDi lz\"~O5/Wq R:jTȼx?230EN 1ޭ`]7#R[aSQ:RS?钚;k(t0"t`?V[fP㢙 04pɲi:δ&fSDZnBUX:mgp\Clt7V[u zCj0TB`(Az'stfUM͑Հ 3t!5(0/NCzFc}?)Gզj4@ 2LeV 9nkM\"$ _o4#+RYO8# "u o`-Ej^pL׆H4qKWxXc3,8^ш|Sۼ9SII90eRsgSc8`K9Y)KdT)$ZcS17fbW4!Wm2ZRC_'i׾qg})@4H#Df׺Ni5$jCDJ67ʑbb,J:fZ;nU~I?!(JV@ڂ0B'ɔ:J;šz;O9ҫ|YnPr3jU|6(!t3WwQ9t/¡+|t+6+rC;|;/S pmRV vu+;8ԣ܊wp)Ae;9V[]Oy ͡oɒP\9;9RBШilc%SWj8zO.zxMz[4Ň nxbp#p ey/<x0x' )|f 2YwG(2~8:zli8\pp}q>G TCc7Cx7O&.&À HaÈc/ClA*Gc+#0-V n~}e:@3|Bg.$ lk{C=Tt9]53D$[(G?pgB 7p|#PLjd#,_H H8*Ǧ6dحLPT$՗@Og/e`z@䨦[a%dJxj'(t ;C7sXٹxad-0+4 Eq_*GD" Ƃm"F =?;4HjXP:SX;q@':HOtc"E6r Xixɋ)0H,C+T+1CD7BVt  %pdx"G $_q>оl ]v ZW`z !{hBzBX;͌\5+" G$G`o;0ju* Qtg ^ PŲ3׫}T?RyhU+dcI1hu! 5F6 j0Q΢i .Hqr~YUe;%RJYa$hWnq`6W1|9obӊ EbO&d#.C?v]|aQX!`l'#)- @+ۯ3À{B5~Kp?gD,Z­9kk H[LV3ºHp p\}]u&̈́!2ч b?~Oe p> CK4Tgd< \7Q:``/OD6ؓ,8$>-K8O3` )yS)B-+ ]`7ѵ(2'X'H  p F˄ \TK85h3ۀPln:[?h'+G= =i;ć!W4+GhM ? }-b KM/ _kXVQ_pIc$+Ў̼Az/|#1=cz\ci%4+oi5tீ+BlП$@#Nquןw9> cO{U\l@9zpuG+0րI1OUH|$3LM J|Q/1M?D]} tphSmQMC % Iml ߄[ 1 q O5Uߍ~ +aU(z~/C 9qP{:z >""sܖM<U/qV$ O6h7zJ5b(HLNb9L0DW߇PSY7sp89Fӑdōo.J``1OfWʕd-_Spd0 kQZl1!,ܫxB~Ǧe~62|{2bNHL} 0y9 {fﲘ(OV]//_&Ue/:`Y3PdQGYêtᆓx/(Qv=tDhO*hgvKaaGUŝw* x@,=u#YqR<#1*-S58Q*6AwԌ $+\#a8ѡ#,Iȏk;z-ݗpS]OKJF[`L!_l+GC b>wyGp2~;%`ƃ^= t<\0Kwg+6M&7>, [858Y}\ںcoKڜ.Ԏ)öq4Vr XMǹĩ[8MSN߷tRwu-,2"[yoe-4m_IӸ/԰sJ`=M Nd' nh5!a҃!5 ѐ%R_Ò- #r%/e1r%^M8TQB8eXa"@,1^lepJ U`P'|kxyd L*/ֱG /RcTo /":$bXo:HچHuG*5e2 ҉L' ]#(w;'ù1&bd0WI҉$i.N`hd "c!_ `( 2k4-#5* f"`(@V+7Pa-$XgudT"`n^v5\mε+hLj|< yE2FUpR*i`E,a/.& T+6px{v-]l[UV>׶KmZnv3e2Ҏ2\Ը9\avo n0t*kh:J,ko<`zl;òle[Q$n_ũ~ѻ5tҍ))ZZgw7rjq: n^>g˕MO `C%y^e ɀpUIr^NL|'Չ`pc^0[6Auj;u _LH] tssăEˬ^ C鍍 i] Y@P*!0AHYc`CMu\dƬ1*@Zֱ1k=a11ˌƘTj.'lY n~'nkj~.FŸ"¿vx УʈL5>?nYܿ뮳z ,%}m,flhNxz~}F Khc5&$/N3qbf|+(Pg9.q2z%D!9<1`nfApܜJ z($:I ) m`!sN&laFAYE#r؀#yFʥ=!G (& 0gV6<14òo Ozމ)⦩bal8OOl 0p\.?BqoJh |7 %&1TZRJYv,KuD}Ɗ3Xl*ay՟.#H%`p8* 7ALhX9dZ.\D(˴I/=ֳIXj=&]<#S0R0kZm}o6@3'i3 P:n\3ԣZsXle *Q3(PvۭV遒|̊DvPP)POܢT0 ,ϑ{uV]&U] za~"CXAc|v*3=kDڒE=)uGۯ[g 4ϊ}+@\"+`!B>囋cnoBj+2L<Ц.AWO.%SX۶"8AW%RM6o2ܿc|;>זe6v{<-WiW_Z}_ryϻP˒MA}AݼL7,z /|>k񹼷JY)K+S՜2{N sDcz%4 NAhI췪8*:6]d},~3 d{\[{8\b-|63ɳNo܌){"OTn>d̗!nzs=)RsvҾkkFu-S&\МUܬis UDnl*ll=EctX1/TH_==81N)yxMApv ` i?k]$n[2="g.Fҥ>+JK?a)y|Ғ,ZO{H|y/$NE%JhPBXRΔsE)gb%LKo,5"i)IҒ:ChifXfY"JUqm PF\KI3{AJ+^+P#O;TBK.eMV*QWQh2ߵxg",rLe6MU;)n&4e-pq7afznƶç5ޚ0+!B[KžyN~uyy5ZwV!yϙ2de_*:?O[i^t^ј&0E8qW38c噣Ӣ4gyN&9oUo6$~_ ~@K ęV"]&90| IT!yրO|U<bAmV|\ɶs 9T)~}\wP|<$㽗9|mdZFg3tfKo{0ͻ 1D-!qAM|-"ynk.e}%,{ Behyo0|Q%x$|qf<3o] pWu^ؖd?۲8fЀ\Eq%nFbdGu[=՟*LҐtuкL5 M fäi=4FS\43ui:d%=g{ٷPӝ{{ヘ࿦Q?mb2 Df՗ycQ5\f/Wfɶ}_fw,ջx9k}l;Geׁ~r3U*ZF͂UΡPNi_+dzӞ&Bvhw ј-bJu] -&3 2_T̈h }AX8cT*L8V5t.V ~X7GY[lZ2bVbWHkdb>2| _R̆xr C ]g(OkY,hKA[|]֝ːPӗm1MEȡ;W&x/rQ/"ԫSWDk8Z'DY> |'R/#9ݹΕo< ߈Hwh`68o}&GwMp ˫Sa>ttVKct\ЪGԽsU.7W꾚Mj*_6UbU@f#t^jո0_ ߡʊ%Z>P Zz̼U_ ת .כ$NMXu?_NR'hбtd<:vX J5q^M?wfW,Mߙۨς;^^}{Tc=2{;dc8_4qqfWyi7ժRِYM@1.k1ᚖ>d3VqL g[ۇhXҌXG5Xc>AFԲԽ)w'Ϛ>Gh\G`נ @“s/@*<[F)s`xxrOcץa*ze Ȃ' =JH* EHg[d-҆o"󸛰a%M^૸Bz+cBoJqҤ:} x},R65tkѼoXijhnw(hd\$켃DvMl},i?Apvl9!v6XQvfag-r;BkŦ駲:cmЦhmGA~l9hì&l\1JAя,>[WצDZO:WK\M+>~Z4Ig7fkk%S~C@{\bb%A|IO2 F.FHVA~2 #m-;HmaӴ\ZT̽?|=)r v?=nWۋFzMSoAeo%Eǐkk%>Bǝ+ ӳ'<.g@Z5V[Ֆ5F7֐Un1]/佲 ߛl5+D9gTu^*pokV}?W>v141}*#z?$9%,i\^''쳍pq.usu ceS M5f}*usA^~g"EkAuֺ-꺻k.)|!ub$ya aRV~_$=;a@Cbo#C_}8x婜9^-'u)2L tY/ezV)~ k4kb;Oogr/7'̗؃l<;Gqe/Z nMMg}bmMk-0J_Ka2X;5F^}hJEX[s HC8Q7ƍR6>zysdD9>†jdp^6PbP57۰Rlci5:ky75j| &F[m1bz5ZYUqVkzb}ޏU9lA&S}X9-}:kZ"҆dp>쳨-}jx &gd Yy%e(%{μ׵:,&wdh6+Ag!'EI.zdu aJw'jO] 9~#j,y~J$su_qWBGE|]G^ a" B]#4g#,a.aSCåC7U<\$^_uy>йzN2Ԙ*sMcCuSrxK$Fu #9v} F?,H>,?&9Zh^oo1:̅3k*' -aލ@Kw_W_Ot4"V %/ "3䗀}j5?3=|1@vי! y9U\#njo嗬OE=&5rcHK C3-pl> "drOtI!N> Ʉ2ӭbN-ys?*Vy5ZQ_i_˾,{COKa2_xO!3)^w@:kZC>ȳJM?6Z/rQ* }im[f1W ZV ,Gѧu^ouW d8aGk3ur\=urŐ'E}@TOX'Wq:x]KF>ukI>u; mJ~0#[Dһ,ь2_q##Đ'YⳀlSd;  -avܯ jaF?ʸևmGZZ^/3X/1@T "> @sv+zx{CVVd6R.@v*2wl6EPa4XE-9hXZFzcdU@(\"s`ȗ76 2#rŽQNȺwc4 HGJU(xXJ}r#Sqr ;S@bDqkl(5mBb w(O}^䣀lWdL^r(f1;K~EŪN> k1'ma7ZC6l y 7¸Co_ ;@&ԫw1GQ,f)M'7S,"C9FLx4~>V1O`?v̱t,ܼS3fJ5H4) Q]FG ׄ+qRѽ y ' a}ᑽCCz#8t,(8xe#es0<Tkdx֤>[,I W弲Cpb5q21jˌ[t}_Y8ԈAXY-J"ƲY+J:xVTwI_[CW0ҽիp{1SԩSjGB.;fr*`$payhpWAr>Bl7!}ht*l: b)3gt;W.M2kB *'p_rN%Nf^1;wߥ;%*8 FCks#c8OFz@Â#s'~`!Tո7` k 8,'t?jⶎ_0{];&SX}D:t}!) j bVJ.}3㱢7=~㾲7wL׍W640m4q% 1K/k&zйlk1$m&Е:)QȍP(|i!B`СJF)tgȻ-1h,ykZ5f B fI_fwR3128~C˟pqkt.?;]H=gF bT` CﴇIcA-9cq+kh秕ԮХV8;[cctt(/Q='DP ] 8;48oY`A VyT(4ւ^DɷTDmCM vJ o3&)dRgIIv"cĕCڵ]_$Ơa/Gz "4{Zݴܡ`P>1Kk8TJ]:ń4s~QnC7a;RbM}>E!>d.9cpO <@duўh) NȁV WO杲Jv]bT3Ibrgv !˙ۣi-"#凭N>ݭ9kʅԌSzϸiTNSCuq!*oaOi hJ&cn=.kfB 7d.g;rCE_ aƻjU(A ]/(^(Gkxi ,&^dX3Rlm\[!}KSwuwƈ#`L@#b$=OA`̛쇡Gxñ1W \hC)EZ9bIʊ,5R CPUJxU6.DO8wa^! 'X:tFhBJDuGHpȊ9~LEZHUmkˤ R "$5W'uYa*9m\PuYI;]y`U` r~23swШB6eʇLݣ 'YKװ;u?}RY>PKսwPK-`Vicon.pngPNG  IHDRnPLTE^S9tRNS &8 BzI ӣ*2װk.p[VNφ=u_Sgc_v#IDATxVP $EnjGDvHN{X afО^fQ,7CY)?ObP%jY1ΏW#MGr -d;u!kuF)kHsa+պHy$doĜ/BHyJcTB6"%=fHﻐ-a/d΄榌 {BE&|ړ&u*#)0,lV)0,l>R`X6smR`X6)0,lU`MgεЕҵdwP95 Vk–3 [4o D=D+!հZ`+b0{Ks0,\%PcX$]|p"Z B0,\5+cXr1>`XjSðp4fPѼ*3p/ T49,PpYAT$._7X uFX pΆ='w"&TX/Jq''TpZژ˄X׌?6o|*wUؕP^fxϿ_/f/=~cmd[{$ \\l9$cs CrͶ{=tqX / wbc" ,P,Hm_ KC?]`~]q2V(u{s=h{̴\q*VەmM܂!X̊-#'ڽ-T;8pBۥv;{qpΉ`*-Iޜ.vv;&@p؃?Vau{s+ j]ފ.`b?~ÿG ~gfVPc* 9}8ža~[⯍PB_~6%s_6 )ފc@)NL4tP4KC(YPdLsХDsN=@B&:w[i@ÂBUP B"UP/֞4*,pWLDH:i]PuFq.U:nPvF q! K6ވYXp'y8$0ߏ_kQ`GJAI`#uj$W~ \P|I0_J`~fVK43e `~NX\LXz<)GF 0i@/@9 x^'uh \`\3t*<:h Imfsx!`=ʍb0..H-A#m'0.@A@0 # p ` @0 `H:lYlK8/`!$V`A $R`AK v ! J(Ĉ,vr@M,} DP__ FRWb3 E"C1X```5" %1n HL|Weؑ"u B늭o$/mΎ vcy$ Rn3F3MO% n߿-u 5"+FGl-qM|%m*" ra ~mP7@ 3_= ]5IAp1.N`4vi޺ UlUFVb[h{`Z8@lܠHc dkO-0%z^=ޥCW=>$ɠ`b7.;iQUiw`kmf~͚og)lҔ(1POFXv]RMJTq"1cF{ D6.)q9l擑ڽA$ּs_#S9B1ОbNԄ(', "*qW\Ǚ=甶3-{aL&ϔ 0\M[F΂q[sqh1mUxBY# ePW F-Y{0ƈ;4>5F1}.!3\͌FZ eH `Etŵ-,1Pܧ0 eԐ\#k)*HKն*M)] d7_\Ӂ- ErL'M3vwڷ.厸Y?Rpςxzsu|:U_-޺ҘM[x[mOxMoCq @ ^ FD8[|-`:w%jV,Uw\ \iXW>3r /]0nO,Ѷ%af7\"o p&P7s«xj品NxSWIxyO0N=]'ӈ^M9}h%| *'a~˛?2O.TP4CL^ wT^sqB(8 'Dٷ/ɟgI»$_+.VKVeG]:ZHb#JCd$EOfJed@\0m&$oօyΥwp *W<3HKr< x;q@#vSf d;;+rGA(M`$r |xHQmM}|*=9rX|3A7L9 h'o !hk  3 #韢D'IKd7;a?D dUOWeld 8]5V\"ғ~nԜ17;I㧯!cȏ_ ҙsૅtH9AzgHλu1:۾p (6TWB+Y8Pn:xvRWZ4P셾ڥm4^32cqu{h@IU鿽ޯ^/\-&̴ Rs3wco7_BEVr d) PѠ?[ i:[m@Ah݃_Q}97Pa2";#$!9o@軂Db1tW RTHLL7HsNH## [OB%I*ڷa|TLT@c`+†nD%(۴w#@$0sT޹!QKGM.|0c3S Y(b@VD (xߢ֞IjU9fh;3;;kᇺ]'?tD6- n#ek .@6;O%+Ĕ121%CXBTh'R LG=LE&%BѬV^'"xX?a[d xY?ȢB i"61_>?QMηֱ7@9@,<(P߻@ #Q\h㫋~!_F.ЙꐍCAkߦB(XKHP 3Q/@`}\8X(+(YW»pzOB4XիYb!α9sjӁoD t|X ov݃?!mcdEferUE:$EuDL?O3Е,wn|S~@#0) kf6 LRZglftR1aR(:?ǼDcL^~;!1eCFӔdႣ\po(,wT{S" I  :%'w%/gT.Ӫ+2?D߀!|/vZlӟ3:Sw0߹;5z`.A!%M拎f#kTDEZXΜjңs4<{٤nc%0!Me\_(L7)5\/`VVA|m֩ ls.;ƛ s nK_A>jN q՟_a?kWGS !` :F.?MAЅԎX;޶A|O {BdIsg q<Ўj[Dk_n HO% JM7f+sS/W6GbpQ`ۂXa!r6b3_.Zj$jЁL%DŽ[h싒WO-nY <F&Ϩf͞~'YpaJ1ɹXgdYt75b\=:%drR+xv$;;d3=yʏSLN!-X\Ǩ߱1gZ` RAJ0xf'B&s%XBmTK"cXoy]Q;<|֑ԞCw=Bb9Uǎ6Gq*-YY}zMXm:t@dCJ`R̃G0ܡ,[jpȷ@.5&_Aw3EshDFL h[{EwMTOȫЪxBjQX|AG2I\ 4Mdnj?vo<ײdt ٍn'_ZsDp6'_r;`<mضcdR;c4L6V߆ɮN't&0K-J=EZm.Igs=5-_r99;nM+qH@UO+7pDG!3 3Zڽ/*zMmà%(x@\Ppة9ӟL;XT$oq!ٓ6C82΁,νp?"9[^v=[wFr.С@#o0xElg,tHt$Bw,vۛ8ɳ$ÿ;K׉lACJ(4^' e1.4NjV'OR*+4Nb|NgGE0ԟə#3 :tWZLg8j}#J4exty{eKNEkVgq/C~qS2;ўvz^%$jzf6$5 S!`u;Q$dWz^$/2_ەz|$# B~\i*L"؀D~X-N&Sј G›*ci~qP ٗ$ PsG8AvJ8>}5d ,B:7!@hk^!} HX0)dd[ "K`f4 ibV*UB>A@(QMK*5J'6B뻡iN +HvΞhOK+`f0syGc炔'U#1),?v8 ܢi KmQ {psd$@bAgrނ&skB_gQgRlD;yl=R'Kn_d.=o&)U s1$"ok1qC~4Q@3R36#N2,4rP mwa *uyA)?[ ~4ޭ= 48Z@ʺd|򎣁#"=R\@}{d}c+!aSA$t=d:#{ @'lb|`>-Z !$SќO4\aߓ߽Hc{QiѨ ኢFWR.JJ!ǑOj"h&ovSw 2 =T=,/ \N4٤Hhd'!٩V&,=R&u\ek'NB8]h;2;ynf K\[f([P`ɂv]:`7}"O@B#%hck#5!|b*'˿Yug*8S'G%xOy7naѢ7byξSxR; '~ Y0@q7P ^J:Cae8}7mR_7p3e7 ]f7n>ʹ6aqdBJvS7oգk+y.0٤~ T/2PAH y=$AL|%"/qtT$8O@,CcxH "K)5mVWWD~Bx̠ݷf:/@C>HƊwR96vK,:g::'o.'XXC=DT_JAwezJ 8&Lz>.B c^/0+-11#L;Z(FHA4'T@5qX[CkÍPef0^pN@KG jC^9؏-<+huߎ bN_x]ZpRBC7hj6ਣD߂GGMtP%HH?\3BȕR 'HcCDN?8W z׿.~ RI?F!$tMOţ6qӂsX[XbnQ0Dy,er_Vi{T dqT#.Q8݋a{Ǵ~B;[ӆ7_䞆; .% _}:Q0rg[ rqhT9os]L/ Jݶ{ޣ?0G !zuV0ï)q>``īIO_\,L;& mӇ?{6 MN_ٙJ򳻏{t3$[ RmftnQ] aeu4 &5@STQV<ƹ`i e<Ȓs$ڇbe&ټ8Г?D_Ի#4#ssy^nTjHMrwܦ\>*2mTIlP??D~[@fph[lGE8k5a~Ao7-ZQ3I-xRPyWKl1)Mp!A s!gχ{i }lZnbo\0CtآOz1(%5 }1(3Uv&0Bq=/mlF0kqƣWsm,*.hH`¯1Vp6`A^pNCxGGu-yAJJ XFsb;Gq>1u(Kxc}ka2 2;A tQS"` [b87v9C,}9&a ʾҏk/C31TWa>i7ت+O,AH?Ά9:55*h*peXA2#F1HgY/h;ܓl/t6ԣz@s:N&F?uG6Dr4 =]~] ,CdQ|W!(Fe+sEsL!>{-ฆ JSw| k?ηBW"uYmBt>67m%ُf-@$QGz DgSt'Fs+[`L 8d[nd"T{/j,\m+*,<Y8 zRof{fԡMT?ϜGD3G[Gwk2Lވ {rth;/_}j}k-{3} JJIlW< 8}C'7>c7)8h}s xa;\LDI?K g+ uvN{.}MCmnP.*wJuqm[/ ?\o v sѳقţw u"`,3P } ^:sf !xV(Q*rLgfz5ܝ.+70wJ;Q-겢3pI.z ?0^_wbCX{=+\25\/cL> V=p+áQm 4}&IvdbS] i\G'81ø..֤VC O/:"2泜 @{Rp3ksf71'_uNtш?8V#zr_"$#SR28ymbؿ`;W:\C=n?mlpdيK䅭xH< tt8;uz|H8<jkd>\ϑ:9^]jzFAPJI΁oyoz6}@p;V'zxW -ÃF?Oތy2w cvO}y{Ej<}az_}-L4"} {EkBGjvpgQ&E T谿C:ŝ@'b8+g@75v8d@ Ώt#߿¥&atQ~b?Uc?Srz:߯N(.CfrFr. RNZ Iv]CCւh;v~QH[ߗOdc7aJnj(m0!piཇ|' C:O,]z X]*3VJ@^Gj.# AH#:+Wg& Z=EXw㒈Pɹ눾Y$Vɍ $4mLm߅>LcI !l]0>Ch̠5'X(-B|R $u%9?j\fP]vq ]ImZK, d q~YO5hq '@J^ޣy[)_ҝ,n/&]lCyW} y!~9w`ZεT0щQIU~0.ր%mKm["Cv0QջΓ-03#ZTh/[kI`T}B*W2v#M1"-/_wP[[js9BU3];( Ig7 >XG5b/wPYxVa㿝`w IZQH)h!%T ڀ}M8IBJpdmcRƎoyX t^^^)(w`r_ ܫ8͗+ښ͟CoJ M%h7f,F){S@}Oh0O'3_AzJe{“Bc<4Jt0nqrՈH/͌_Oa)? Ze!/P% GX- ۚPyC(3PF:c֎p7=huŴD<*B,! Ud*+g. msXF5sb$"?) ;a^DKuP ٬#T#T3@=>TF&c$ J7%:_a Ԯt4n\hkgPQ'ikiTlQ)={?B;,JȖ S87JW+R+h_:ME6vBj!l1?Tjp5XMA"Cd+kRG߼1]Ȏ+`VQ6'Qy"NBsv涪{xo$Ggs56 {ڤO K9@P1 =1˘AN|(,}&O%۪TLɐdg"u}2 8H \r0x?^.,Hr9|8 &-"Q\I UsqQ{♰ŀr; 9y>ٔckmR+55gOy&E`WM>ȏ͇޻ \v*լ} briA􉳇/W<*IZ{do;3$9ʿp3? Gω~-PXn!]ǔܚ&}+\=|ԎKhό03ng3XMq|} ([[`w*pA[ _ǴXG=^s7?7Q]˭Y, LЬ,mRԆ vcͭ;H&DLt2:Kl\yT*=BM)8xa31B#|/"5"u4 ;ĈYx (~ JZe2n ceQH``rRg ACFtQzVGx[@*+a)=<ϿkkWsA[if7*F 9Gh9Ky ChLZعhXJa4dbY  ͊iT@^3&W:Lk KԆIV(Z9eAi2U3Ha[7v8ڐ]Il ?مڨ0g,j8ikўyB$͡b{sІ Zz% <‰Mo{< b Ĥٔ06nK*q{lxހ{;+Q?i5cm8-Cx769/#RPv|k۔Du0i1gLy?c8NW\`݀Y5,H$Riy%]x --0 9{0z7}jfb:X^C{o;dN@Isf p|{ Ѐ=_.x:Ϛ9kN Eq. ^9 ұ\M@ޟ@b1js=D2\ġvxAͳ a&c"2B} Y~U0xi("Ԑ%dQm (BkH.nzj 89M$t;xtҏ D ys8JdMC, DEqRcx@ Ր7aTCx dR7LO#KyG`dpP+Z6H9ࠃ L n3(|dŭWDNrX[wHo C/)}81\Ϩ#CiS&?!~G.&"B/,D`NhT~Ov8%pC;z!|^y;N)g!&-sB-WГ#vMHIFǓI1p5ȋgH L H'D*dP+% L$P+! $0*%3(PHnH llkR}%Wܥ&S&(#wɐ3cZ6Hd)ׁ{smNR ,B77lVv Ui6Mݸ_%>͚񳆫ϸ=#vLˣ}@$Ɣx ]nDraPōU|C*(D2J^h,/xi"H!d[£`{_0=Nv_55WFVi}JtO|Zko5ݑLB{htJڝ.gإ8OQ {twU h]8ߌI tRexК@Kor{bѐz&=s%.nMdcEi_E>{RE#rv?gRn2RޤAJVC@npȁ|ޗE;ovŭI7JJAc7]^4E-W{> #:쒱&%Er i" V@wZ$i(Q0b Ex Y=~֏&|m_0jVZo23wUt?eo%dh]iBQiPt?~M|~p&} I ErfwuyQϫn;-_Q ,jW}~ -D/ erPG|r)ޚw 66ss>DHo7ۜvDRls۹lYǨYc7Y9i^R }ẉx̨"^ivg|A~\,IsRck͝=yNp_!Ku+; aVÜ?ngߋxdYtNzN=+<7 >@N+~-HPD~K-,Ip`@n 򫠥ul H2ۇG:%T,xrs2ΓW O҃lH9C;<~RBkqsWƜCo%lY"(B$ԊL }xP[`VJWV"F>+yl:$AK?X+X޼3Osm\tUibԦ֌D /fO˛'6hL{r~9^Lo32gvO=1rdl{uR9纎̧jKm6xYA[;yzBJ$.QFN<k*i,^sLMgD?8qG _cșq3b֋=| 4Gh5{V%0]V]H6ɕ6R-3*~29|r=sx{p"~9['9#〟@Jzh&d堵lE/&ޅnp ^v(뻚ႩÓyIC#t0+[k`՗ oQjs?̧`ě!x(?&=6=g "Tq)6k3܆& Ao:F~d9 IOY%!)r};Aw9' uZXj2{";Sl҇h|7)Y=\x 5΁aܣB~wCk:L]]饽6`]6_{n^:u! :qDaNНP{lJxyдKAbxϝ]=[n>n=.9oB ,ҏ ̈́ޡ"Dn"L(hi?o}VKm`/UZ3ۿpoڻdFK]S{חNs%:й?KsǢ/c%Q[&kw ~d82RR >j(0NiqUSW85%%Ml}/FBG['߅&5LF]rS&5%=^5-Sإݸ :nxqs}Ik7qV!;g- pA၇RFmdel͉EҨEk*{n %^ Ut ^!7Bo=Mlr8ex)y m`ϳ/<9h~(}vT+߯&~@MnQY|bίSh.7GU"[$?ֱ%A}gD <@m7!.1_qjf'Ւ<Ƞ&ZJQG=/_{ʥu7?%c-?=[dKݖ>'l'?߄T? -/6TW;DCiA0T(,+M+%[Ԑ6o%EեeU*CZmlZfъBq9`fِZ;jjuZ겉e&!X\YX6" mIgn $ rN3NGx pFg4<Jyq8  3 #}w“R_aMt ǎbtc*y#N(2;@D ¡@i=p657īc2BDު \*>xdpO( lQ Z JiWi ,P= EQ 7(9- )p;([S`Q \?W`oVL~?S R\V,TEeʙ\,̬T*բ9|JtTK*xfV^_J│նjKvNpi* ~5V^I:RVP1tiq*J_,+_^Xx,-leŕ̳ڂj@2G1v92'NC 5PPn,Z,mVnEʊeŋJELXQhEa-MdBbV-f! W2X伋J+W SbqQae"qU%E4Q]\gXZVάЊekYTDCCb a3T9}2Jh84[8EeE2&բrR|j=.\RQ%2V(A <-.*-KrELPBΔcSPլ(^QT wAY2>MX˺e9ʋVT2E_kj{:w~ee(I+v~Y#.9:?D&t[GyL{M4,V8OY? FFCB:vyQg)GtO_V\^\UZªk8 _.3L30Z\:}YTR2 &UV^]]9ij>IHO&]|kӋ8J˖.-V@OZ95=#=#*KjJorIV1EhݪE"Mx ɺزeQVQR;Fy jp)*1,^kURFp}Z kbd..'A٘E9ּًۜZs̵0O KZ6sU2,#>eABJ?6jE)GgmlNJ%Uy8Ti)R訠 ~a#!nG#MX3gvuAӡѫI e +gc 7&dTHSbb}@eVB0>iς4|FٱViXKU~b)@,QIcy̨7]Ϩ7bȨrĨXeZFjcA-boXC%{cVW24ػ4+e>{j6ΝʨhdK\3n_Lkn'u@ zBc!knMam4&CFNcsK]4֟xdwGjnj\_ďWjB(cG.i8KDzpWJ4UE *HkGFYU< RTVH1mt@!QϷΞ3ĬMG}g\7"296 f(#s~.QҌz<"FLˇyl 7w#~neԿW*"q6 9/F4yPIe2(ҕHB ,w*%^NXD/YfNʃW&BzQiG#JJ(]QwbFrm2`O bЄB s֦P|V`M`> N±Q5dPZݷ P6H=Ƣ](úkcNWY(L?j)nʉ' ACUhoc!ʚعU+0ic՜"2M;vR'mZI8:v:S؉Į_y%qI{gfE9=;}=r~Ν;w&yR.7l kSDBj-GT[0 `>-`%p3DD+C@d  1&1sc@W&1 ̭*0R{0ֳBj1Ư c'5{װ_Hjs I I# cDsG_e3|%갿HMqDޱv'Bc('$n@峰_:7hS8oo8 kn wjrDi lz\"~O5/Wq R:jTȼx?230EN 1ޭ`]7#R[aSQ:RS?钚;k(t0"t`?V[fP㢙 04pɲi:δ&fSDZnBUX:mgp\Clt7V[u zCj0TB`(Az'stfUM͑Հ 3t!5(0/NCzFc}?)Gզj4@ 2LeV 9nkM\"$ _o4#+RYO8# "u o`-Ej^pL׆H4qKWxXc3,8^ш|Sۼ9SII90eRsgSc8`K9Y)KdT)$ZcS17fbW4!Wm2ZRC_'i׾qg})@4H#Df׺Ni5$jCDJ67ʑbb,J:fZ;nU~I?!(JV@ڂ0B'ɔ:J;šz;O9ҫ|YnPr3jU|6(!t3WwQ9t/¡+|t+6+rC;|;/S pmRV vu+;8ԣ܊wp)Ae;9V[]Oy ͡oɒP\9;9RBШilc%SWj8zO.zxMz[4Ň nxbp#p ey/<x0x' )|f 2YwG(2~8:zli8\pp}q>G TCc7Cx7O&.&À HaÈc/ClA*Gc+#0-V n~}e:@3|Bg.$ lk{C=Tt9]53D$[(G?pgB 7p|#PLjd#,_H H8*Ǧ6dحLPT$՗@Og/e`z@䨦[a%dJxj'(t ;C7sXٹxad-0+4 Eq_*GD" Ƃm"F =?;4HjXP:SX;q@':HOtc"E6r Xixɋ)0H,C+T+1CD7BVt  %pdx"G $_q>оl ]v ZW`z !{hBzBX;͌\5+" G$G`o;0ju* Qtg ^ PŲ3׫}T?RyhU+dcI1hu! 5F6 j0Q΢i .Hqr~YUe;%RJYa$hWnq`6W1|9obӊ EbO&d#.C?v]|aQX!`l'#)- @+ۯ3À{B5~Kp?gD,Z­9kk H[LV3ºHp p\}]u&̈́!2ч b?~Oe p> CK4Tgd< \7Q:``/OD6ؓ,8$>-K8O3` )yS)B-+ ]`7ѵ(2'X'H  p F˄ \TK85h3ۀPln:[?h'+G= =i;ć!W4+GhM ? }-b KM/ _kXVQ_pIc$+Ў̼Az/|#1=cz\ci%4+oi5tீ+BlП$@#Nquןw9> cO{U\l@9zpuG+0րI1OUH|$3LM J|Q/1M?D]} tphSmQMC % Iml ߄[ 1 q O5Uߍ~ +aU(z~/C 9qP{:z >""sܖM<U/qV$ O6h7zJ5b(HLNb9L0DW߇PSY7sp89Fӑdōo.J``1OfWʕd-_Spd0 kQZl1!,ܫxB~Ǧe~62|{2bNHL} 0y9 {fﲘ(OV]//_&Ue/:`Y3PdQGYêtᆓx/(Qv=tDhO*hgvKaaGUŝw* x@,=u#YqR<#1*-S58Q*6AwԌ $+\#a8ѡ#,Iȏk;z-ݗpS]OKJF[`L!_l+GC b>wyGp2~;%`ƃ^= t<\0Kwg+6M&7>, [858Y}\ںcoKڜ.Ԏ)öq4Vr XMǹĩ[8MSN߷tRwu-,2"[yoe-4m_IӸ/԰sJ`=M Nd' nh5!a҃!5 ѐ%R_Ò- #r%/e1r%^M8TQB8eXa"@,1^lepJ U`P'|kxyd L*/ֱG /RcTo /":$bXo:HچHuG*5e2 ҉L' ]#(w;'ù1&bd0WI҉$i.N`hd "c!_ `( 2k4-#5* f"`(@V+7Pa-$XgudT"`n^v5\mε+hLj|< yE2FUpR*i`E,a/.& T+6px{v-]l[UV>׶KmZnv3e2Ҏ2\Ը9\avo n0t*kh:J,ko<`zl;òle[Q$n_ũ~ѻ5tҍ))ZZgw7rjq: n^>g˕MO `C%y^e ɀpUIr^NL|'Չ`pc^0[6Auj;u _LH] tssăEˬ^ C鍍 i] Y@P*!0AHYc`CMu\dƬ1*@Zֱ1k=a11ˌƘTj.'lY n~'nkj~.FŸ"¿vx УʈL5>?nYܿ뮳z ,%}m,flhNxz~}F Khc5&$/N3qbf|+(Pg9.q2z%D!9<1`nfApܜJ z($:I ) m`!sN&laFAYE#r؀#yFʥ=!G (& 0gV6<14òo Ozމ)⦩bal8OOl 0p\.?BqoJh |7 %&1TZRJYv,KuD}Ɗ3Xl*ay՟.#H%`p8* 7ALhX9dZ.\D(˴I/=ֳIXj=&]<#S0R0kZm}o6@3'i3 P:n\3ԣZsXle *Q3(PvۭV遒|̊DvPP)POܢT0 ,ϑ{uV]&U] za~"CXAc|v*3=kDڒE=)uGۯ[g 4ϊ}+@\"+`!B>囋cnoBj+2L<Ц.AWO.%SX۶"8AW%RM6o2ܿc|;>זe6v{<-WiW_Z}_ryϻP˒MA}AݼL7,z /|>k񹼷JY)K+S՜2{N sDcz%4 NAhI췪8*:6]d},~3 d{\[{8\b-|63ɳNo܌){"OTn>d̗!nzs=)RsvҾkkFu-S&\МUܬis UDnl*ll=EctX1/TH_==81N)yxMApv ` i?k]$n[2="g.Fҥ>+JK?a)y|Ғ,ZO{H|y/$NE%JhPBXRΔsE)gb%LKo,5"i)IҒ:ChifXfY"JUqm PF\KI3{AJ+^+P#O;TBK.eMV*QWQh2ߵxg",rLe6MU;)n&4e-pq7afznƶç5ޚ0+!B[KžyN~uyy5ZwV!yϙ2de_*:?O[i^t^ј&0E8qW38c噣Ӣ4gyN&9oUo6$~_ ~@K ęV"]&90| IT!yրO|U<bAmV|\ɶs 9T)~}\wP|<$㽗9|mdZFg3tfKo{0ͻ 1D-!qAM|-"ynk.e}%,{ Behyo0|Q%x$|qf<3o] pWu^ؖd?۲8fЀ\Eq%nFbdGu[=՟*LҐtuкL5 M fäi=4FS\43ui:d%=g{ٷPӝ{{ヘ࿦Q?mb2 Df՗ycQ5\f/Wfɶ}_fw,ջx9k}l;Geׁ~r3U*ZF͂UΡPNi_+dzӞ&Bvhw ј-bJu] -&3 2_T̈h }AX8cT*L8V5t.V ~X7GY[lZ2bVbWHkdb>2| _R̆xr C ]g(OkY,hKA[|]֝ːPӗm1MEȡ;W&x/rQ/"ԫSWDk8Z'DY> |'R/#9ݹΕo< ߈Hwh`68o}&GwMp ˫Sa>ttVKct\ЪGԽsU.7W꾚Mj*_6UbU@f#t^jո0_ ߡʊ%Z>P Zz̼U_ ת .כ$NMXu?_NR'hбtd<:vX J5q^M?wfW,Mߙۨς;^^}{Tc=2{;dc8_4qqfWyi7ժRِYM@1.k1ᚖ>d3VqL g[ۇhXҌXG5Xc>AFԲԽ)w'Ϛ>Gh\G`נ @“s/@*<[F)s`xxrOcץa*ze Ȃ' =JH* EHg[d-҆o"󸛰a%M^૸Bz+cBoJqҤ:} x},R65tkѼoXijhnw(hd\$켃DvMl},i?Apvl9!v6XQvfag-r;BkŦ駲:cmЦhmGA~l9hì&l\1JAя,>[WצDZO:WK\M+>~Z4Ig7fkk%S~C@{\bb%A|IO2 F.FHVA~2 #m-;HmaӴ\ZT̽?|=)r v?=nWۋFzMSoAeo%Eǐkk%>Bǝ+ ӳ'<.g@Z5V[Ֆ5F7֐Un1]/佲 ߛl5+D9gTu^*pokV}?W>v141}*#z?$9%,i\^''쳍pq.usu ceS M5f}*usA^~g"EkAuֺ-꺻k.)|!ub$ya aRV~_$=;a@Cbo#C_}8x婜9^-'u)2L tY/ezV)~ k4kb;Oogr/7'̗؃l<;Gqe/Z nMMg}bmMk-0J_Ka2X;5F^}hJEX[s HC8Q7ƍR6>zysdD9>†jdp^6PbP57۰Rlci5:ky75j| &F[m1bz5ZYUqVkzb}ޏU9lA&S}X9-}:kZ"҆dp>쳨-}jx &gd Yy%e(%{μ׵:,&wdh6+Ag!'EI.zdu aJw'jO] 9~#j,y~J$su_qWBGE|]G^ a" B]#4g#,a.aSCåC7U<\$^_uy>йzN2Ԙ*sMcCuSrxK$Fu #9v} F?,H>,?&9Zh^oo1:̅3k*' -aލ@Kw_W_Ot4"V %/ "3䗀}j5?3=|1@vי! y9U\#njo嗬OE=&5rcHK C3-pl> "drOtI!N> Ʉ2ӭbN-ys?*Vy5ZQ_i_˾,{COKa2_xO!3)^w@:kZC>ȳJM?6Z/rQ* }im[f1W ZV ,Gѧu^ouW d8aGk3ur\=urŐ'E}@TOX'Wq:x]KF>ukI>u; mJ~0#[Dһ,ь2_q##Đ'YⳀlSd;  -avܯ jaF?ʸևmGZZ^/3X/1@T "> @sv+zx{CVVd6R.@v*2wl6EPa4XE-9hXZFzcdU@(\"s`ȗ76 2#rŽQNȺwc4 HGJU(xXJ}r#Sqr ;S@bDqkl(5mBb w(O}^䣀lWdL^r(f1;K~EŪN> k1'ma7ZC6l y 7¸Co_ ;@&ԫw1GQ,f)M'7S,"C9FLx4~>V1O`?v̱t,ܼS3fJ5H4) Q]FG ׄ+qRѽ y ' a}ᑽCCz#8t,(8xe#es0<Tkdx֤>[,I W弲Cpb5q21jˌ[t}_Y8ԈAXY-J"ƲY+J:xVTwI_[CW0ҽիp{1SԩSjGB.;fr*`$payhpWAr>Bl7!}ht*l: b)3gt;W.M2kB *'p_rN%Nf^1;wߥ;%*8 FCks#c8OFz@Â#s'~`!Tո7` k 8,'t?jⶎ_0{];&SX}D:t}!) j bVJ.}3㱢7=~㾲7wL׍W640m4q% 1K/k&zйlk1$m&Е:)QȍP(|i!B`СJF)tgȻ-1h,ykZ5f B fI_fwR3128~C˟pqkt.?;]H=gF bT` CﴇIcA-9cq+kh秕ԮХV8;[cctt(/Q='DP ] 8;48oY`A VyT(4ւ^DɷTDmCM vJ o3&)dRgIIv"cĕCڵ]_$Ơa/Gz "4{Zݴܡ`P>1Kk8TJ]:ń4s~QnC7a;RbM}>E!>d.9cpO <@duўh) NȁV WO杲Jv]bT3Ibrgv !˙ۣi-"#凭N>ݭ9kʅԌSzϸiTNSCuq!*oaOi hJ&cn=.kfB 7d.g;rCE_ aƻjU(A ]/(^(Gkxi ,&^dX3Rlm\[!}KSwuwƈ#`L@#b$=OA`̛쇡Gxñ1W \hC)EZ9bIʊ,5R CPUJxU6.DO8wa^! 'X:tFhBJDuGHpȊ9~LEZHUmkˤ R "$5W'uYa*9m\PuYI;]y`U` r~23swШB6eʇLݣ 'YKװ;u?}RY>PKսwPK-/_Vicon.pngPNG  IHDRnPLTE^S9tRNS &8 BzI ӣ*2װk.p[VNφ=u_Sgc_v#IDATxVP $EnjGDvHN{X afО^fQ,7CY)?ObP%jY1ΏW#MGr -d;u!kuF)kHsa+պHy$doĜ/BHyJcTB6"%=fHﻐ-a/d΄榌 {BE&|ړ&u*#)0,lV)0,l>R`X6smR`X6)0,lU`MgεЕҵdwP95 Vk–3 [4o D=D+!հZ`+b0{Ks0,\%PcX$]|p"Z B0,\5+cXr1>`XjSðp4fPѼ*3p/ T49,PpYAT$._7X uFX pΆ='w"&TX/Jq''TpZژ˄X׌?6o|*wUؕP^fxϿ_/f/=~cmd[{$ \\l9$cs CrͶ{=tqX / wbc" ,P,Hm_ KC?]`~]q2V(u{s=h{̴\q*VەmM܂!X̊-#'ڽ-T;8pBۥv;{qpΉ`*-Iޜ.vv;&@p؃?Vau{s+ j]ފ.`b?~ÿG ~gfVPc* 9}8ža~[⯍PB_~6%s_6 )ފc@)NL4tP4KC(YPdLsХDsN=@B&:w[i@ÂBUP B"UP/֞4*,pWLDH:i]PuFq.U:nPvF q! K6ވYXp'y8$0ߏ_kQ`GJAI`#uj$W~ \P|I0_J`~fVK43e `~NX\LXz<)GF 0i@/@9 x^'uh \`\3t*<:h Imfsx!`=ʍb0..H-A#m'0.@A@0 # p ` @0 `H:lYlK8/`!$V`A $R`AK v ! J(Ĉ,vr@M,} DP__ FRWb3 E"C1X```5" %1n HL|Weؑ"u B늭o$/mΎ vcy$ Rn3F3MO% n߿-u 5"+FGl-qM|%m*" ra ~mP7@ 3_= ]5IAp1.N`4vi޺ UlUFVb[h{`Z8@lܠHc dkO-0%z^=ޥCW=>$ɠ`b7.;iQUiw`kmf~͚og)lҔ(1POFXv]RMJTq"1cF{ D6.)q9l擑ڽA$ּs_#S9B1ОbNԄ(', "*qW\Ǚ=甶3-{aL&ϔ 0\M[F΂q[sqh1mUxBY# ePW F-Y{0ƈ;4>5F1}.!3\͌FZ eH `Etŵ-,1Pܧ0 eԐ\#k)*HKն*M)] d7_\Ӂ- ErL'M3vwڷ.厸Y?Rpςxzsu|:U_-޺ҘM[x[mOxMoCq @ ^ FD8[|-`:w%jV,Uw\ \iXW>3r /]0nO,Ѷ%af7\"o p&P7s«xj品NxSWIxyO0N=]'ӈ^M9}h%| *'a~˛?2O.TP4CL^ wT^sqB(8 'Dٷ/ɟgI»$_+.VKVeG]:ZHb#JCd$EOfJed@\0m&$oօyΥwp *W<3HKr< x;q@#vSf d;;+rGA(M`$r |xHQmM}|*=9rX|3A7L9 h'o !hk  3 #韢D'IKd7;a?D dUOWeld 8]5V\"ғ~nԜ17;I㧯!cȏ_ ҙsૅtH9AzgHλu1:۾p (6TWB+Y8Pn:xvRWZ4P셾ڥm4^32cqu{h@IU鿽ޯ^/\-&̴ Rs3wco7_BEVr d) PѠ?[ i:[m@Ah݃_Q}97Pa2";#$!9o@軂Db1tW RTHLL7HsNH## [OB%I*ڷa|TLT@c`+†nD%(۴w#@$0sT޹!QKGM.|0c3S Y(b@VD (xߢ֞IjU9fh;3;;kᇺ]'?tD6- n#ek .@6;O%+Ĕ121%CXBTh'R LG=LE&%BѬV^'"xX?a[d xY?ȢB i"61_>?QMηֱ7@9@,<(P߻@ #Q\h㫋~!_F.ЙꐍCAkߦB(XKHP 3Q/@`}\8X(+(YW»pzOB4XիYb!α9sjӁoD t|X ov݃?!mcdEferUE:$EuDL?O3Е,wn|S~@#0) kf6 LRZglftR1aR(:?ǼDcL^~;!1eCFӔdႣ\po(,wT{S" I  :%'w%/gT.Ӫ+2?D߀!|/vZlӟ3:Sw0߹;5z`.A!%M拎f#kTDEZXΜjңs4<{٤nc%0!Me\_(L7)5\/`VVA|m֩ ls.;ƛ s nK_A>jN q՟_a?kWGS !` :F.?MAЅԎX;޶A|O {BdIsg q<Ўj[Dk_n HO% JM7f+sS/W6GbpQ`ۂXa!r6b3_.Zj$jЁL%DŽ[h싒WO-nY <F&Ϩf͞~'YpaJ1ɹXgdYt75b\=:%drR+xv$;;d3=yʏSLN!-X\Ǩ߱1gZ` RAJ0xf'B&s%XBmTK"cXoy]Q;<|֑ԞCw=Bb9Uǎ6Gq*-YY}zMXm:t@dCJ`R̃G0ܡ,[jpȷ@.5&_Aw3EshDFL h[{EwMTOȫЪxBjQX|AG2I\ 4Mdnj?vo<ײdt ٍn'_ZsDp6'_r;`<mضcdR;c4L6V߆ɮN't&0K-J=EZm.Igs=5-_r99;nM+qH@UO+7pDG!3 3Zڽ/*zMmà%(x@\Ppة9ӟL;XT$oq!ٓ6C82΁,νp?"9[^v=[wFr.С@#o0xElg,tHt$Bw,vۛ8ɳ$ÿ;K׉lACJ(4^' e1.4NjV'OR*+4Nb|NgGE0ԟə#3 :tWZLg8j}#J4exty{eKNEkVgq/C~qS2;ўvz^%$jzf6$5 S!`u;Q$dWz^$/2_ەz|$# B~\i*L"؀D~X-N&Sј G›*ci~qP ٗ$ PsG8AvJ8>}5d ,B:7!@hk^!} HX0)dd[ "K`f4 ibV*UB>A@(QMK*5J'6B뻡iN +HvΞhOK+`f0syGc炔'U#1),?v8 ܢi KmQ {psd$@bAgrނ&skB_gQgRlD;yl=R'Kn_d.=o&)U s1$"ok1qC~4Q@3R36#N2,4rP mwa *uyA)?[ ~4ޭ= 48Z@ʺd|򎣁#"=R\@}{d}c+!aSA$t=d:#{ @'lb|`>-Z !$SќO4\aߓ߽Hc{QiѨ ኢFWR.JJ!ǑOj"h&ovSw 2 =T=,/ \N4٤Hhd'!٩V&,=R&u\ek'NB8]h;2;ynf K\[f([P`ɂv]:`7}"O@B#%hck#5!|b*'˿Yug*8S'G%xOy7naѢ7byξSxR; '~ Y0@q7P ^J:Cae8}7mR_7p3e7 ]f7n>ʹ6aqdBJvS7oգk+y.0٤~ T/2PAH y=$AL|%"/qtT$8O@,CcxH "K)5mVWWD~Bx̠ݷf:/@C>HƊwR96vK,:g::'o.'XXC=DT_JAwezJ 8&Lz>.B c^/0+-11#L;Z(FHA4'T@5qX[CkÍPef0^pN@KG jC^9؏-<+huߎ bN_x]ZpRBC7hj6ਣD߂GGMtP%HH?\3BȕR 'HcCDN?8W z׿.~ RI?F!$tMOţ6qӂsX[XbnQ0Dy,er_Vi{T dqT#.Q8݋a{Ǵ~B;[ӆ7_䞆; .% _}:Q0rg[ rqhT9os]L/ Jݶ{ޣ?0G !zuV0ï)q>``īIO_\,L;& mӇ?{6 MN_ٙJ򳻏{t3$[ RmftnQ] aeu4 &5@STQV<ƹ`i e<Ȓs$ڇbe&ټ8Г?D_Ի#4#ssy^nTjHMrwܦ\>*2mTIlP??D~[@fph[lGE8k5a~Ao7-ZQ3I-xRPyWKl1)Mp!A s!gχ{i }lZnbo\0CtآOz1(%5 }1(3Uv&0Bq=/mlF0kqƣWsm,*.hH`¯1Vp6`A^pNCxGGu-yAJJ XFsb;Gq>1u(Kxc}ka2 2;A tQS"` [b87v9C,}9&a ʾҏk/C31TWa>i7ت+O,AH?Ά9:55*h*peXA2#F1HgY/h;ܓl/t6ԣz@s:N&F?uG6Dr4 =]~] ,CdQ|W!(Fe+sEsL!>{-ฆ JSw| k?ηBW"uYmBt>67m%ُf-@$QGz DgSt'Fs+[`L 8d[nd"T{/j,\m+*,<Y8 zRof{fԡMT?ϜGD3G[Gwk2Lވ {rth;/_}j}k-{3} JJIlW< 8}C'7>c7)8h}s xa;\LDI?K g+ uvN{.}MCmnP.*wJuqm[/ ?\o v sѳقţw u"`,3P } ^:sf !xV(Q*rLgfz5ܝ.+70wJ;Q-겢3pI.z ?0^_wbCX{=+\25\/cL> V=p+áQm 4}&IvdbS] i\G'81ø..֤VC O/:"2泜 @{Rp3ksf71'_uNtш?8V#zr_"$#SR28ymbؿ`;W:\C=n?mlpdيK䅭xH< tt8;uz|H8<jkd>\ϑ:9^]jzFAPJI΁oyoz6}@p;V'zxW -ÃF?Oތy2w cvO}y{Ej<}az_}-L4"} {EkBGjvpgQ&E T谿C:ŝ@'b8+g@75v8d@ Ώt#߿¥&atQ~b?Uc?Srz:߯N(.CfrFr. RNZ Iv]CCւh;v~QH[ߗOdc7aJnj(m0!piཇ|' C:O,]z X]*3VJ@^Gj.# AH#:+Wg& Z=EXw㒈Pɹ눾Y$Vɍ $4mLm߅>LcI !l]0>Ch̠5'X(-B|R $u%9?j\fP]vq ]ImZK, d q~YO5hq '@J^ޣy[)_ҝ,n/&]lCyW} y!~9w`ZεT0щQIU~0.ր%mKm["Cv0QջΓ-03#ZTh/[kI`T}B*W2v#M1"-/_wP[[js9BU3];( Ig7 >XG5b/wPYxVa㿝`w IZQH)h!%T ڀ}M8IBJpdmcRƎoyX t^^^)(w`r_ ܫ8͗+ښ͟CoJ M%h7f,F){S@}Oh0O'3_AzJe{“Bc<4Jt0nqrՈH/͌_Oa)? Ze!/P% GX- ۚPyC(3PF:c֎p7=huŴD<*B,! Ud*+g. msXF5sb$"?) ;a^DKuP ٬#T#T3@=>TF&c$ J7%:_a Ԯt4n\hkgPQ'ikiTlQ)={?B;,JȖ S87JW+R+h_:ME6vBj!l1?Tjp5XMA"Cd+kRG߼1]Ȏ+`VQ6'Qy"NBsv涪{xo$Ggs56 {ڤO K9@P1 =1˘AN|(,}&O%۪TLɐdg"u}2 8H \r0x?^.,Hr9|8 &-"Q\I UsqQ{♰ŀr; 9y>ٔckmR+55gOy&E`WM>ȏ͇޻ \v*լ} briA􉳇/W<*IZ{do;3$9ʿp3? Gω~-PXn!]ǔܚ&}+\=|ԎKhό03ng3XMq|} ([[`w*pA[ _ǴXG=^s7?7Q]˭Y, LЬ,mRԆ vcͭ;H&DLt2:Kl\yT*=BM)8xa31B#|/"5"u4 ;ĈYx (~ JZe2n ceQH``rRg ACFtQzVGx[@*+a)=<ϿkkWsA[if7*F 9Gh9Ky ChLZعhXJa4dbY  ͊iT@^3&W:Lk KԆIV(Z9eAi2U3Ha[7v8ڐ]Il ?مڨ0g,j8ikўyB$͡b{sІ Zz% <‰Mo{< b Ĥٔ06nK*q{lxހ{;+Q?i5cm8-Cx769/#RPv|k۔Du0i1gLy?c8NW\`݀Y5,H$Riy%]x --0 9{0z7}jfb:X^C{o;dN@Isf p|{ Ѐ=_.x:Ϛ9kN Eq. ^9 ұ\M@ޟ@b1js=D2\ġvxAͳ a&c"2B} Y~U0xi("Ԑ%dQm (BkH.nzj 89M$t;xtҏ D ys8JdMC, DEqRcx@ Ր7aTCx dR7LO#KyG`dpP+Z6H9ࠃ L n3(|dŭWDNrX[wHo C/)}81\Ϩ#CiS&?!~G.&"B/,D`NhT~Ov8%pC;z!|^y;N)g!&-sB-WГ#vMHIFǓI1p5ȋgH L H'D*dP+% L$P+! $0*%3(PHnH llkR}%Wܥ&S&(#wɐ3cZ6Hd)ׁ{smNR ,B77lVv Ui6Mݸ_%>͚񳆫ϸ=#vLˣ}@$Ɣx ]nDraPōU|C*(D2J^h,/xi"H!d[£`{_0=Nv_55WFVi}JtO|Zko5ݑLB{htJڝ.gإ8OQ {twU h]8ߌI tRexК@Kor{bѐz&=s%.nMdcEi_E>{RE#rv?gRn2RޤAJVC@npȁ|ޗE;ovŭI7JJAc7]^4E-W{> #:쒱&%Er i" V@wZ$i(Q0b Ex Y=~֏&|m_0jVZo23wUt?eo%dh]iBQiPt?~M|~p&} I ErfwuyQϫn;-_Q ,jW}~ -D/ erPG|r)ޚw 66ss>DHo7ۜvDRls۹lYǨYc7Y9i^R }ẉx̨"^ivg|A~\,IsRck͝=yNp_!Ku+; aVÜ?ngߋxdYtNzN=+<7 >@N+~-HPD~K-,Ip`@n 򫠥ul H2ۇG:%T,xrs2ΓW O҃lH9C;<~RBkqsWƜCo%lY"(B$ԊL }xP[`VJWV"F>+yl:$AK?X+X޼3Osm\tUibԦ֌D /fO˛'6hL{r~9^Lo32gvO=1rdl{uR9纎̧jKm6xYA[;yzBJ$.QFN<k*i,^sLMgD?8qG _cșq3b֋=| 4Gh5{V%0]V]H6ɕ6R-3*~29|r=sx{p"~9['9#〟@Jzh&d堵lE/&ޅnp ^v(뻚ႩÓyIC#t0+[k`՗ oQjs?̧`ě!x(?&=6=g "Tq)6k3܆& Ao:F~d9 IOY%!)r};Aw9' uZXj2{";Sl҇h|7)Y=\x 5΁aܣB~wCk:L]]饽6`]6_{n^:u! :qDaNНP{lJxyдKAbxϝ]=[n>n=.9oB ,ҏ ̈́ޡ"Dn"L(hi?o}VKm`/UZ3ۿpoڻdFK]S{חNs%:й?KsǢ/c%Q[&kw ~d82RR >j(0NiqUSW85%%Ml}/FBG['߅&5LF]rS&5%=^5-Sإݸ :nxqs}Ik7qV!;g- pA၇RFmdel͉EҨEk*{n %^ Ut ^!7Bo=Mlr8ex)y m`ϳ/<9h~(}vT+߯&~@MnQY|bίSh.7GU"[$?ֱ%A}gD <@m7!.1_qjf'Ւ<Ƞ&ZJQG=/_{ʥu7?%c-?=[dKݖ>'l'?߄T? -/6TW;DCiA0T(,+M+%[Ԑ6o%EեeU*CZmlZfъBq9`fِZ;jjuZ겉e&!X\YX6" mIgn $ rN3NGx pFg4<Jyq8  3 #}w“R_aMt ǎbtc*y#N(2;@D ¡@i=p657īc2BDު \*>xdpO( lQ Z JiWi ,P= EQ 7(9- )p;([S`Q \?W`oVL~?S R\V,TEeʙ\,̬T*բ9|JtTK*xfV^_J│նjKvNpi* ~5V^I:RVP1tiq*J_,+_^Xx,-leŕ̳ڂj@2G1v92'NC 5PPn,Z,mVnEʊeŋJELXQhEa-MdBbV-f! W2X伋J+W SbqQae"qU%E4Q]\gXZVάЊekYTDCCb a3T9}2Jh84[8EeE2&բrR|j=.\RQ%2V(A <-.*-KrELPBΔcSPլ(^QT wAY2>MX˺e9ʋVT2E_kj{:w~ee(I+v~Y#.9:?D&t[GyL{M4,V8OY? FFCB:vyQg)GtO_V\^\UZªk8 _.3L30Z\:}YTR2 &UV^]]9ij>IHO&]|kӋ8J˖.-V@OZ95=#=#*KjJorIV1EhݪE"Mx ɺزeQVQR;Fy jp)*1,^kURFp}Z kbd..'A٘E9ּًۜZs̵0O KZ6sU2,#>eABJ?6jE)GgmlNJ%Uy8Ti)R訠 ~a#!nG#MX3gvuAӡѫI e +gc 7&dTHSbb}@eVB0>iς4|FٱViXKU~b)@,QIcy̨7]Ϩ7bȨrĨXeZFjcA-boXC%{cVW24ػ4+e>{j6ΝʨhdK\3n_Lkn'u@ zBc!knMam4&CFNcsK]4֟xdwGjnj\_ďWjB(cG.i8KDzpWJ4UE *HkGFYU< RTVH1mt@!QϷΞ3ĬMG}g\7"296 f(#s~.QҌz<"FLˇyl 7w#~neԿW*"q6 9/F4yPIe2(ҕHB ,w*%^NXD/YfNʃW&BzQiG#JJ(]QwbFrm2`O bЄB s֦P|V`M`> N±Q5dPZݷ P6H=Ƣ](úkcNWY(L?j)nʉ' ACUhoc!ʚعU+0ic՜"2M;vR'mZI8:v:S؉Į_y%qI{gfE9=;}=r~Ν;w&yR.7l kSDBj-GT[0 `>-`%p3DD+C@d  1&1sc@W&1 ̭*0R{0ֳBj1Ư c'5{װ_Hjs I I# cDsG_e3|%갿HMqDޱv'Bc('$n@峰_:7hS8oo8 kn wjrDi lz\"~O5/Wq R:jTȼx?230EN 1ޭ`]7#R[aSQ:RS?钚;k(t0"t`?V[fP㢙 04pɲi:δ&fSDZnBUX:mgp\Clt7V[u zCj0TB`(Az'stfUM͑Հ 3t!5(0/NCzFc}?)Gզj4@ 2LeV 9nkM\"$ _o4#+RYO8# "u o`-Ej^pL׆H4qKWxXc3,8^ш|Sۼ9SII90eRsgSc8`K9Y)KdT)$ZcS17fbW4!Wm2ZRC_'i׾qg})@4H#Df׺Ni5$jCDJ67ʑbb,J:fZ;nU~I?!(JV@ڂ0B'ɔ:J;šz;O9ҫ|YnPr3jU|6(!t3WwQ9t/¡+|t+6+rC;|;/S pmRV vu+;8ԣ܊wp)Ae;9V[]Oy ͡oɒP\9;9RBШilc%SWj8zO.zxMz[4Ň nxbp#p ey/<x0x' )|f 2YwG(2~8:zli8\pp}q>G TCc7Cx7O&.&À HaÈc/ClA*Gc+#0-V n~}e:@3|Bg.$ lk{C=Tt9]53D$[(G?pgB 7p|#PLjd#,_H H8*Ǧ6dحLPT$՗@Og/e`z@䨦[a%dJxj'(t ;C7sXٹxad-0+4 Eq_*GD" Ƃm"F =?;4HjXP:SX;q@':HOtc"E6r Xixɋ)0H,C+T+1CD7BVt  %pdx"G $_q>оl ]v ZW`z !{hBzBX;͌\5+" G$G`o;0ju* Qtg ^ PŲ3׫}T?RyhU+dcI1hu! 5F6 j0Q΢i .Hqr~YUe;%RJYa$hWnq`6W1|9obӊ EbO&d#.C?v]|aQX!`l'#)- @+ۯ3À{B5~Kp?gD,Z­9kk H[LV3ºHp p\}]u&̈́!2ч b?~Oe p> CK4Tgd< \7Q:``/OD6ؓ,8$>-K8O3` )yS)B-+ ]`7ѵ(2'X'H  p F˄ \TK85h3ۀPln:[?h'+G= =i;ć!W4+GhM ? }-b KM/ _kXVQ_pIc$+Ў̼Az/|#1=cz\ci%4+oi5tீ+BlП$@#Nquןw9> cO{U\l@9zpuG+0րI1OUH|$3LM J|Q/1M?D]} tphSmQMC % Iml ߄[ 1 q O5Uߍ~ +aU(z~/C 9qP{:z >""sܖM<U/qV$ O6h7zJ5b(HLNb9L0DW߇PSY7sp89Fӑdōo.J``1OfWʕd-_Spd0 kQZl1!,ܫxB~Ǧe~62|{2bNHL} 0y9 {fﲘ(OV]//_&Ue/:`Y3PdQGYêtᆓx/(Qv=tDhO*hgvKaaGUŝw* x@,=u#YqR<#1*-S58Q*6AwԌ $+\#a8ѡ#,Iȏk;z-ݗpS]OKJF[`L!_l+GC b>wyGp2~;%`ƃ^= t<\0Kwg+6M&7>, [858Y}\ںcoKڜ.Ԏ)öq4Vr XMǹĩ[8MSN߷tRwu-,2"[yoe-4m_IӸ/԰sJ`=M Nd' nh5!a҃!5 ѐ%R_Ò- #r%/e1r%^M8TQB8eXa"@,1^lepJ U`P'|kxyd L*/ֱG /RcTo /":$bXo:HچHuG*5e2 ҉L' ]#(w;'ù1&bd0WI҉$i.N`hd "c!_ `( 2k4-#5* f"`(@V+7Pa-$XgudT"`n^v5\mε+hLj|< yE2FUpR*i`E,a/.& T+6px{v-]l[UV>׶KmZnv3e2Ҏ2\Ը9\avo n0t*kh:J,ko<`zl;òle[Q$n_ũ~ѻ5tҍ))ZZgw7rjq: n^>g˕MO `C%y^e ɀpUIr^NL|'Չ`pc^0[6Auj;u _LH] tssăEˬ^ C鍍 i] Y@P*!0AHYc`CMu\dƬ1*@Zֱ1k=a11ˌƘTj.'lY n~'nkj~.FŸ"¿vx УʈL5>?nYܿ뮳z ,%}m,flhNxz~}F Khc5&$/N3qbf|+(Pg9.q2z%D!9<1`nfApܜJ z($:I ) m`!sN&laFAYE#r؀#yFʥ=!G (& 0gV6<14òo Ozމ)⦩bal8OOl 0p\.?BqoJh |7 %&1TZRJYv,KuD}Ɗ3Xl*ay՟.#H%`p8* 7ALhX9dZ.\D(˴I/=ֳIXj=&]<#S0R0kZm}o6@3'i3 P:n\3ԣZsXle *Q3(PvۭV遒|̊DvPP)POܢT0 ,ϑ{uV]&U] za~"CXAc|v*3=kDڒE=)uGۯ[g 4ϊ}+@\"+`!B>囋cnoBj+2L<Ц.AWO.%SX۶"8AW%RM6o2ܿc|;>זe6v{<-WiW_Z}_ryϻP˒MA}AݼL7,z /|>k񹼷JY)K+S՜2{N sDcz%4 NAhI췪8*:6]d},~3 d{\[{8\b-|63ɳNo܌){"OTn>d̗!nzs=)RsvҾkkFu-S&\МUܬis UDnl*ll=EctX1/TH_==81N)yxMApv ` i?k]$n[2="g.Fҥ>+JK?a)y|Ғ,ZO{H|y/$NE%JhPBXRΔsE)gb%LKo,5"i)IҒ:ChifXfY"JUqm PF\KI3{AJ+^+P#O;TBK.eMV*QWQh2ߵxg",rLe6MU;)n&4e-pq7afznƶç5ޚ0+!B[KžyN~uyy5ZwV!yϙ2de_*:?O[i^t^ј&0E8qW38c噣Ӣ4gyN&9oUo6$~_ ~@K ęV"]&90| IT!yրO|U<bAmV|\ɶs 9T)~}\wP|<$㽗9|mdZFg3tfKo{0ͻ 1D-!qAM|-"ynk.e}%,{ Behyo0|Q%x$|qf<3o] pWu^ؖd?۲8fЀ\Eq%nFbdGu[=՟*LҐtuкL5 M fäi=4FS\43ui:d%=g{ٷPӝ{{ヘ࿦Q?mb2 Df՗ycQ5\f/Wfɶ}_fw,ջx9k}l;Geׁ~r3U*ZF͂UΡPNi_+dzӞ&Bvhw ј-bJu] -&3 2_T̈h }AX8cT*L8V5t.V ~X7GY[lZ2bVbWHkdb>2| _R̆xr C ]g(OkY,hKA[|]֝ːPӗm1MEȡ;W&x/rQ/"ԫSWDk8Z'DY> |'R/#9ݹΕo< ߈Hwh`68o}&GwMp ˫Sa>ttVKct\ЪGԽsU.7W꾚Mj*_6UbU@f#t^jո0_ ߡʊ%Z>P Zz̼U_ ת .כ$NMXu?_NR'hбtd<:vX J5q^M?wfW,Mߙۨς;^^}{Tc=2{;dc8_4qqfWyi7ժRِYM@1.k1ᚖ>d3VqL g[ۇhXҌXG5Xc>AFԲԽ)w'Ϛ>Gh\G`נ @“s/@*<[F)s`xxrOcץa*ze Ȃ' =JH* EHg[d-҆o"󸛰a%M^૸Bz+cBoJqҤ:} x},R65tkѼoXijhnw(hd\$켃DvMl},i?Apvl9!v6XQvfag-r;BkŦ駲:cmЦhmGA~l9hì&l\1JAя,>[WצDZO:WK\M+>~Z4Ig7fkk%S~C@{\bb%A|IO2 F.FHVA~2 #m-;HmaӴ\ZT̽?|=)r v?=nWۋFzMSoAeo%Eǐkk%>Bǝ+ ӳ'<.g@Z5V[Ֆ5F7֐Un1]/佲 ߛl5+D9gTu^*pokV}?W>v141}*#z?$9%,i\^''쳍pq.usu ceS M5f}*usA^~g"EkAuֺ-꺻k.)|!ub$ya aRV~_$=;a@Cbo#C_}8x婜9^-'u)2L tY/ezV)~ k4kb;Oogr/7'̗؃l<;Gqe/Z nMMg}bmMk-0J_Ka2X;5F^}hJEX[s HC8Q7ƍR6>zysdD9>†jdp^6PbP57۰Rlci5:ky75j| &F[m1bz5ZYUqVkzb}ޏU9lA&S}X9-}:kZ"҆dp>쳨-}jx &gd Yy%e(%{μ׵:,&wdh6+Ag!'EI.zdu aJw'jO] 9~#j,y~J$su_qWBGE|]G^ a" B]#4g#,a.aSCåC7U<\$^_uy>йzN2Ԙ*sMcCuSrxK$Fu #9v} F?,H>,?&9Zh^oo1:̅3k*' -aލ@Kw_W_Ot4"V %/ "3䗀}j5?3=|1@vי! y9U\#njo嗬OE=&5rcHK C3-pl> "drOtI!N> Ʉ2ӭbN-ys?*Vy5ZQ_i_˾,{COKa2_xO!3)^w@:kZC>ȳJM?6Z/rQ* }im[f1W ZV ,Gѧu^ouW d8aGk3ur\=urŐ'E}@TOX'Wq:x]KF>ukI>u; mJ~0#[Dһ,ь2_q##Đ'YⳀlSd;  -avܯ jaF?ʸևmGZZ^/3X/1@T "> @sv+zx{CVVd6R.@v*2wl6EPa4XE-9hXZFzcdU@(\"s`ȗ76 2#rŽQNȺwc4 HGJU(xXJ}r#Sqr ;S@bDqkl(5mBb w(O}^䣀lWdL^r(f1;K~EŪN> k1'ma7ZC6l y 7¸Co_ ;@&ԫw1GQ,f)M'7S,"C9FLx4~>V1O`?v̱t,ܼS3fJ5H4) Q]FG ׄ+qRѽ y ' a}ᑽCCz#8t,(8xe#es0<Tkdx֤>[,I W弲Cpb5q21jˌ[t}_Y8ԈAXY-J"ƲY+J:xVTwI_[CW0ҽիp{1SԩSjGB.;fr*`$payhpWAr>Bl7!}ht*l: b)3gt;W.M2kB *'p_rN%Nf^1;wߥ;%*8 FCks#c8OFz@Â#s'~`!Tո7` k 8,'t?jⶎ_0{];&SX}D:t}!) j bVJ.}3㱢7=~㾲7wL׍W640m4q% 1K/k&zйlk1$m&Е:)QȍP(|i!B`СJF)tgȻ-1h,ykZ5f B fI_fwR3128~C˟pqkt.?;]H=gF bT` CﴇIcA-9cq+kh秕ԮХV8;[cctt(/Q='DP ] 8;48oY`A VyT(4ւ^DɷTDmCM vJ o3&)dRgIIv"cĕCڵ]_$Ơa/Gz "4{Zݴܡ`P>1Kk8TJ]:ń4s~QnC7a;RbM}>E!>d.9cpO <@duўh) NȁV WO杲Jv]bT3Ibrgv !˙ۣi-"#凭N>ݭ9kʅԌSzϸiTNSCuq!*oaOi hJ&cn=.kfB 7d.g;rCE_ aƻjU(A ]/(^(Gkxi ,&^dX3Rlm\[!}KSwuwƈ#`L@#b$=OA`̛쇡Gxñ1W \hC)EZ9bIʊ,5R CPUJxU6.DO8wa^! 'X:tFhBJDuGHpȊ9~LEZHUmkˤ R "$5W'uYa*9m\PuYI;]y`U` r~23swШB6eʇLݣ 'YKװ;u?}RY>PKսwPK-hVicon.pngPNG  IHDRnPLTE^S9tRNS &8 BzI ӣ*2װk.p[VNφ=u_Sgc_v#IDATxVP $EnjGDvHN{X afО^fQ,7CY)?ObP%jY1ΏW#MGr -d;u!kuF)kHsa+պHy$doĜ/BHyJcTB6"%=fHﻐ-a/d΄榌 {BE&|ړ&u*#)0,lV)0,l>R`X6smR`X6)0,lU`MgεЕҵdwP95 Vk–3 [4o D=D+!հZ`+b0{Ks0,\%PcX$]|p"Z B0,\5+cXr1>`XjSðp4fPѼ*3p/ T49,PpYAT$._7X uFX pΆ='w"&TX/Jq''TpZژ˄X׌?6o|*wUؕP^fxϿ_/f/=~cmd[{$ \\l9$cs CrͶ{=tqX / wbc" ,P,Hm_ KC?]`~]q2V(u{s=h{̴\q*VەmM܂!X̊-#'ڽ-T;8pBۥv;{qpΉ`*-Iޜ.vv;&@p؃?Vau{s+ j]ފ.`b?~ÿG ~gfVPc* 9}8ža~[⯍PB_~6%s_6 )ފc@)NL4tP4KC(YPdLsХDsN=@B&:w[i@ÂBUP B"UP/֞4*,pWLDH:i]PuFq.U:nPvF q! K6ވYXp'y8$0ߏ_kQ`GJAI`#uj$W~ \P|I0_J`~fVK43e `~NX\LXz<)GF 0i@/@9 x^'uh \`\3t*<:h Imfsx!`=ʍb0..H-A#m'0.@A@0 # p ` @0 `H:lYlK8/`!$V`A $R`AK v ! J(Ĉ,vr@M,} DP__ FRWb3 E"C1X```5" %1n HL|Weؑ"u B늭o$/mΎ vcy$ Rn3F3MO% n߿-u 5"+FGl-qM|%m*" ra ~mP7@ 3_= ]5IAp1.N`4vi޺ UlUFVb[h{`Z8@lܠHc dkO-0%z^=ޥCW=>$ɠ`b7.;iQUiw`kmf~͚og)lҔ(1POFXv]RMJTq"1cF{ D6.)q9l擑ڽA$ּs_#S9B1ОbNԄ(', "*qW\Ǚ=甶3-{aL&ϔ 0\M[F΂q[sqh1mUxBY# ePW F-Y{0ƈ;4>5F1}.!3\͌FZ eH `Etŵ-,1Pܧ0 eԐ\#k)*HKն*M)] d7_\Ӂ- ErL'M3vwڷ.厸Y?Rpςxzsu|:U_-޺ҘM[x[mOxMoCq @ ^ FD8[|-`:w%jV,Uw\ \iXW>3r /]0nO,Ѷ%af7\"o p&P7s«xj品NxSWIxyO0N=]'ӈ^M9}h%| *'a~˛?2O.TP4CL^ wT^sqB(8 'Dٷ/ɟgI»$_+.VKVeG]:ZHb#JCd$EOfJed@\0m&$oօyΥwp *W<3HKr< x;q@#vSf d;;+rGA(M`$r |xHQmM}|*=9rX|3A7L9 h'o !hk  3 #韢D'IKd7;a?D dUOWeld 8]5V\"ғ~nԜ17;I㧯!cȏ_ ҙsૅtH9AzgHλu1:۾p (6TWB+Y8Pn:xvRWZ4P셾ڥm4^32cqu{h@IU鿽ޯ^/\-&̴ Rs3wco7_BEVr d) PѠ?[ i:[m@Ah݃_Q}97Pa2";#$!9o@軂Db1tW RTHLL7HsNH## [OB%I*ڷa|TLT@c`+†nD%(۴w#@$0sT޹!QKGM.|0c3S Y(b@VD (xߢ֞IjU9fh;3;;kᇺ]'?tD6- n#ek .@6;O%+Ĕ121%CXBTh'R LG=LE&%BѬV^'"xX?a[d xY?ȢB i"61_>?QMηֱ7@9@,<(P߻@ #Q\h㫋~!_F.ЙꐍCAkߦB(XKHP 3Q/@`}\8X(+(YW»pzOB4XիYb!α9sjӁoD t|X ov݃?!mcdEferUE:$EuDL?O3Е,wn|S~@#0) kf6 LRZglftR1aR(:?ǼDcL^~;!1eCFӔdႣ\po(,wT{S" I  :%'w%/gT.Ӫ+2?D߀!|/vZlӟ3:Sw0߹;5z`.A!%M拎f#kTDEZXΜjңs4<{٤nc%0!Me\_(L7)5\/`VVA|m֩ ls.;ƛ s nK_A>jN q՟_a?kWGS !` :F.?MAЅԎX;޶A|O {BdIsg q<Ўj[Dk_n HO% JM7f+sS/W6GbpQ`ۂXa!r6b3_.Zj$jЁL%DŽ[h싒WO-nY <F&Ϩf͞~'Ypcːܦ G?KNJ7OhjsaF:$LbJخC:ٮRںPU^u}С\W5Wۄoq>F֡Yй.t&VQ>gvL: V{#%tdUQ)umW3;:jP8Qڄ;n p,\Jv{}DH隒TYq8>O&.xzPJ_Fo͞=t<Օ/;㭣- ZB"^DnΔ RUM3!3vr)m$Zw{tNP؀Cw&\K) Ӝh+_љIo `[FRiMq~㖡?/PKJ؅qPK-hVAppxBlockMap.xmll]o@7`K ⦴񛂨 qc<':K;QM@":Oh = ^b@(xK,wZ=eA` <ǫ,ù1O\UX"+v"о1!Ix|4p֒SN"bPBgK7^eOlx&3{d54d|y05'3' _ Vto@a*d'l0RyY}[ ?}x?lzPKI<PK--hV unsigned.exewPK--hV.icon.pngPK--hVJAppxManifest.xmlqPK--hV$dAppxBlockMap.xml-5ȩPK--hVI<[Content_Types].xmlCPK,--nPK'PKPKG/PK-/_Vunsigned/AppxManifest.xmlTO0~彖Y5UI EBjY5<Z$v߹MJS%;wIΛ$`*hD (WR)n}gd/`@+ҍs1+6PqURmEBWu*ckՊ;L^Z;iy!4x@ezF8H`pQI4D n R-,BN|D#dKi7`R:KߠU]B`6$Mqr-w0$?~Ggd>pcːܦ G?KNJ7OhjsaF:$LbJخC:ٮRںPU^u}С\W5Wۄoq>F֡Yй.t&VQ>gvL: V{#%tdUQ)umW3;:jP8Qڄ;n p,\Jv{}DH隒TYq8>O&.xzPJ_Fo͞=t<Օ/;㭣- ZB"^DnΔ RUM3!3vr)m$Zw{tNP؀Cw&\K) Ӝh+_љIo `[FRiMq~㖡?/PKJ؅qPK-/_Vunsigned/icon.pngPNG  IHDRnPLTE^S9tRNS &8 BzI ӣ*2װk.p[VNφ=u_Sgc_v#IDATxVP $EnjGDvHN{X afО^fQ,7CY)?ObP%jY1ΏW#MGr -d;u!kuF)kHsa+պHy$doĜ/BHyJcTB6"%=fHﻐ-a/d΄榌 {BE&|ړ&u*#)0,lV)0,l>R`X6smR`X6)0,lU`MgεЕҵdwP95 Vk–3 [4o D=D+!հZ`+b0{Ks0,\%PcX$]|p"Z B0,\5+cXr1>`XjSðp4fPѼ*3p/ T49,PpYAT$._7X uFX pΆ='w"&TX/Jq''TpZژ˄X׌?6o|*wUؕP^fxϿ_/f/=~cmd[{$ \\l9$cs CrͶ{=tqX / wbc" ,P,Hm_ KC?]`~]q2V(u{s=h{̴\q*VەmM܂!X̊-#'ڽ-T;8pBۥv;{qpΉ`*-Iޜ.vv;&@p؃?Vau{s+ j]ފ.`b?~ÿG ~gfVPc* 9}8ža~[⯍PB_~6%s_6 )ފc@)NL4tP4KC(YPdLsХDsN=@B&:w[i@ÂBUP B"UP/֞4*,pWLDH:i]PuFq.U:nPvF q! K6ވYXp'y8$0ߏ_kQ`GJAI`#uj$W~ \P|I0_J`~fVK43e `~NX\LXz<)GF 0i@/@9 x^'uh \`\3t*<:h Imfsx!`=ʍb0..H-A#m'0.@A@0 # p ` @0 `H:lYlK8/`!$V`A $R`AK v ! J(Ĉ,vr@M,} DP__ FRWb3 E"C1X```5" %1n HL|Weؑ"u B늭o$/mΎ vcy$ Rn3F3MO% n߿-u 5"+FGl-qM|%m*" ra ~mP7@ 3_= ]5IAp1.N`4vi޺ UlUFVb[h{`Z8@lܠHc dkO-0%z^=ޥCW=>$ɠ`b7.;iQUiw`kmf~͚og)lҔ(1POFXv]RMJTq"1cF{ D6.)q9l擑ڽA$ּs_#S9B1ОbNԄ(', "*qW\Ǚ=甶3-{aL&ϔ 0\M[F΂q[sqh1mUxBY# ePW F-Y{0ƈ;4>5F1}.!3\͌FZ eH `Etŵ-,1Pܧ0 eԐ\#k)*HKն*M)] d7_\Ӂ- ErL'M3vwڷ.厸Y?Rpςxzsu|:U_-޺ҘM[x[mOxMoCq @ ^ FD8[|-`:w%jV,Uw\ \iXW>3r /]0nO,Ѷ%af7\"o p&P7s«xj品NxSWIxyO0N=]'ӈ^M9}h%| *'a~˛?2O.TP4CL^ wT^sqB(8 'Dٷ/ɟgI»$_+.VKVeG]:ZHb#JCd$EOfJed@\0m&$oօyΥwp *W<3HKr< x;q@#vSf d;;+rGA(M`$r |xHQmM}|*=9rX|3A7L9 h'o !hk  3 #韢D'IKd7;a?D dUOWeld 8]5V\"ғ~nԜ17;I㧯!cȏ_ ҙsૅtH9AzgHλu1:۾p (6TWB+Y8Pn:xvRWZ4P셾ڥm4^32cqu{h@IU鿽ޯ^/\-&̴ Rs3wco7_BEVr d) PѠ?[ i:[m@Ah݃_Q}97Pa2";#$!9o@軂Db1tW RTHLL7HsNH## [OB%I*ڷa|TLT@c`+†nD%(۴w#@$0sT޹!QKGM.|0c3S Y(b@VD (xߢ֞IjU9fh;3;;kᇺ]'?tD6- n#ek .@6;O%+Ĕ121%CXBTh'R LG=LE&%BѬV^'"xX?a[d xY?ȢB i"61_>?QMηֱ7@9@,<(P߻@ #Q\h㫋~!_F.ЙꐍCAkߦB(XKHP 3Q/@`}\8X(+(YW»pzOB4XիYb!α9sjӁoD t|X ov݃?!mcdEferUE:$EuDL?O3Е,wn|S~@#0) kf6 LRZglftR1aR(:?ǼDcL^~;!1eCFӔdႣ\po(,wT{S" I  :%'w%/gT.Ӫ+2?D߀!|/vZlӟ3:Sw0߹;5z`.A!%M拎f#kTDEZXΜjңs4<{٤nc%0!Me\_(L7)5\/`VVA|m֩ ls.;ƛ s nK_A>jN q՟_a?kWGS !` :F.?MAЅԎX;޶A|O {BdIsg q<Ўj[Dk_n HO% JM7f+sS/W6GbpQ`ۂXa!r6b3_.Zj$jЁL%DŽ[h싒WO-nY <F&Ϩf͞~'YpaJ1ɹXgdYt75b\=:%drR+xv$;;d3=yʏSLN!-X\Ǩ߱1gZ` RAJ0xf'B&s%XBmTK"cXoy]Q;<|֑ԞCw=Bb9Uǎ6Gq*-YY}zMXm:t@dCJ`R̃G0ܡ,[jpȷ@.5&_Aw3EshDFL h[{EwMTOȫЪxBjQX|AG2I\ 4Mdnj?vo<ײdt ٍn'_ZsDp6'_r;`<mضcdR;c4L6V߆ɮN't&0K-J=EZm.Igs=5-_r99;nM+qH@UO+7pDG!3 3Zڽ/*zMmà%(x@\Ppة9ӟL;XT$oq!ٓ6C82΁,νp?"9[^v=[wFr.С@#o0xElg,tHt$Bw,vۛ8ɳ$ÿ;K׉lACJ(4^' e1.4NjV'OR*+4Nb|NgGE0ԟə#3 :tWZLg8j}#J4exty{eKNEkVgq/C~qS2;ўvz^%$jzf6$5 S!`u;Q$dWz^$/2_ەz|$# B~\i*L"؀D~X-N&Sј G›*ci~qP ٗ$ PsG8AvJ8>}5d ,B:7!@hk^!} HX0)dd[ "K`f4 ibV*UB>A@(QMK*5J'6B뻡iN +HvΞhOK+`f0syGc炔'U#1),?v8 ܢi KmQ {psd$@bAgrނ&skB_gQgRlD;yl=R'Kn_d.=o&)U s1$"ok1qC~4Q@3R36#N2,4rP mwa *uyA)?[ ~4ޭ= 48Z@ʺd|򎣁#"=R\@}{d}c+!aSA$t=d:#{ @'lb|`>-Z !$SќO4\aߓ߽Hc{QiѨ ኢFWR.JJ!ǑOj"h&ovSw 2 =T=,/ \N4٤Hhd'!٩V&,=R&u\ek'NB8]h;2;ynf K\[f([P`ɂv]:`7}"O@B#%hck#5!|b*'˿Yug*8S'G%xOy7naѢ7byξSxR; '~ Y0@q7P ^J:Cae8}7mR_7p3e7 ]f7n>ʹ6aqdBJvS7oգk+y.0٤~ T/2PAH y=$AL|%"/qtT$8O@,CcxH "K)5mVWWD~Bx̠ݷf:/@C>HƊwR96vK,:g::'o.'XXC=DT_JAwezJ 8&Lz>.B c^/0+-11#L;Z(FHA4'T@5qX[CkÍPef0^pN@KG jC^9؏-<+huߎ bN_x]ZpRBC7hj6ਣD߂GGMtP%HH?\3BȕR 'HcCDN?8W z׿.~ RI?F!$tMOţ6qӂsX[XbnQ0Dy,er_Vi{T dqT#.Q8݋a{Ǵ~B;[ӆ7_䞆; .% _}:Q0rg[ rqhT9os]L/ Jݶ{ޣ?0G !zuV0ï)q>``īIO_\,L;& mӇ?{6 MN_ٙJ򳻏{t3$[ RmftnQ] aeu4 &5@STQV<ƹ`i e<Ȓs$ڇbe&ټ8Г?D_Ի#4#ssy^nTjHMrwܦ\>*2mTIlP??D~[@fph[lGE8k5a~Ao7-ZQ3I-xRPyWKl1)Mp!A s!gχ{i }lZnbo\0CtآOz1(%5 }1(3Uv&0Bq=/mlF0kqƣWsm,*.hH`¯1Vp6`A^pNCxGGu-yAJJ XFsb;Gq>1u(Kxc}ka2 2;A tQS"` [b87v9C,}9&a ʾҏk/C31TWa>i7ت+O,AH?Ά9:55*h*peXA2#F1HgY/h;ܓl/t6ԣz@s:N&F?uG6Dr4 =]~] ,CdQ|W!(Fe+sEsL!>{-ฆ JSw| k?ηBW"uYmBt>67m%ُf-@$QGz DgSt'Fs+[`L 8d[nd"T{/j,\m+*,<Y8 zRof{fԡMT?ϜGD3G[Gwk2Lވ {rth;/_}j}k-{3} JJIlW< 8}C'7>c7)8h}s xa;\LDI?K g+ uvN{.}MCmnP.*wJuqm[/ ?\o v sѳقţw u"`,3P } ^:sf !xV(Q*rLgfz5ܝ.+70wJ;Q-겢3pI.z ?0^_wbCX{=+\25\/cL> V=p+áQm 4}&IvdbS] i\G'81ø..֤VC O/:"2泜 @{Rp3ksf71'_uNtш?8V#zr_"$#SR28ymbؿ`;W:\C=n?mlpdيK䅭xH< tt8;uz|H8<jkd>\ϑ:9^]jzFAPJI΁oyoz6}@p;V'zxW -ÃF?Oތy2w cvO}y{Ej<}az_}-L4"} {EkBGjvpgQ&E T谿C:ŝ@'b8+g@75v8d@ Ώt#߿¥&atQ~b?Uc?Srz:߯N(.CfrFr. RNZ Iv]CCւh;v~QH[ߗOdc7aJnj(m0!piཇ|' C:O,]z X]*3VJ@^Gj.# AH#:+Wg& Z=EXw㒈Pɹ눾Y$Vɍ $4mLm߅>LcI !l]0>Ch̠5'X(-B|R $u%9?j\fP]vq ]ImZK, d q~YO5hq '@J^ޣy[)_ҝ,n/&]lCyW} y!~9w`ZεT0щQIU~0.ր%mKm["Cv0QջΓ-03#ZTh/[kI`T}B*W2v#M1"-/_wP[[js9BU3];( Ig7 >XG5b/wPYxVa㿝`w IZQH)h!%T ڀ}M8IBJpdmcRƎoyX t^^^)(w`r_ ܫ8͗+ښ͟CoJ M%h7f,F){S@}Oh0O'3_AzJe{“Bc<4Jt0nqrՈH/͌_Oa)? Ze!/P% GX- ۚPyC(3PF:c֎p7=huŴD<*B,! Ud*+g. msXF5sb$"?) ;a^DKuP ٬#T#T3@=>TF&c$ J7%:_a Ԯt4n\hkgPQ'ikiTlQ)={?B;,JȖ S87JW+R+h_:ME6vBj!l1?Tjp5XMA"Cd+kRG߼1]Ȏ+`VQ6'Qy"NBsv涪{xo$Ggs56 {ڤO K9@P1 =1˘AN|(,}&O%۪TLɐdg"u}2 8H \r0x?^.,Hr9|8 &-"Q\I UsqQ{♰ŀr; 9y>ٔckmR+55gOy&E`WM>ȏ͇޻ \v*լ} briA􉳇/W<*IZ{do;3$9ʿp3? Gω~-PXn!]ǔܚ&}+\=|ԎKhό03ng3XMq|} ([[`w*pA[ _ǴXG=^s7?7Q]˭Y, LЬ,mRԆ vcͭ;H&DLt2:Kl\yT*=BM)8xa31B#|/"5"u4 ;ĈYx (~ JZe2n ceQH``rRg ACFtQzVGx[@*+a)=<ϿkkWsA[if7*F 9Gh9Ky ChLZعhXJa4dbY  ͊iT@^3&W:Lk KԆIV(Z9eAi2U3Ha[7v8ڐ]Il ?مڨ0g,j8ikўyB$͡b{sІ Zz% <‰Mo{< b Ĥٔ06nK*q{lxހ{;+Q?i5cm8-Cx769/#RPv|k۔Du0i1gLy?c8NW\`݀Y5,H$Riy%]x --0 9{0z7}jfb:X^C{o;dN@Isf p|{ Ѐ=_.x:Ϛ9kN Eq. ^9 ұ\M@ޟ@b1js=D2\ġvxAͳ a&c"2B} Y~U0xi("Ԑ%dQm (BkH.nzj 89M$t;xtҏ D ys8JdMC, DEqRcx@ Ր7aTCx dR7LO#KyG`dpP+Z6H9ࠃ L n3(|dŭWDNrX[wHo C/)}81\Ϩ#CiS&?!~G.&"B/,D`NhT~Ov8%pC;z!|^y;N)g!&-sB-WГ#vMHIFǓI1p5ȋgH L H'D*dP+% L$P+! $0*%3(PHnH llkR}%Wܥ&S&(#wɐ3cZ6Hd)ׁ{smNR ,B77lVv Ui6Mݸ_%>͚񳆫ϸ=#vLˣ}@$Ɣx ]nDraPōU|C*(D2J^h,/xi"H!d[£`{_0=Nv_55WFVi}JtO|Zko5ݑLB{htJڝ.gإ8OQ {twU h]8ߌI tRexК@Kor{bѐz&=s%.nMdcEi_E>{RE#rv?gRn2RޤAJVC@npȁ|ޗE;ovŭI7JJAc7]^4E-W{> #:쒱&%Er i" V@wZ$i(Q0b Ex Y=~֏&|m_0jVZo23wUt?eo%dh]iBQiPt?~M|~p&} I ErfwuyQϫn;-_Q ,jW}~ -D/ erPG|r)ޚw 66ss>DHo7ۜvDRls۹lYǨYc7Y9i^R }ẉx̨"^ivg|A~\,IsRck͝=yNp_!Ku+; aVÜ?ngߋxdYtNzN=+<7 >@N+~-HPD~K-,Ip`@n 򫠥ul H2ۇG:%T,xrs2ΓW O҃lH9C;<~RBkqsWƜCo%lY"(B$ԊL }xP[`VJWV"F>+yl:$AK?X+X޼3Osm\tUibԦ֌D /fO˛'6hL{r~9^Lo32gvO=1rdl{uR9纎̧jKm6xYA[;yzBJ$.QFN<k*i,^sLMgD?8qG _cșq3b֋=| 4Gh5{V%0]V]H6ɕ6R-3*~29|r=sx{p"~9['9#〟@Jzh&d堵lE/&ޅnp ^v(뻚ႩÓyIC#t0+[k`՗ oQjs?̧`ě!x(?&=6=g "Tq)6k3܆& Ao:F~d9 IOY%!)r};Aw9' uZXj2{";Sl҇h|7)Y=\x 5΁aܣB~wCk:L]]饽6`]6_{n^:u! :qDaNНP{lJxyдKAbxϝ]=[n>n=.9oB ,ҏ ̈́ޡ"Dn"L(hi?o}VKm`/UZ3ۿpoڻdFK]S{חNs%:й?KsǢ/c%Q[&kw ~d82RR >j(0NiqUSW85%%Ml}/FBG['߅&5LF]rS&5%=^5-Sإݸ :nxqs}Ik7qV!;g- pA၇RFmdel͉EҨEk*{n %^ Ut ^!7Bo=Mlr8ex)y m`ϳ/<9h~(}vT+߯&~@MnQY|bίSh.7GU"[$?ֱ%A}gD <@m7!.1_qjf'Ւ<Ƞ&ZJQG=/_{ʥu7?%c-?=[dKݖ>'l'?߄T? -/6TW;DCiA0T(,+M+%[Ԑ6o%EեeU*CZmlZfъBq9`fِZ;jjuZ겉e&!X\YX6" mIgn $ rN3NGx pFg4<Jyq8  3 #}w“R_aMt ǎbtc*y#N(2;@D ¡@i=p657īc2BDު \*>xdpO( lQ Z JiWi ,P= EQ 7(9- )p;([S`Q \?W`oVL~?S R\V,TEeʙ\,̬T*բ9|JtTK*xfV^_J│նjKvNpi* ~5V^I:RVP1tiq*J_,+_^Xx,-leŕ̳ڂj@2G1v92'NC 5PPn,Z,mVnEʊeŋJELXQhEa-MdBbV-f! W2X伋J+W SbqQae"qU%E4Q]\gXZVάЊekYTDCCb a3T9}2Jh84[8EeE2&բrR|j=.\RQ%2V(A <-.*-KrELPBΔcSPլ(^QT wAY2>MX˺e9ʋVT2E_kj{:w~ee(I+v~Y#.9:?D&t[GyL{M4,V8OY? FFCB:vyQg)GtO_V\^\UZªk8 _.3L30Z\:}YTR2 &UV^]]9ij>IHO&]|kӋ8J˖.-V@OZ95=#=#*KjJorIV1EhݪE"Mx ɺزeQVQR;Fy jp)*1,^kURFp}Z kbd..'A٘E9ּًۜZs̵0O KZ6sU2,#>eABJ?6jE)GgmlNJ%Uy8Ti)R訠 ~a#!nG#MX3gvuAӡѫI e +gc 7&dTHSbb}@eVB0>iς4|FٱViXKU~b)@,QIcy̨7]Ϩ7bȨrĨXeZFjcA-boXC%{cVW24ػ4+e>{j6ΝʨhdK\3n_Lkn'u@ zBc!knMam4&CFNcsK]4֟xdwGjnj\_ďWjB(cG.i8KDzpWJ4UE *HkGFYU< RTVH1mt@!QϷΞ3ĬMG}g\7"296 f(#s~.QҌz<"FLˇyl 7w#~neԿW*"q6 9/F4yPIe2(ҕHB ,w*%^NXD/YfNʃW&BzQiG#JJ(]QwbFrm2`O bЄB s֦P|V`M`> N±Q5dPZݷ P6H=Ƣ](úkcNWY(L?j)nʉ' ACUhoc!ʚعU+0ic՜"2M;vR'mZI8:v:S؉Į_y%qI{gfE9=;}=r~Ν;w&yR.7l kSDBj-GT[0 `>-`%p3DD+C@d  1&1sc@W&1 ̭*0R{0ֳBj1Ư c'5{װ_Hjs I I# cDsG_e3|%갿HMqDޱv'Bc('$n@峰_:7hS8oo8 kn wjrDi lz\"~O5/Wq R:jTȼx?230EN 1ޭ`]7#R[aSQ:RS?钚;k(t0"t`?V[fP㢙 04pɲi:δ&fSDZnBUX:mgp\Clt7V[u zCj0TB`(Az'stfUM͑Հ 3t!5(0/NCzFc}?)Gզj4@ 2LeV 9nkM\"$ _o4#+RYO8# "u o`-Ej^pL׆H4qKWxXc3,8^ш|Sۼ9SII90eRsgSc8`K9Y)KdT)$ZcS17fbW4!Wm2ZRC_'i׾qg})@4H#Df׺Ni5$jCDJ67ʑbb,J:fZ;nU~I?!(JV@ڂ0B'ɔ:J;šz;O9ҫ|YnPr3jU|6(!t3WwQ9t/¡+|t+6+rC;|;/S pmRV vu+;8ԣ܊wp)Ae;9V[]Oy ͡oɒP\9;9RBШilc%SWj8zO.zxMz[4Ň nxbp#p ey/<x0x' )|f 2YwG(2~8:zli8\pp}q>G TCc7Cx7O&.&À HaÈc/ClA*Gc+#0-V n~}e:@3|Bg.$ lk{C=Tt9]53D$[(G?pgB 7p|#PLjd#,_H H8*Ǧ6dحLPT$՗@Og/e`z@䨦[a%dJxj'(t ;C7sXٹxad-0+4 Eq_*GD" Ƃm"F =?;4HjXP:SX;q@':HOtc"E6r Xixɋ)0H,C+T+1CD7BVt  %pdx"G $_q>оl ]v ZW`z !{hBzBX;͌\5+" G$G`o;0ju* Qtg ^ PŲ3׫}T?RyhU+dcI1hu! 5F6 j0Q΢i .Hqr~YUe;%RJYa$hWnq`6W1|9obӊ EbO&d#.C?v]|aQX!`l'#)- @+ۯ3À{B5~Kp?gD,Z­9kk H[LV3ºHp p\}]u&̈́!2ч b?~Oe p> CK4Tgd< \7Q:``/OD6ؓ,8$>-K8O3` )yS)B-+ ]`7ѵ(2'X'H  p F˄ \TK85h3ۀPln:[?h'+G= =i;ć!W4+GhM ? }-b KM/ _kXVQ_pIc$+Ў̼Az/|#1=cz\ci%4+oi5tீ+BlП$@#Nquןw9> cO{U\l@9zpuG+0րI1OUH|$3LM J|Q/1M?D]} tphSmQMC % Iml ߄[ 1 q O5Uߍ~ +aU(z~/C 9qP{:z >""sܖM<U/qV$ O6h7zJ5b(HLNb9L0DW߇PSY7sp89Fӑdōo.J``1OfWʕd-_Spd0 kQZl1!,ܫxB~Ǧe~62|{2bNHL} 0y9 {fﲘ(OV]//_&Ue/:`Y3PdQGYêtᆓx/(Qv=tDhO*hgvKaaGUŝw* x@,=u#YqR<#1*-S58Q*6AwԌ $+\#a8ѡ#,Iȏk;z-ݗpS]OKJF[`L!_l+GC b>wyGp2~;%`ƃ^= t<\0Kwg+6M&7>, [858Y}\ںcoKڜ.Ԏ)öq4Vr XMǹĩ[8MSN߷tRwu-,2"[yoe-4m_IӸ/԰sJ`=M Nd' nh5!a҃!5 ѐ%R_Ò- #r%/e1r%^M8TQB8eXa"@,1^lepJ U`P'|kxyd L*/ֱG /RcTo /":$bXo:HچHuG*5e2 ҉L' ]#(w;'ù1&bd0WI҉$i.N`hd "c!_ `( 2k4-#5* f"`(@V+7Pa-$XgudT"`n^v5\mε+hLj|< yE2FUpR*i`E,a/.& T+6px{v-]l[UV>׶KmZnv3e2Ҏ2\Ը9\avo n0t*kh:J,ko<`zl;òle[Q$n_ũ~ѻ5tҍ))ZZgw7rjq: n^>g˕MO `C%y^e ɀpUIr^NL|'Չ`pc^0[6Auj;u _LH] tssăEˬ^ C鍍 i] Y@P*!0AHYc`CMu\dƬ1*@Zֱ1k=a11ˌƘTj.'lY n~'nkj~.FŸ"¿vx УʈL5>?nYܿ뮳z ,%}m,flhNxz~}F Khc5&$/N3qbf|+(Pg9.q2z%D!9<1`nfApܜJ z($:I ) m`!sN&laFAYE#r؀#yFʥ=!G (& 0gV6<14òo Ozމ)⦩bal8OOl 0p\.?BqoJh |7 %&1TZRJYv,KuD}Ɗ3Xl*ay՟.#H%`p8* 7ALhX9dZ.\D(˴I/=ֳIXj=&]<#S0R0kZm}o6@3'i3 P:n\3ԣZsXle *Q3(PvۭV遒|̊DvPP)POܢT0 ,ϑ{uV]&U] za~"CXAc|v*3=kDڒE=)uGۯ[g 4ϊ}+@\"+`!B>囋cnoBj+2L<Ц.AWO.%SX۶"8AW%RM6o2ܿc|;>זe6v{<-WiW_Z}_ryϻP˒MA}AݼL7,z /|>k񹼷JY)K+S՜2{N sDcz%4 NAhI췪8*:6]d},~3 d{\[{8\b-|63ɳNo܌){"OTn>d̗!nzs=)RsvҾkkFu-S&\МUܬis UDnl*ll=EctX1/TH_==81N)yxMApv ` i?k]$n[2="g.Fҥ>+JK?a)y|Ғ,ZO{H|y/$NE%JhPBXRΔsE)gb%LKo,5"i)IҒ:ChifXfY"JUqm PF\KI3{AJ+^+P#O;TBK.eMV*QWQh2ߵxg",rLe6MU;)n&4e-pq7afznƶç5ޚ0+!B[KžyN~uyy5ZwV!yϙ2de_*:?O[i^t^ј&0E8qW38c噣Ӣ4gyN&9oUo6$~_ ~@K ęV"]&90| IT!yրO|U<bAmV|\ɶs 9T)~}\wP|<$㽗9|mdZFg3tfKo{0ͻ 1D-!qAM|-"ynk.e}%,{ Behyo0|Q%x$|qf<3o] pWu^ؖd?۲8fЀ\Eq%nFbdGu[=՟*LҐtuкL5 M fäi=4FS\43ui:d%=g{ٷPӝ{{ヘ࿦Q?mb2 Df՗ycQ5\f/Wfɶ}_fw,ջx9k}l;Geׁ~r3U*ZF͂UΡPNi_+dzӞ&Bvhw ј-bJu] -&3 2_T̈h }AX8cT*L8V5t.V ~X7GY[lZ2bVbWHkdb>2| _R̆xr C ]g(OkY,hKA[|]֝ːPӗm1MEȡ;W&x/rQ/"ԫSWDk8Z'DY> |'R/#9ݹΕo< ߈Hwh`68o}&GwMp ˫Sa>ttVKct\ЪGԽsU.7W꾚Mj*_6UbU@f#t^jո0_ ߡʊ%Z>P Zz̼U_ ת .כ$NMXu?_NR'hбtd<:vX J5q^M?wfW,Mߙۨς;^^}{Tc=2{;dc8_4qqfWyi7ժRِYM@1.k1ᚖ>d3VqL g[ۇhXҌXG5Xc>AFԲԽ)w'Ϛ>Gh\G`נ @“s/@*<[F)s`xxrOcץa*ze Ȃ' =JH* EHg[d-҆o"󸛰a%M^૸Bz+cBoJqҤ:} x},R65tkѼoXijhnw(hd\$켃DvMl},i?Apvl9!v6XQvfag-r;BkŦ駲:cmЦhmGA~l9hì&l\1JAя,>[WצDZO:WK\M+>~Z4Ig7fkk%S~C@{\bb%A|IO2 F.FHVA~2 #m-;HmaӴ\ZT̽?|=)r v?=nWۋFzMSoAeo%Eǐkk%>Bǝ+ ӳ'<.g@Z5V[Ֆ5F7֐Un1]/佲 ߛl5+D9gTu^*pokV}?W>v141}*#z?$9%,i\^''쳍pq.usu ceS M5f}*usA^~g"EkAuֺ-꺻k.)|!ub$ya aRV~_$=;a@Cbo#C_}8x婜9^-'u)2L tY/ezV)~ k4kb;Oogr/7'̗؃l<;Gqe/Z nMMg}bmMk-0J_Ka2X;5F^}hJEX[s HC8Q7ƍR6>zysdD9>†jdp^6PbP57۰Rlci5:ky75j| &F[m1bz5ZYUqVkzb}ޏU9lA&S}X9-}:kZ"҆dp>쳨-}jx &gd Yy%e(%{μ׵:,&wdh6+Ag!'EI.zdu aJw'jO] 9~#j,y~J$su_qWBGE|]G^ a" B]#4g#,a.aSCåC7U<\$^_uy>йzN2Ԙ*sMcCuSrxK$Fu #9v} F?,H>,?&9Zh^oo1:̅3k*' -aލ@Kw_W_Ot4"V %/ "3䗀}j5?3=|1@vי! y9U\#njo嗬OE=&5rcHK C3-pl> "drOtI!N> Ʉ2ӭbN-ys?*Vy5ZQ_i_˾,{COKa2_xO!3)^w@:kZC>ȳJM?6Z/rQ* }im[f1W ZV ,Gѧu^ouW d8aGk3ur\=urŐ'E}@TOX'Wq:x]KF>ukI>u; mJ~0#[Dһ,ь2_q##Đ'YⳀlSd;  -avܯ jaF?ʸևmGZZ^/3X/1@T "> @sv+zx{CVVd6R.@v*2wl6EPa4XE-9hXZFzcdU@(\"s`ȗ76 2#rŽQNȺwc4 HGJU(xXJ}r#Sqr ;S@bDqkl(5mBb w(O}^䣀lWdL^r(f1;K~EŪN> k1'ma7ZC6l y 7¸Co_ ;@&ԫw1GQ,f)M'7S,"C9FLx4~>V1O`?v̱t,ܼS3fJ5H4) Q]FG ׄ+qRѽ y ' a}ᑽCCz#8t,(8xe#es0<Tkdx֤>[,I W弲Cpb5q21jˌ[t}_Y8ԈAXY-J"ƲY+J:xVTwI_[CW0ҽիp{1SԩSjGB.;fr*`$payhpWAr>Bl7!}ht*l: b)3gt;W.M2kB *'p_rN%Nf^1;wߥ;%*8 FCks#c8OFz@Â#s'~`!Tո7` k 8,'t?jⶎ_0{];&SX}D:t}!) j bVJ.}3㱢7=~㾲7wL׍W640m4q% 1K/k&zйlk1$m&Е:)QȍP(|i!B`СJF)tgȻ-1h,ykZ5f B fI_fwR3128~C˟pqkt.?;]H=gF bT` CﴇIcA-9cq+kh秕ԮХV8;[cctt(/Q='DP ] 8;48oY`A VyT(4ւ^DɷTDmCM vJ o3&)dRgIIv"cĕCڵ]_$Ơa/Gz "4{Zݴܡ`P>1Kk8TJ]:ń4s~QnC7a;RbM}>E!>d.9cpO <@duўh) NȁV WO杲Jv]bT3Ibrgv !˙ۣi-"#凭N>ݭ9kʅԌSzϸiTNSCuq!*oaOi hJ&cn=.kfB 7d.g;rCE_ aƻjU(A ]/(^(Gkxi ,&^dX3Rlm\[!}KSwuwƈ#`L@#b$=OA`̛쇡Gxñ1W \hC)EZ9bIʊ,5R CPUJxU6.DO8wa^! 'X:tFhBJDuGHpȊ9~LEZHUmkˤ R "$5W'uYa*9m\PuYI;]y`U` r~23swШB6eʇLݣ 'YKװ;u?}RY>PKսwPK-/_V unsigned/%5BContent_Types%5D.xmlN0 _%5)BmW9,`RmDIXv%h8z' _ Vto@a*d'l0RyY}[ ?}x?lzPKI<PK-/_Vunsigned/AppxBlockMap.xmll]o@7`K ⦴񛂨 qc<':K;QM@":Oh = ^b@(xK,wZ=eA` <ǫ,ù1O\UX"+v"о1!Ix|4p֒SN"bPBgK7^eOlx&3{d54d|y05'3pcːܦ G?KNJ7OhjsaF:$LbJخC:ٮRںPU^u}С\W5Wۄoq>F֡Yй.t&VQ>gvL: V{#%tdUQ)umW3;:jP8Qڄ;n p,\Jv{}DH隒TYq8>O&.xzPJ_Fo͞=t<Օ/;㭣- ZB"^DnΔ RUM3!3vr)m$Zw{tNP؀Cw&\K) Ӝh+_љIo `[FRiMq~㖡?/PKJ؅qPK-/_VAppxBlockMap.xmlT[s@}LCrA-/%M+@h&yh~^\qhKqB ,L\L&4>,C3NdI^]~pъ mA_xb MI;iZuA~,vR94,HpQ\!q֯. "/|^DbR#*CMSDP9y\f>5Y65UW*b ghB]~^l0SPI˿rcߘ]#A cwx/@9\P薞-@{~ ¥?@QOlHꙍp3_-o#ɺS \f;DۦN˯3@+˚8]t[S4jBlR^X)8R7.n{wz;v͸*QҤ IM4W̛._ ?]{.GF1)\+#y#{Oh{;!"O>Ei8SР3% k9t=- &5U_lpS1jԼަ}mRb,mk}Ȼ33ӠǓ\[l@CxY/PK{vDuPK/_V=34[Content_Types].xmlN1&Cӫ=1,DQc;, ?i\z|߯?l˖:qM'5gihÚ0?YL,.|FnLj]L}@@͡Ay]J8EKMCFUs5 (eW٤k=h. kƖ ~"t2N ~A~Oؑ, -GBg-ol L19;k!CQ 4hQ?nM:@yODC+uS$Te4|PK/_Vc$ AppxMetadata/CodeIntegrity.catV{4[w^3%$$[* &&q̩ʗK$2ܢS&\8 B83*Yg}k}g}k?{~{?E$`E֥ؤ̑`aaa aE|Rl`*E`!i&Fa߄D,èxՎ9uPT IG2`;] ģzDvL'qӒ r<|ɂ(%1 BZ,%q:tynꐧS GzM}z@gFWE"̡(OGPqQ ҇6@:qXbœ!A`Y% iq*o #`? ŸXIiY H :x"1,228O%+E@ңh{h~(ZXytT`Gs!ⶇE)YEِX;K,mhBQ,XeqiŰ`1  7+ͼ3sݍFb;Sl-< bnő'~q9E~ΔNvO,,Ԙ)ϸ^:P~gJNH1Iv=c?jW&t,ЖkUszkOrm57_9[/-]1oJCcgxݢ;&mEr7}$Zpaq͜a,URd ܬ̶pF`2`,:e*H"* ! G ͇E؃w} ``XG?aCG=PǑdVA &X1 a ИCG,Mjlokf*w^BPZ2kM{vYfLx6,=P^^s9>XEUqL-j=!~Z)o<4nQSj_:4A?W5nҖѫ! |bksmIj 6+b4Xm ɺ&,PF-Tde:V{UFbս|d=}j8rIssy3TYSntNoHTgz^!/.rUfeW^5_ѭYGn atEɉoB_/IGRb,w8#3x*Y},-t3j,%$yKtϥe$͡Ww2Pue+:7namt\yNc丼pmIM`jbD7u^ ՜*q”j*^ʍNr HnNOwN*imѵa7Aqqr$`7iL/{ +oYuՠF{R]ȑc/'vt@{ (uDx=w˺jŽi@V5THa%$`xU ?;II䶯S6*z4>ΗT>ȓK3]ЈZ21/Rt̡b.!m^fNf!J|k;ϋ% A`"Y@bÐ KJN ė@]Rz"<%JIľhnXc3d ZV4vAy[BO~!UCa/ri Ck+4|)[e`>cj;R=]2 .nj,&:ovŭbj>95pʦ$6yE sHnfJ<}e}1nݽb뗆j|v,3w'j-:[M'Fj*74L}d^v/O~,ѬCYhc+ןڞ_ ^!U`st I+ )@ۑy^aA/ A]_-יٹٙfulx9F񾰫gj!&nfF[rd$y2*5wXHu1DjŊg[Sndap 䨃Ja9grMr9YwO037l]*bU gK^WΗenGgk6ui&઺u[X!q bB XV!`[UBضkC7 k A-08Qh W@pr`՟jkJE~25D$2F Cp4J15.㼟CX&?,}^Y2$D &$ @nv93!n!a N+Л۽8Z-9tJl_Gzbp32aa zy_AgD\~!VxhC|+;Zq8(lҥ6Y7%g5LR^&l\-L RD; #}:9]4+Nh\nt䘆b< ) @L|Ƥhbphi5R\Wo/;2r\ƫ׾Ѥ;k5Z(տ*vY'dSblΛx Qf,lq44x Ej}M4b_(v§xLf$1\CB Lw JM}~r&dԓ޻I7JzS'A98/BvߪC:[s=8c`#bn@=YEEF AspCz>aX|"j#`h4_1~sS(o3M*oԚڣR\C'زܑuq2(:˥[},_%ߪ1>®rV֏.z;df`ޯ^+-iO*$sÑf3C=lmnzbV/{Wwi #4҈i5k Y*EV" R˺Wȕ*ʴpb}T+@iiB;\ynU̇3PK--/_Vսw unsigned.exePK--/_V.icon.pngPK--/_VG/ unsigned.appxPK--/_VJ؅qVunsigned/AppxManifest.xmlPK--/_V.Yunsigned/icon.pngPK--/_Vսwounsigned/unsigned.exePK--/_VI< unsigned/%5BContent_Types%5D.xmlPK--/_V$d5-unsigned/AppxBlockMap.xmlPK--/_VJ؅qnAppxManifest.xmlPK--/_V{vDu9AppxBlockMap.xmlPK-/_V=34 [Content_Types].xmlPK-/_Vc$ Y AppxMetadata/CodeIntegrity.catPK-`V CAppxSignature.p7xPK,-- Q5PK PKPK  PK-`VAppxManifest.xmlTO0~彖Y5UI EBjY5<Z$v߹MJS%;wIΛ$`*hD (WR)n}gd/`@+ҍs1+6PqURmEBWu*ckՊ;L^Z;iy!4x@ezF8H`pQI4D n R-,BN|D#dKi7`R:KߠU]B`6$Mqr-w0$?~Ggd>pcːܦ G?KNJ7OhjsaF:$LbJخC:ٮRںPU^u}С\W5Wۄoq>F֡Yй.t&VQ>gvL: V{#%tdUQ)umW3;:jP8Qڄ;n p,\Jv{}DH隒TYq8>O&.xzPJ_Fo͞=t<Օ/;㭣- ZB"^DnΔ RUM3!3vr)m$Zw{tNP؀Cw&\K) Ӝh+_љIo `[FRiMq~㖡?/PKJ؅qPK-`VAppxBlockMap.xmlt]s0wf^:K@>*;U zB$h@hbvmw2{sNn,N ]QdQШ+>Q!L]2[;e(\hwŸ(p r)#8by^ 82x⪪J1j 5и7|1lxw')aTRRN"C XV䥹3 Eoky]Xˇi˥uyT*،NFw:݋*˝|4ROI6wAEF =z{paJ1ɹXgdYt75b\=:%drR+xv$;;d3=yʏSLN!-X\Ǩ߱1gZ` RAJ0xf'B&s%XBmTK"cXoy]Q;<|֑ԞCw=Bb9Uǎ6Gq*-YY}zMXm:t@dCJ`R̃G0ܡ,[jpȷ@.5&_Aw3EshDFL h[{EwMTOȫЪxBjQX|AG2I\ 4Mdnj?vo<ײdt ٍn'_ZsDp6'_r;`<mضcdR;c4L6V߆ɮN't&0K-J=EZm.Igs=5-_r99;nM+qH@UO+7pDG!3 3Zڽ/*zMmà%(x@\Ppة9ӟL;XT$oq!ٓ6C82΁,νp?"9[^v=[wFr.С@#o0xElg,tHt$Bw,vۛ8ɳ$ÿ;K׉lACJ(4^' e1.4NjV'OR*+4Nb|NgGE0ԟə#3 :tWZLg8j}#J4exty{eKNEkVgq/C~qS2;ўvz^%$jzf6$5 S!`u;Q$dWz^$/2_ەz|$# B~\i*L"؀D~X-N&Sј G›*ci~qP ٗ$ PsG8AvJ8>}5d ,B:7!@hk^!} HX0)dd[ "K`f4 ibV*UB>A@(QMK*5J'6B뻡iN +HvΞhOK+`f0syGc炔'U#1),?v8 ܢi KmQ {psd$@bAgrނ&skB_gQgRlD;yl=R'Kn_d.=o&)U s1$"ok1qC~4Q@3R36#N2,4rP mwa *uyA)?[ ~4ޭ= 48Z@ʺd|򎣁#"=R\@}{d}c+!aSA$t=d:#{ @'lb|`>-Z !$SќO4\aߓ߽Hc{QiѨ ኢFWR.JJ!ǑOj"h&ovSw 2 =T=,/ \N4٤Hhd'!٩V&,=R&u\ek'NB8]h;2;ynf K\[f([P`ɂv]:`7}"O@B#%hck#5!|b*'˿Yug*8S'G%xOy7naѢ7byξSxR; '~ Y0@q7P ^J:Cae8}7mR_7p3e7 ]f7n>ʹ6aqdBJvS7oգk+y.0٤~ T/2PAH y=$AL|%"/qtT$8O@,CcxH "K)5mVWWD~Bx̠ݷf:/@C>HƊwR96vK,:g::'o.'XXC=DT_JAwezJ 8&Lz>.B c^/0+-11#L;Z(FHA4'T@5qX[CkÍPef0^pN@KG jC^9؏-<+huߎ bN_x]ZpRBC7hj6ਣD߂GGMtP%HH?\3BȕR 'HcCDN?8W z׿.~ RI?F!$tMOţ6qӂsX[XbnQ0Dy,er_Vi{T dqT#.Q8݋a{Ǵ~B;[ӆ7_䞆; .% _}:Q0rg[ rqhT9os]L/ Jݶ{ޣ?0G !zuV0ï)q>``īIO_\,L;& mӇ?{6 MN_ٙJ򳻏{t3$[ RmftnQ] aeu4 &5@STQV<ƹ`i e<Ȓs$ڇbe&ټ8Г?D_Ի#4#ssy^nTjHMrwܦ\>*2mTIlP??D~[@fph[lGE8k5a~Ao7-ZQ3I-xRPyWKl1)Mp!A s!gχ{i }lZnbo\0CtآOz1(%5 }1(3Uv&0Bq=/mlF0kqƣWsm,*.hH`¯1Vp6`A^pNCxGGu-yAJJ XFsb;Gq>1u(Kxc}ka2 2;A tQS"` [b87v9C,}9&a ʾҏk/C31TWa>i7ت+O,AH?Ά9:55*h*peXA2#F1HgY/h;ܓl/t6ԣz@s:N&F?uG6Dr4 =]~] ,CdQ|W!(Fe+sEsL!>{-ฆ JSw| k?ηBW"uYmBt>67m%ُf-@$QGz DgSt'Fs+[`L 8d[nd"T{/j,\m+*,<Y8 zRof{fԡMT?ϜGD3G[Gwk2Lވ {rth;/_}j}k-{3} JJIlW< 8}C'7>c7)8h}s xa;\LDI?K g+ uvN{.}MCmnP.*wJuqm[/ ?\o v sѳقţw u"`,3P } ^:sf !xV(Q*rLgfz5ܝ.+70wJ;Q-겢3pI.z ?0^_wbCX{=+\25\/cL> V=p+áQm 4}&IvdbS] i\G'81ø..֤VC O/:"2泜 @{Rp3ksf71'_uNtш?8V#zr_"$#SR28ymbؿ`;W:\C=n?mlpdيK䅭xH< tt8;uz|H8<jkd>\ϑ:9^]jzFAPJI΁oyoz6}@p;V'zxW -ÃF?Oތy2w cvO}y{Ej<}az_}-L4"} {EkBGjvpgQ&E T谿C:ŝ@'b8+g@75v8d@ Ώt#߿¥&atQ~b?Uc?Srz:߯N(.CfrFr. RNZ Iv]CCւh;v~QH[ߗOdc7aJnj(m0!piཇ|' C:O,]z X]*3VJ@^Gj.# AH#:+Wg& Z=EXw㒈Pɹ눾Y$Vɍ $4mLm߅>LcI !l]0>Ch̠5'X(-B|R $u%9?j\fP]vq ]ImZK, d q~YO5hq '@J^ޣy[)_ҝ,n/&]lCyW} y!~9w`ZεT0щQIU~0.ր%mKm["Cv0QջΓ-03#ZTh/[kI`T}B*W2v#M1"-/_wP[[js9BU3];( Ig7 >XG5b/wPYxVa㿝`w IZQH)h!%T ڀ}M8IBJpdmcRƎoyX t^^^)(w`r_ ܫ8͗+ښ͟CoJ M%h7f,F){S@}Oh0O'3_AzJe{“Bc<4Jt0nqrՈH/͌_Oa)? Ze!/P% GX- ۚPyC(3PF:c֎p7=huŴD<*B,! Ud*+g. msXF5sb$"?) ;a^DKuP ٬#T#T3@=>TF&c$ J7%:_a Ԯt4n\hkgPQ'ikiTlQ)={?B;,JȖ S87JW+R+h_:ME6vBj!l1?Tjp5XMA"Cd+kRG߼1]Ȏ+`VQ6'Qy"NBsv涪{xo$Ggs56 {ڤO K9@P1 =1˘AN|(,}&O%۪TLɐdg"u}2 8H \r0x?^.,Hr9|8 &-"Q\I UsqQ{♰ŀr; 9y>ٔckmR+55gOy&E`WM>ȏ͇޻ \v*լ} briA􉳇/W<*IZ{do;3$9ʿp3? Gω~-PXn!]ǔܚ&}+\=|ԎKhό03ng3XMq|} ([[`w*pA[ _ǴXG=^s7?7Q]˭Y, LЬ,mRԆ vcͭ;H&DLt2:Kl\yT*=BM)8xa31B#|/"5"u4 ;ĈYx (~ JZe2n ceQH``rRg ACFtQzVGx[@*+a)=<ϿkkWsA[if7*F 9Gh9Ky ChLZعhXJa4dbY  ͊iT@^3&W:Lk KԆIV(Z9eAi2U3Ha[7v8ڐ]Il ?مڨ0g,j8ikўyB$͡b{sІ Zz% <‰Mo{< b Ĥٔ06nK*q{lxހ{;+Q?i5cm8-Cx769/#RPv|k۔Du0i1gLy?c8NW\`݀Y5,H$Riy%]x --0 9{0z7}jfb:X^C{o;dN@Isf p|{ Ѐ=_.x:Ϛ9kN Eq. ^9 ұ\M@ޟ@b1js=D2\ġvxAͳ a&c"2B} Y~U0xi("Ԑ%dQm (BkH.nzj 89M$t;xtҏ D ys8JdMC, DEqRcx@ Ր7aTCx dR7LO#KyG`dpP+Z6H9ࠃ L n3(|dŭWDNrX[wHo C/)}81\Ϩ#CiS&?!~G.&"B/,D`NhT~Ov8%pC;z!|^y;N)g!&-sB-WГ#vMHIFǓI1p5ȋgH L H'D*dP+% L$P+! $0*%3(PHnH llkR}%Wܥ&S&(#wɐ3cZ6Hd)ׁ{smNR ,B77lVv Ui6Mݸ_%>͚񳆫ϸ=#vLˣ}@$Ɣx ]nDraPōU|C*(D2J^h,/xi"H!d[£`{_0=Nv_55WFVi}JtO|Zko5ݑLB{htJڝ.gإ8OQ {twU h]8ߌI tRexК@Kor{bѐz&=s%.nMdcEi_E>{RE#rv?gRn2RޤAJVC@npȁ|ޗE;ovŭI7JJAc7]^4E-W{> #:쒱&%Er i" V@wZ$i(Q0b Ex Y=~֏&|m_0jVZo23wUt?eo%dh]iBQiPt?~M|~p&} I ErfwuyQϫn;-_Q ,jW}~ -D/ erPG|r)ޚw 66ss>DHo7ۜvDRls۹lYǨYc7Y9i^R }ẉx̨"^ivg|A~\,IsRck͝=yNp_!Ku+; aVÜ?ngߋxdYtNzN=+<7 >@N+~-HPD~K-,Ip`@n 򫠥ul H2ۇG:%T,xrs2ΓW O҃lH9C;<~RBkqsWƜCo%lY"(B$ԊL }xP[`VJWV"F>+yl:$AK?X+X޼3Osm\tUibԦ֌D /fO˛'6hL{r~9^Lo32gvO=1rdl{uR9纎̧jKm6xYA[;yzBJ$.QFN<k*i,^sLMgD?8qG _cșq3b֋=| 4Gh5{V%0]V]H6ɕ6R-3*~29|r=sx{p"~9['9#〟@Jzh&d堵lE/&ޅnp ^v(뻚ႩÓyIC#t0+[k`՗ oQjs?̧`ě!x(?&=6=g "Tq)6k3܆& Ao:F~d9 IOY%!)r};Aw9' uZXj2{";Sl҇h|7)Y=\x 5΁aܣB~wCk:L]]饽6`]6_{n^:u! :qDaNНP{lJxyдKAbxϝ]=[n>n=.9oB ,ҏ ̈́ޡ"Dn"L(hi?o}VKm`/UZ3ۿpoڻdFK]S{חNs%:й?KsǢ/c%Q[&kw ~d82RR >j(0NiqUSW85%%Ml}/FBG['߅&5LF]rS&5%=^5-Sإݸ :nxqs}Ik7qV!;g- pA၇RFmdel͉EҨEk*{n %^ Ut ^!7Bo=Mlr8ex)y m`ϳ/<9h~(}vT+߯&~@MnQY|bίSh.7GU"[$?ֱ%A}gD <@m7!.1_qjf'Ւ<Ƞ&ZJQG=/_{ʥu7?%c-?=[dKݖ>'l'?߄T? -/6TW;DCiA0T(,+M+%[Ԑ6o%EեeU*CZmlZfъBq9`fِZ;jjuZ겉e&!X\YX6" mIgn $ rN3NGx pFg4<Jyq8  3 #}w“R_aMt ǎbtc*y#N(2;@D ¡@i=p657īc2BDު \*>xdpO( lQ Z JiWi ,P= EQ 7(9- )p;([S`Q \?W`oVL~?S R\V,TEeʙ\,̬T*բ9|JtTK*xfV^_J│նjKvNpi* ~5V^I:RVP1tiq*J_,+_^Xx,-leŕ̳ڂj@2G1v92'NC 5PPn,Z,mVnEʊeŋJELXQhEa-MdBbV-f! W2X伋J+W SbqQae"qU%E4Q]\gXZVάЊekYTDCCb a3T9}2Jh84[8EeE2&բrR|j=.\RQ%2V(A <-.*-KrELPBΔcSPլ(^QT wAY2>MX˺e9ʋVT2E_kj{:w~ee(I+v~Y#.9:?D&t[GyL{M4,V8OY? FFCB:vyQg)GtO_V\^\UZªk8 _.3L30Z\:}YTR2 &UV^]]9ij>IHO&]|kӋ8J˖.-V@OZ95=#=#*KjJorIV1EhݪE"Mx ɺزeQVQR;Fy jp)*1,^kURFp}Z kbd..'A٘E9ּًۜZs̵0O KZ6sU2,#>eABJ?6jE)GgmlNJ%Uy8Ti)R訠 ~a#!nG#MX3gvuAӡѫI e +gc 7&dTHSbb}@eVB0>iς4|FٱViXKU~b)@,QIcy̨7]Ϩ7bȨrĨXeZFjcA-boXC%{cVW24ػ4+e>{j6ΝʨhdK\3n_Lkn'u@ zBc!knMam4&CFNcsK]4֟xdwGjnj\_ďWjB(cG.i8KDzpWJ4UE *HkGFYU< RTVH1mt@!QϷΞ3ĬMG}g\7"296 f(#s~.QҌz<"FLˇyl 7w#~neԿW*"q6 9/F4yPIe2(ҕHB ,w*%^NXD/YfNʃW&BzQiG#JJ(]QwbFrm2`O bЄB s֦P|V`M`> N±Q5dPZݷ P6H=Ƣ](úkcNWY(L?j)nʉ' ACUhoc!ʚعU+0ic՜"2M;vR'mZI8:v:S؉Į_y%qI{gfE9=;}=r~Ν;w&yR.7l kSDBj-GT[0 `>-`%p3DD+C@d  1&1sc@W&1 ̭*0R{0ֳBj1Ư c'5{װ_Hjs I I# cDsG_e3|%갿HMqDޱv'Bc('$n@峰_:7hS8oo8 kn wjrDi lz\"~O5/Wq R:jTȼx?230EN 1ޭ`]7#R[aSQ:RS?钚;k(t0"t`?V[fP㢙 04pɲi:δ&fSDZnBUX:mgp\Clt7V[u zCj0TB`(Az'stfUM͑Հ 3t!5(0/NCzFc}?)Gզj4@ 2LeV 9nkM\"$ _o4#+RYO8# "u o`-Ej^pL׆H4qKWxXc3,8^ш|Sۼ9SII90eRsgSc8`K9Y)KdT)$ZcS17fbW4!Wm2ZRC_'i׾qg})@4H#Df׺Ni5$jCDJ67ʑbb,J:fZ;nU~I?!(JV@ڂ0B'ɔ:J;šz;O9ҫ|YnPr3jU|6(!t3WwQ9t/¡+|t+6+rC;|;/S pmRV vu+;8ԣ܊wp)Ae;9V[]Oy ͡oɒP\9;9RBШilc%SWj8zO.zxMz[4Ň nxbp#p ey/<x0x' )|f 2YwG(2~8:zli8\pp}q>G TCc7Cx7O&.&À HaÈc/ClA*Gc+#0-V n~}e:@3|Bg.$ lk{C=Tt9]53D$[(G?pgB 7p|#PLjd#,_H H8*Ǧ6dحLPT$՗@Og/e`z@䨦[a%dJxj'(t ;C7sXٹxad-0+4 Eq_*GD" Ƃm"F =?;4HjXP:SX;q@':HOtc"E6r Xixɋ)0H,C+T+1CD7BVt  %pdx"G $_q>оl ]v ZW`z !{hBzBX;͌\5+" G$G`o;0ju* Qtg ^ PŲ3׫}T?RyhU+dcI1hu! 5F6 j0Q΢i .Hqr~YUe;%RJYa$hWnq`6W1|9obӊ EbO&d#.C?v]|aQX!`l'#)- @+ۯ3À{B5~Kp?gD,Z­9kk H[LV3ºHp p\}]u&̈́!2ч b?~Oe p> CK4Tgd< \7Q:``/OD6ؓ,8$>-K8O3` )yS)B-+ ]`7ѵ(2'X'H  p F˄ \TK85h3ۀPln:[?h'+G= =i;ć!W4+GhM ? }-b KM/ _kXVQ_pIc$+Ў̼Az/|#1=cz\ci%4+oi5tீ+BlП$@#Nquןw9> cO{U\l@9zpuG+0րI1OUH|$3LM J|Q/1M?D]} tphSmQMC % Iml ߄[ 1 q O5Uߍ~ +aU(z~/C 9qP{:z >""sܖM<U/qV$ O6h7zJ5b(HLNb9L0DW߇PSY7sp89Fӑdōo.J``1OfWʕd-_Spd0 kQZl1!,ܫxB~Ǧe~62|{2bNHL} 0y9 {fﲘ(OV]//_&Ue/:`Y3PdQGYêtᆓx/(Qv=tDhO*hgvKaaGUŝw* x@,=u#YqR<#1*-S58Q*6AwԌ $+\#a8ѡ#,Iȏk;z-ݗpS]OKJF[`L!_l+GC b>wyGp2~;%`ƃ^= t<\0Kwg+6M&7>, [858Y}\ںcoKڜ.Ԏ)öq4Vr XMǹĩ[8MSN߷tRwu-,2"[yoe-4m_IӸ/԰sJ`=M Nd' nh5!a҃!5 ѐ%R_Ò- #r%/e1r%^M8TQB8eXa"@,1^lepJ U`P'|kxyd L*/ֱG /RcTo /":$bXo:HچHuG*5e2 ҉L' ]#(w;'ù1&bd0WI҉$i.N`hd "c!_ `( 2k4-#5* f"`(@V+7Pa-$XgudT"`n^v5\mε+hLj|< yE2FUpR*i`E,a/.& T+6px{v-]l[UV>׶KmZnv3e2Ҏ2\Ը9\avo n0t*kh:J,ko<`zl;òle[Q$n_ũ~ѻ5tҍ))ZZgw7rjq: n^>g˕MO `C%y^e ɀpUIr^NL|'Չ`pc^0[6Auj;u _LH] tssăEˬ^ C鍍 i] Y@P*!0AHYc`CMu\dƬ1*@Zֱ1k=a11ˌƘTj.'lY n~'nkj~.FŸ"¿vx УʈL5>?nYܿ뮳z ,%}m,flhNxz~}F Khc5&$/N3qbf|+(Pg9.q2z%D!9<1`nfApܜJ z($:I ) m`!sN&laFAYE#r؀#yFʥ=!G (& 0gV6<14òo Ozމ)⦩bal8OOl 0p\.?BqoJh |7 %&1TZRJYv,KuD}Ɗ3Xl*ay՟.#H%`p8* 7ALhX9dZ.\D(˴I/=ֳIXj=&]<#S0R0kZm}o6@3'i3 P:n\3ԣZsXle *Q3(PvۭV遒|̊DvPP)POܢT0 ,ϑ{uV]&U] za~"CXAc|v*3=kDڒE=)uGۯ[g 4ϊ}+@\"+`!B>囋cnoBj+2L<Ц.AWO.%SX۶"8AW%RM6o2ܿc|;>זe6v{<-WiW_Z}_ryϻP˒MA}AݼL7,z /|>k񹼷JY)K+S՜2{N sDcz%4 NAhI췪8*:6]d},~3 d{\[{8\b-|63ɳNo܌){"OTn>d̗!nzs=)RsvҾkkFu-S&\МUܬis UDnl*ll=EctX1/TH_==81N)yxMApv ` i?k]$n[2="g.Fҥ>+JK?a)y|Ғ,ZO{H|y/$NE%JhPBXRΔsE)gb%LKo,5"i)IҒ:ChifXfY"JUqm PF\KI3{AJ+^+P#O;TBK.eMV*QWQh2ߵxg",rLe6MU;)n&4e-pq7afznƶç5ޚ0+!B[KžyN~uyy5ZwV!yϙ2de_*:?O[i^t^ј&0E8qW38c噣Ӣ4gyN&9oUo6$~_ ~@K ęV"]&90| IT!yրO|U<bAmV|\ɶs 9T)~}\wP|<$㽗9|mdZFg3tfKo{0ͻ 1D-!qAM|-"ynk.e}%,{ Behyo0|Q%x$|qf<3o] pWu^ؖd?۲8fЀ\Eq%nFbdGu[=՟*LҐtuкL5 M fäi=4FS\43ui:d%=g{ٷPӝ{{ヘ࿦Q?mb2 Df՗ycQ5\f/Wfɶ}_fw,ջx9k}l;Geׁ~r3U*ZF͂UΡPNi_+dzӞ&Bvhw ј-bJu] -&3 2_T̈h }AX8cT*L8V5t.V ~X7GY[lZ2bVbWHkdb>2| _R̆xr C ]g(OkY,hKA[|]֝ːPӗm1MEȡ;W&x/rQ/"ԫSWDk8Z'DY> |'R/#9ݹΕo< ߈Hwh`68o}&GwMp ˫Sa>ttVKct\ЪGԽsU.7W꾚Mj*_6UbU@f#t^jո0_ ߡʊ%Z>P Zz̼U_ ת .כ$NMXu?_NR'hбtd<:vX J5q^M?wfW,Mߙۨς;^^}{Tc=2{;dc8_4qqfWyi7ժRِYM@1.k1ᚖ>d3VqL g[ۇhXҌXG5Xc>AFԲԽ)w'Ϛ>Gh\G`נ @“s/@*<[F)s`xxrOcץa*ze Ȃ' =JH* EHg[d-҆o"󸛰a%M^૸Bz+cBoJqҤ:} x},R65tkѼoXijhnw(hd\$켃DvMl},i?Apvl9!v6XQvfag-r;BkŦ駲:cmЦhmGA~l9hì&l\1JAя,>[WצDZO:WK\M+>~Z4Ig7fkk%S~C@{\bb%A|IO2 F.FHVA~2 #m-;HmaӴ\ZT̽?|=)r v?=nWۋFzMSoAeo%Eǐkk%>Bǝ+ ӳ'<.g@Z5V[Ֆ5F7֐Un1]/佲 ߛl5+D9gTu^*pokV}?W>v141}*#z?$9%,i\^''쳍pq.usu ceS M5f}*usA^~g"EkAuֺ-꺻k.)|!ub$ya aRV~_$=;a@Cbo#C_}8x婜9^-'u)2L tY/ezV)~ k4kb;Oogr/7'̗؃l<;Gqe/Z nMMg}bmMk-0J_Ka2X;5F^}hJEX[s HC8Q7ƍR6>zysdD9>†jdp^6PbP57۰Rlci5:ky75j| &F[m1bz5ZYUqVkzb}ޏU9lA&S}X9-}:kZ"҆dp>쳨-}jx &gd Yy%e(%{μ׵:,&wdh6+Ag!'EI.zdu aJw'jO] 9~#j,y~J$su_qWBGE|]G^ a" B]#4g#,a.aSCåC7U<\$^_uy>йzN2Ԙ*sMcCuSrxK$Fu #9v} F?,H>,?&9Zh^oo1:̅3k*' -aލ@Kw_W_Ot4"V %/ "3䗀}j5?3=|1@vי! y9U\#njo嗬OE=&5rcHK C3-pl> "drOtI!N> Ʉ2ӭbN-ys?*Vy5ZQ_i_˾,{COKa2_xO!3)^w@:kZC>ȳJM?6Z/rQ* }im[f1W ZV ,Gѧu^ouW d8aGk3ur\=urŐ'E}@TOX'Wq:x]KF>ukI>u; mJ~0#[Dһ,ь2_q##Đ'YⳀlSd;  -avܯ jaF?ʸևmGZZ^/3X/1@T "> @sv+zx{CVVd6R.@v*2wl6EPa4XE-9hXZFzcdU@(\"s`ȗ76 2#rŽQNȺwc4 HGJU(xXJ}r#Sqr ;S@bDqkl(5mBb w(O}^䣀lWdL^r(f1;K~EŪN> k1'ma7ZC6l y 7¸Co_ ;@&ԫw1GQ,f)M'7S,"C9FLx4~>V1O`?v̱t,ܼS3fJ5H4) Q]FG ׄ+qRѽ y ' a}ᑽCCz#8t,(8xe#es0<Tkdx֤>[,I W弲Cpb5q21jˌ[t}_Y8ԈAXY-J"ƲY+J:xVTwI_[CW0ҽիp{1SԩSjGB.;fr*`$payhpWAr>Bl7!}ht*l: b)3gt;W.M2kB *'p_rN%Nf^1;wߥ;%*8 FCks#c8OFz@Â#s'~`!Tո7` k 8,'t?jⶎ_0{];&SX}D:t}!) j bVJ.}3㱢7=~㾲7wL׍W640m4q% 1K/k&zйlk1$m&Е:)QȍP(|i!B`СJF)tgȻ-1h,ykZ5f B fI_fwR3128~C˟pqkt.?;]H=gF bT` CﴇIcA-9cq+kh秕ԮХV8;[cctt(/Q='DP ] 8;48oY`A VyT(4ւ^DɷTDmCM vJ o3&)dRgIIv"cĕCڵ]_$Ơa/Gz "4{Zݴܡ`P>1Kk8TJ]:ń4s~QnC7a;RbM}>E!>d.9cpO <@duўh) NȁV WO杲Jv]bT3Ibrgv !˙ۣi-"#凭N>ݭ9kʅԌSzϸiTNSCuq!*oaOi hJ&cn=.kfB 7d.g;rCE_ aƻjU(A ]/(^(Gkxi ,&^dX3Rlm\[!}KSwuwƈ#`L@#b$=OA`̛쇡Gxñ1W \hC)EZ9bIʊ,5R CPUJxU6.DO8wa^! 'X:tFhBJDuGHpȊ9~LEZHUmkˤ R "$5W'uYa*9m\PuYI;]y`U` r~23swШB6eʇLݣ 'YKװ;u?}RY>PKսwPK-aVicon.pngPNG  IHDRnPLTE^S9tRNS &8 BzI ӣ*2װk.p[VNφ=u_Sgc_v#IDATxVP $EnjGDvHN{X afО^fQ,7CY)?ObP%jY1ΏW#MGr -d;u!kuF)kHsa+պHy$doĜ/BHyJcTB6"%=fHﻐ-a/d΄榌 {BE&|ړ&u*#)0,lV)0,l>R`X6smR`X6)0,lU`MgεЕҵdwP95 Vk–3 [4o D=D+!հZ`+b0{Ks0,\%PcX$]|p"Z B0,\5+cXr1>`XjSðp4fPѼ*3p/ T49,PpYAT$._7X uFX pΆ='w"&TX/Jq''TpZژ˄X׌?6o|*wUؕP^fxϿ_/f/=~cmd[{$ \\l9$cs CrͶ{=tqX / wbc" ,P,Hm_ KC?]`~]q2V(u{s=h{̴\q*VەmM܂!X̊-#'ڽ-T;8pBۥv;{qpΉ`*-Iޜ.vv;&@p؃?Vau{s+ j]ފ.`b?~ÿG ~gfVPc* 9}8ža~[⯍PB_~6%s_6 )ފc@)NL4tP4KC(YPdLsХDsN=@B&:w[i@ÂBUP B"UP/֞4*,pWLDH:i]PuFq.U:nPvF q! K6ވYXp'y8$0ߏ_kQ`GJAI`#uj$W~ \P|I0_J`~fVK43e `~NX\LXz<)GF 0i@/@9 x^'uh \`\3t*<:h Imfsx!`=ʍb0..H-A#m'0.@A@0 # p ` @0 `H:lYlK8/`!$V`A $R`AK v ! J(Ĉ,vr@M,} DP__ FRWb3 E"C1X```5" %1n HL|Weؑ"u B늭o$/mΎ vcy$ Rn3F3MO% n߿-u 5"+FGl-qM|%m*" ra ~mP7@ 3_= ]5IAp1.N`4vi޺ UlUFVb[h{`Z8@lܠHc dkO-0%z^=ޥCW=>$ɠ`b7.;iQUiw`kmf~͚og)lҔ(1POFXv]RMJTq"1cF{ D6.)q9l擑ڽA$ּs_#S9B1ОbNԄ(', "*qW\Ǚ=甶3-{aL&ϔ 0\M[F΂q[sqh1mUxBY# ePW F-Y{0ƈ;4>5F1}.!3\͌FZ eH `Etŵ-,1Pܧ0 eԐ\#k)*HKն*M)] d7_\Ӂ- ErL'M3vwڷ.厸Y?Rpςxzsu|:U_-޺ҘM[x[mOxMoCq @ ^ FD8[|-`:w%jV,Uw\ \iXW>3r /]0nO,Ѷ%af7\"o p&P7s«xj品NxSWIxyO0N=]'ӈ^M9}h%| *'a~˛?2O.TP4CL^ wT^sqB(8 'Dٷ/ɟgI»$_+.VKVeG]:ZHb#JCd$EOfJed@\0m&$oօyΥwp *W<3HKr< x;q@#vSf d;;+rGA(M`$r |xHQmM}|*=9rX|3A7L9 h'o !hk  3 #韢D'IKd7;a?D dUOWeld 8]5V\"ғ~nԜ17;I㧯!cȏ_ ҙsૅtH9AzgHλu1:۾p (6TWB+Y8Pn:xvRWZ4P셾ڥm4^32cqu{h@IU鿽ޯ^/\-&̴ Rs3wco7_BEVr d) PѠ?[ i:[m@Ah݃_Q}97Pa2";#$!9o@軂Db1tW RTHLL7HsNH## [OB%I*ڷa|TLT@c`+†nD%(۴w#@$0sT޹!QKGM.|0c3S Y(b@VD (xߢ֞IjU9fh;3;;kᇺ]'?tD6- n#ek .@6;O%+Ĕ121%CXBTh'R LG=LE&%BѬV^'"xX?a[d xY?ȢB i"61_>?QMηֱ7@9@,<(P߻@ #Q\h㫋~!_F.ЙꐍCAkߦB(XKHP 3Q/@`}\8X(+(YW»pzOB4XիYb!α9sjӁoD t|X ov݃?!mcdEferUE:$EuDL?O3Е,wn|S~@#0) kf6 LRZglftR1aR(:?ǼDcL^~;!1eCFӔdႣ\po(,wT{S" I  :%'w%/gT.Ӫ+2?D߀!|/vZlӟ3:Sw0߹;5z`.A!%M拎f#kTDEZXΜjңs4<{٤nc%0!Me\_(L7)5\/`VVA|m֩ ls.;ƛ s nK_A>jN q՟_a?kWGS !` :F.?MAЅԎX;޶A|O {BdIsg q<Ўj[Dk_n HO% JM7f+sS/W6GbpQ`ۂXa!r6b3_.Zj$jЁL%DŽ[h싒WO-nY <F&Ϩf͞~'YpaJ1ɹXgdYt75b\=:%drR+xv$;;d3=yʏSLN!-X\Ǩ߱1gZ` RAJ0xf'B&s%XBmTK"cXoy]Q;<|֑ԞCw=Bb9Uǎ6Gq*-YY}zMXm:t@dCJ`R̃G0ܡ,[jpȷ@.5&_Aw3EshDFL h[{EwMTOȫЪxBjQX|AG2I\ 4Mdnj?vo<ײdt ٍn'_ZsDp6'_r;`<mضcdR;c4L6V߆ɮN't&0K-J=EZm.Igs=5-_r99;nM+qH@UO+7pDG!3 3Zڽ/*zMmà%(x@\Ppة9ӟL;XT$oq!ٓ6C82΁,νp?"9[^v=[wFr.С@#o0xElg,tHt$Bw,vۛ8ɳ$ÿ;K׉lACJ(4^' e1.4NjV'OR*+4Nb|NgGE0ԟə#3 :tWZLg8j}#J4exty{eKNEkVgq/C~qS2;ўvz^%$jzf6$5 S!`u;Q$dWz^$/2_ەz|$# B~\i*L"؀D~X-N&Sј G›*ci~qP ٗ$ PsG8AvJ8>}5d ,B:7!@hk^!} HX0)dd[ "K`f4 ibV*UB>A@(QMK*5J'6B뻡iN +HvΞhOK+`f0syGc炔'U#1),?v8 ܢi KmQ {psd$@bAgrނ&skB_gQgRlD;yl=R'Kn_d.=o&)U s1$"ok1qC~4Q@3R36#N2,4rP mwa *uyA)?[ ~4ޭ= 48Z@ʺd|򎣁#"=R\@}{d}c+!aSA$t=d:#{ @'lb|`>-Z !$SќO4\aߓ߽Hc{QiѨ ኢFWR.JJ!ǑOj"h&ovSw 2 =T=,/ \N4٤Hhd'!٩V&,=R&u\ek'NB8]h;2;ynf K\[f([P`ɂv]:`7}"O@B#%hck#5!|b*'˿Yug*8S'G%xOy7naѢ7byξSxR; '~ Y0@q7P ^J:Cae8}7mR_7p3e7 ]f7n>ʹ6aqdBJvS7oգk+y.0٤~ T/2PAH y=$AL|%"/qtT$8O@,CcxH "K)5mVWWD~Bx̠ݷf:/@C>HƊwR96vK,:g::'o.'XXC=DT_JAwezJ 8&Lz>.B c^/0+-11#L;Z(FHA4'T@5qX[CkÍPef0^pN@KG jC^9؏-<+huߎ bN_x]ZpRBC7hj6ਣD߂GGMtP%HH?\3BȕR 'HcCDN?8W z׿.~ RI?F!$tMOţ6qӂsX[XbnQ0Dy,er_Vi{T dqT#.Q8݋a{Ǵ~B;[ӆ7_䞆; .% _}:Q0rg[ rqhT9os]L/ Jݶ{ޣ?0G !zuV0ï)q>``īIO_\,L;& mӇ?{6 MN_ٙJ򳻏{t3$[ RmftnQ] aeu4 &5@STQV<ƹ`i e<Ȓs$ڇbe&ټ8Г?D_Ի#4#ssy^nTjHMrwܦ\>*2mTIlP??D~[@fph[lGE8k5a~Ao7-ZQ3I-xRPyWKl1)Mp!A s!gχ{i }lZnbo\0CtآOz1(%5 }1(3Uv&0Bq=/mlF0kqƣWsm,*.hH`¯1Vp6`A^pNCxGGu-yAJJ XFsb;Gq>1u(Kxc}ka2 2;A tQS"` [b87v9C,}9&a ʾҏk/C31TWa>i7ت+O,AH?Ά9:55*h*peXA2#F1HgY/h;ܓl/t6ԣz@s:N&F?uG6Dr4 =]~] ,CdQ|W!(Fe+sEsL!>{-ฆ JSw| k?ηBW"uYmBt>67m%ُf-@$QGz DgSt'Fs+[`L 8d[nd"T{/j,\m+*,<Y8 zRof{fԡMT?ϜGD3G[Gwk2Lވ {rth;/_}j}k-{3} JJIlW< 8}C'7>c7)8h}s xa;\LDI?K g+ uvN{.}MCmnP.*wJuqm[/ ?\o v sѳقţw u"`,3P } ^:sf !xV(Q*rLgfz5ܝ.+70wJ;Q-겢3pI.z ?0^_wbCX{=+\25\/cL> V=p+áQm 4}&IvdbS] i\G'81ø..֤VC O/:"2泜 @{Rp3ksf71'_uNtш?8V#zr_"$#SR28ymbؿ`;W:\C=n?mlpdيK䅭xH< tt8;uz|H8<jkd>\ϑ:9^]jzFAPJI΁oyoz6}@p;V'zxW -ÃF?Oތy2w cvO}y{Ej<}az_}-L4"} {EkBGjvpgQ&E T谿C:ŝ@'b8+g@75v8d@ Ώt#߿¥&atQ~b?Uc?Srz:߯N(.CfrFr. RNZ Iv]CCւh;v~QH[ߗOdc7aJnj(m0!piཇ|' C:O,]z X]*3VJ@^Gj.# AH#:+Wg& Z=EXw㒈Pɹ눾Y$Vɍ $4mLm߅>LcI !l]0>Ch̠5'X(-B|R $u%9?j\fP]vq ]ImZK, d q~YO5hq '@J^ޣy[)_ҝ,n/&]lCyW} y!~9w`ZεT0щQIU~0.ր%mKm["Cv0QջΓ-03#ZTh/[kI`T}B*W2v#M1"-/_wP[[js9BU3];( Ig7 >XG5b/wPYxVa㿝`w IZQH)h!%T ڀ}M8IBJpdmcRƎoyX t^^^)(w`r_ ܫ8͗+ښ͟CoJ M%h7f,F){S@}Oh0O'3_AzJe{“Bc<4Jt0nqrՈH/͌_Oa)? Ze!/P% GX- ۚPyC(3PF:c֎p7=huŴD<*B,! Ud*+g. msXF5sb$"?) ;a^DKuP ٬#T#T3@=>TF&c$ J7%:_a Ԯt4n\hkgPQ'ikiTlQ)={?B;,JȖ S87JW+R+h_:ME6vBj!l1?Tjp5XMA"Cd+kRG߼1]Ȏ+`VQ6'Qy"NBsv涪{xo$Ggs56 {ڤO K9@P1 =1˘AN|(,}&O%۪TLɐdg"u}2 8H \r0x?^.,Hr9|8 &-"Q\I UsqQ{♰ŀr; 9y>ٔckmR+55gOy&E`WM>ȏ͇޻ \v*լ} briA􉳇/W<*IZ{do;3$9ʿp3? Gω~-PXn!]ǔܚ&}+\=|ԎKhό03ng3XMq|} ([[`w*pA[ _ǴXG=^s7?7Q]˭Y, LЬ,mRԆ vcͭ;H&DLt2:Kl\yT*=BM)8xa31B#|/"5"u4 ;ĈYx (~ JZe2n ceQH``rRg ACFtQzVGx[@*+a)=<ϿkkWsA[if7*F 9Gh9Ky ChLZعhXJa4dbY  ͊iT@^3&W:Lk KԆIV(Z9eAi2U3Ha[7v8ڐ]Il ?مڨ0g,j8ikўyB$͡b{sІ Zz% <‰Mo{< b Ĥٔ06nK*q{lxހ{;+Q?i5cm8-Cx769/#RPv|k۔Du0i1gLy?c8NW\`݀Y5,H$Riy%]x --0 9{0z7}jfb:X^C{o;dN@Isf p|{ Ѐ=_.x:Ϛ9kN Eq. ^9 ұ\M@ޟ@b1js=D2\ġvxAͳ a&c"2B} Y~U0xi("Ԑ%dQm (BkH.nzj 89M$t;xtҏ D ys8JdMC, DEqRcx@ Ր7aTCx dR7LO#KyG`dpP+Z6H9ࠃ L n3(|dŭWDNrX[wHo C/)}81\Ϩ#CiS&?!~G.&"B/,D`NhT~Ov8%pC;z!|^y;N)g!&-sB-WГ#vMHIFǓI1p5ȋgH L H'D*dP+% L$P+! $0*%3(PHnH llkR}%Wܥ&S&(#wɐ3cZ6Hd)ׁ{smNR ,B77lVv Ui6Mݸ_%>͚񳆫ϸ=#vLˣ}@$Ɣx ]nDraPōU|C*(D2J^h,/xi"H!d[£`{_0=Nv_55WFVi}JtO|Zko5ݑLB{htJڝ.gإ8OQ {twU h]8ߌI tRexК@Kor{bѐz&=s%.nMdcEi_E>{RE#rv?gRn2RޤAJVC@npȁ|ޗE;ovŭI7JJAc7]^4E-W{> #:쒱&%Er i" V@wZ$i(Q0b Ex Y=~֏&|m_0jVZo23wUt?eo%dh]iBQiPt?~M|~p&} I ErfwuyQϫn;-_Q ,jW}~ -D/ erPG|r)ޚw 66ss>DHo7ۜvDRls۹lYǨYc7Y9i^R }ẉx̨"^ivg|A~\,IsRck͝=yNp_!Ku+; aVÜ?ngߋxdYtNzN=+<7 >@N+~-HPD~K-,Ip`@n 򫠥ul H2ۇG:%T,xrs2ΓW O҃lH9C;<~RBkqsWƜCo%lY"(B$ԊL }xP[`VJWV"F>+yl:$AK?X+X޼3Osm\tUibԦ֌D /fO˛'6hL{r~9^Lo32gvO=1rdl{uR9纎̧jKm6xYA[;yzBJ$.QFN<k*i,^sLMgD?8qG _cșq3b֋=| 4Gh5{V%0]V]H6ɕ6R-3*~29|r=sx{p"~9['9#〟@Jzh&d堵lE/&ޅnp ^v(뻚ႩÓyIC#t0+[k`՗ oQjs?̧`ě!x(?&=6=g "Tq)6k3܆& Ao:F~d9 IOY%!)r};Aw9' uZXj2{";Sl҇h|7)Y=\x 5΁aܣB~wCk:L]]饽6`]6_{n^:u! :qDaNНP{lJxyдKAbxϝ]=[n>n=.9oB ,ҏ ̈́ޡ"Dn"L(hi?o}VKm`/UZ3ۿpoڻdFK]S{חNs%:й?KsǢ/c%Q[&kw ~d82RR >j(0NiqUSW85%%Ml}/FBG['߅&5LF]rS&5%=^5-Sإݸ :nxqs}Ik7qV!;g- pA၇RFmdel͉EҨEk*{n %^ Ut ^!7Bo=Mlr8ex)y m`ϳ/<9h~(}vT+߯&~@MnQY|bίSh.7GU"[$?ֱ%A}gD <@m7!.1_qjf'Ւ<Ƞ&ZJQG=/_{ʥu7?%c-?=[dKݖ>'l'?߄T? -/6TW;DCiA0T(,+M+%[Ԑ6o%EեeU*CZmlZfъBq9`fِZ;jjuZ겉e&!X\YX6" mIgn $ rN3NGx pFg4<Jyq8  3 #}w“R_aMt ǎbtc*y#N(2;@D ¡@i=p657īc2BDު \*>xdpO( lQ Z JiWi ,P= EQ 7(9- )p;([S`Q \?W`oVL~?S R\V,TEeʙ\,̬T*բ9|JtTK*xfV^_J│նjKvNpi* ~5V^I:RVP1tiq*J_,+_^Xx,-leŕ̳ڂj@2G1v92'NC 5PPn,Z,mVnEʊeŋJELXQhEa-MdBbV-f! W2X伋J+W SbqQae"qU%E4Q]\gXZVάЊekYTDCCb a3T9}2Jh84[8EeE2&բrR|j=.\RQ%2V(A <-.*-KrELPBΔcSPլ(^QT wAY2>MX˺e9ʋVT2E_kj{:w~ee(I+v~Y#.9:?D&t[GyL{M4,V8OY? FFCB:vyQg)GtO_V\^\UZªk8 _.3L30Z\:}YTR2 &UV^]]9ij>IHO&]|kӋ8J˖.-V@OZ95=#=#*KjJorIV1EhݪE"Mx ɺزeQVQR;Fy jp)*1,^kURFp}Z kbd..'A٘E9ּًۜZs̵0O KZ6sU2,#>eABJ?6jE)GgmlNJ%Uy8Ti)R訠 ~a#!nG#MX3gvuAӡѫI e +gc 7&dTHSbb}@eVB0>iς4|FٱViXKU~b)@,QIcy̨7]Ϩ7bȨrĨXeZFjcA-boXC%{cVW24ػ4+e>{j6ΝʨhdK\3n_Lkn'u@ zBc!knMam4&CFNcsK]4֟xdwGjnj\_ďWjB(cG.i8KDzpWJ4UE *HkGFYU< RTVH1mt@!QϷΞ3ĬMG}g\7"296 f(#s~.QҌz<"FLˇyl 7w#~neԿW*"q6 9/F4yPIe2(ҕHB ,w*%^NXD/YfNʃW&BzQiG#JJ(]QwbFrm2`O bЄB s֦P|V`M`> N±Q5dPZݷ P6H=Ƣ](úkcNWY(L?j)nʉ' ACUhoc!ʚعU+0ic՜"2M;vR'mZI8:v:S؉Į_y%qI{gfE9=;}=r~Ν;w&yR.7l kSDBj-GT[0 `>-`%p3DD+C@d  1&1sc@W&1 ̭*0R{0ֳBj1Ư c'5{װ_Hjs I I# cDsG_e3|%갿HMqDޱv'Bc('$n@峰_:7hS8oo8 kn wjrDi lz\"~O5/Wq R:jTȼx?230EN 1ޭ`]7#R[aSQ:RS?钚;k(t0"t`?V[fP㢙 04pɲi:δ&fSDZnBUX:mgp\Clt7V[u zCj0TB`(Az'stfUM͑Հ 3t!5(0/NCzFc}?)Gզj4@ 2LeV 9nkM\"$ _o4#+RYO8# "u o`-Ej^pL׆H4qKWxXc3,8^ш|Sۼ9SII90eRsgSc8`K9Y)KdT)$ZcS17fbW4!Wm2ZRC_'i׾qg})@4H#Df׺Ni5$jCDJ67ʑbb,J:fZ;nU~I?!(JV@ڂ0B'ɔ:J;šz;O9ҫ|YnPr3jU|6(!t3WwQ9t/¡+|t+6+rC;|;/S pmRV vu+;8ԣ܊wp)Ae;9V[]Oy ͡oɒP\9;9RBШilc%SWj8zO.zxMz[4Ň nxbp#p ey/<x0x' )|f 2YwG(2~8:zli8\pp}q>G TCc7Cx7O&.&À HaÈc/ClA*Gc+#0-V n~}e:@3|Bg.$ lk{C=Tt9]53D$[(G?pgB 7p|#PLjd#,_H H8*Ǧ6dحLPT$՗@Og/e`z@䨦[a%dJxj'(t ;C7sXٹxad-0+4 Eq_*GD" Ƃm"F =?;4HjXP:SX;q@':HOtc"E6r Xixɋ)0H,C+T+1CD7BVt  %pdx"G $_q>оl ]v ZW`z !{hBzBX;͌\5+" G$G`o;0ju* Qtg ^ PŲ3׫}T?RyhU+dcI1hu! 5F6 j0Q΢i .Hqr~YUe;%RJYa$hWnq`6W1|9obӊ EbO&d#.C?v]|aQX!`l'#)- @+ۯ3À{B5~Kp?gD,Z­9kk H[LV3ºHp p\}]u&̈́!2ч b?~Oe p> CK4Tgd< \7Q:``/OD6ؓ,8$>-K8O3` )yS)B-+ ]`7ѵ(2'X'H  p F˄ \TK85h3ۀPln:[?h'+G= =i;ć!W4+GhM ? }-b KM/ _kXVQ_pIc$+Ў̼Az/|#1=cz\ci%4+oi5tீ+BlП$@#Nquןw9> cO{U\l@9zpuG+0րI1OUH|$3LM J|Q/1M?D]} tphSmQMC % Iml ߄[ 1 q O5Uߍ~ +aU(z~/C 9qP{:z >""sܖM<U/qV$ O6h7zJ5b(HLNb9L0DW߇PSY7sp89Fӑdōo.J``1OfWʕd-_Spd0 kQZl1!,ܫxB~Ǧe~62|{2bNHL} 0y9 {fﲘ(OV]//_&Ue/:`Y3PdQGYêtᆓx/(Qv=tDhO*hgvKaaGUŝw* x@,=u#YqR<#1*-S58Q*6AwԌ $+\#a8ѡ#,Iȏk;z-ݗpS]OKJF[`L!_l+GC b>wyGp2~;%`ƃ^= t<\0Kwg+6M&7>, [858Y}\ںcoKڜ.Ԏ)öq4Vr XMǹĩ[8MSN߷tRwu-,2"[yoe-4m_IӸ/԰sJ`=M Nd' nh5!a҃!5 ѐ%R_Ò- #r%/e1r%^M8TQB8eXa"@,1^lepJ U`P'|kxyd L*/ֱG /RcTo /":$bXo:HچHuG*5e2 ҉L' ]#(w;'ù1&bd0WI҉$i.N`hd "c!_ `( 2k4-#5* f"`(@V+7Pa-$XgudT"`n^v5\mε+hLj|< yE2FUpR*i`E,a/.& T+6px{v-]l[UV>׶KmZnv3e2Ҏ2\Ը9\avo n0t*kh:J,ko<`zl;òle[Q$n_ũ~ѻ5tҍ))ZZgw7rjq: n^>g˕MO `C%y^e ɀpUIr^NL|'Չ`pc^0[6Auj;u _LH] tssăEˬ^ C鍍 i] Y@P*!0AHYc`CMu\dƬ1*@Zֱ1k=a11ˌƘTj.'lY n~'nkj~.FŸ"¿vx УʈL5>?nYܿ뮳z ,%}m,flhNxz~}F Khc5&$/N3qbf|+(Pg9.q2z%D!9<1`nfApܜJ z($:I ) m`!sN&laFAYE#r؀#yFʥ=!G (& 0gV6<14òo Ozމ)⦩bal8OOl 0p\.?BqoJh |7 %&1TZRJYv,KuD}Ɗ3Xl*ay՟.#H%`p8* 7ALhX9dZ.\D(˴I/=ֳIXj=&]<#S0R0kZm}o6@3'i3 P:n\3ԣZsXle *Q3(PvۭV遒|̊DvPP)POܢT0 ,ϑ{uV]&U] za~"CXAc|v*3=kDڒE=)uGۯ[g 4ϊ}+@\"+`!B>囋cnoBj+2L<Ц.AWO.%SX۶"8AW%RM6o2ܿc|;>זe6v{<-WiW_Z}_ryϻP˒MA}AݼL7,z /|>k񹼷JY)K+S՜2{N sDcz%4 NAhI췪8*:6]d},~3 d{\[{8\b-|63ɳNo܌){"OTn>d̗!nzs=)RsvҾkkFu-S&\МUܬis UDnl*ll=EctX1/TH_==81N)yxMApv ` i?k]$n[2="g.Fҥ>+JK?a)y|Ғ,ZO{H|y/$NE%JhPBXRΔsE)gb%LKo,5"i)IҒ:ChifXfY"JUqm PF\KI3{AJ+^+P#O;TBK.eMV*QWQh2ߵxg",rLe6MU;)n&4e-pq7afznƶç5ޚ0+!B[KžyN~uyy5ZwV!yϙ2de_*:?O[i^t^ј&0E8qW38c噣Ӣ4gyN&9oUo6$~_ ~@K ęV"]&90| IT!yրO|U<bAmV|\ɶs 9T)~}\wP|<$㽗9|mdZFg3tfKo{0ͻ 1D-!qAM|-"ynk.e}%,{ Behyo0|Q%x$|qf<3o] pWu^ؖd?۲8fЀ\Eq%nFbdGu[=՟*LҐtuкL5 M fäi=4FS\43ui:d%=g{ٷPӝ{{ヘ࿦Q?mb2 Df՗ycQ5\f/Wfɶ}_fw,ջx9k}l;Geׁ~r3U*ZF͂UΡPNi_+dzӞ&Bvhw ј-bJu] -&3 2_T̈h }AX8cT*L8V5t.V ~X7GY[lZ2bVbWHkdb>2| _R̆xr C ]g(OkY,hKA[|]֝ːPӗm1MEȡ;W&x/rQ/"ԫSWDk8Z'DY> |'R/#9ݹΕo< ߈Hwh`68o}&GwMp ˫Sa>ttVKct\ЪGԽsU.7W꾚Mj*_6UbU@f#t^jո0_ ߡʊ%Z>P Zz̼U_ ת .כ$NMXu?_NR'hбtd<:vX J5q^M?wfW,Mߙۨς;^^}{Tc=2{;dc8_4qqfWyi7ժRِYM@1.k1ᚖ>d3VqL g[ۇhXҌXG5Xc>AFԲԽ)w'Ϛ>Gh\G`נ @“s/@*<[F)s`xxrOcץa*ze Ȃ' =JH* EHg[d-҆o"󸛰a%M^૸Bz+cBoJqҤ:} x},R65tkѼoXijhnw(hd\$켃DvMl},i?Apvl9!v6XQvfag-r;BkŦ駲:cmЦhmGA~l9hì&l\1JAя,>[WצDZO:WK\M+>~Z4Ig7fkk%S~C@{\bb%A|IO2 F.FHVA~2 #m-;HmaӴ\ZT̽?|=)r v?=nWۋFzMSoAeo%Eǐkk%>Bǝ+ ӳ'<.g@Z5V[Ֆ5F7֐Un1]/佲 ߛl5+D9gTu^*pokV}?W>v141}*#z?$9%,i\^''쳍pq.usu ceS M5f}*usA^~g"EkAuֺ-꺻k.)|!ub$ya aRV~_$=;a@Cbo#C_}8x婜9^-'u)2L tY/ezV)~ k4kb;Oogr/7'̗؃l<;Gqe/Z nMMg}bmMk-0J_Ka2X;5F^}hJEX[s HC8Q7ƍR6>zysdD9>†jdp^6PbP57۰Rlci5:ky75j| &F[m1bz5ZYUqVkzb}ޏU9lA&S}X9-}:kZ"҆dp>쳨-}jx &gd Yy%e(%{μ׵:,&wdh6+Ag!'EI.zdu aJw'jO] 9~#j,y~J$su_qWBGE|]G^ a" B]#4g#,a.aSCåC7U<\$^_uy>йzN2Ԙ*sMcCuSrxK$Fu #9v} F?,H>,?&9Zh^oo1:̅3k*' -aލ@Kw_W_Ot4"V %/ "3䗀}j5?3=|1@vי! y9U\#njo嗬OE=&5rcHK C3-pl> "drOtI!N> Ʉ2ӭbN-ys?*Vy5ZQ_i_˾,{COKa2_xO!3)^w@:kZC>ȳJM?6Z/rQ* }im[f1W ZV ,Gѧu^ouW d8aGk3ur\=urŐ'E}@TOX'Wq:x]KF>ukI>u; mJ~0#[Dһ,ь2_q##Đ'YⳀlSd;  -avܯ jaF?ʸևmGZZ^/3X/1@T "> @sv+zx{CVVd6R.@v*2wl6EPa4XE-9hXZFzcdU@(\"s`ȗ76 2#rŽQNȺwc4 HGJU(xXJ}r#Sqr ;S@bDqkl(5mBb w(O}^䣀lWdL^r(f1;K~EŪN> k1'ma7ZC6l y 7¸Co_ ;@&ԫw1GQ,f)M'7S,"C9FLx4~>V1O`?v̱t,ܼS3fJ5H4) Q]FG ׄ+qRѽ y ' a}ᑽCCz#8t,(8xe#es0<Tkdx֤>[,I W弲Cpb5q21jˌ[t}_Y8ԈAXY-J"ƲY+J:xVTwI_[CW0ҽիp{1SԩSjGB.;fr*`$payhpWAr>Bl7!}ht*l: b)3gt;W.M2kB *'p_rN%Nf^1;wߥ;%*8 FCks#c8OFz@Â#s'~`!Tո7` k 8,'t?jⶎ_0{];&SX}D:t}!) j bVJ.}3㱢7=~㾲7wL׍W640m4q% 1K/k&zйlk1$m&Е:)QȍP(|i!B`СJF)tgȻ-1h,ykZ5f B fI_fwR3128~C˟pqkt.?;]H=gF bT` CﴇIcA-9cq+kh秕ԮХV8;[cctt(/Q='DP ] 8;48oY`A VyT(4ւ^DɷTDmCM vJ o3&)dRgIIv"cĕCڵ]_$Ơa/Gz "4{Zݴܡ`P>1Kk8TJ]:ń4s~QnC7a;RbM}>E!>d.9cpO <@duўh) NȁV WO杲Jv]bT3Ibrgv !˙ۣi-"#凭N>ݭ9kʅԌSzϸiTNSCuq!*oaOi hJ&cn=.kfB 7d.g;rCE_ aƻjU(A ]/(^(Gkxi ,&^dX3Rlm\[!}KSwuwƈ#`L@#b$=OA`̛쇡Gxñ1W \hC)EZ9bIʊ,5R CPUJxU6.DO8wa^! 'X:tFhBJDuGHpȊ9~LEZHUmkˤ R "$5W'uYa*9m\PuYI;]y`U` r~23swШB6eʇLݣ 'YKװ;u?}RY>PKսwPK-/_Vicon.pngPNG  IHDRnPLTE^S9tRNS &8 BzI ӣ*2װk.p[VNφ=u_Sgc_v#IDATxVP $EnjGDvHN{X afО^fQ,7CY)?ObP%jY1ΏW#MGr -d;u!kuF)kHsa+պHy$doĜ/BHyJcTB6"%=fHﻐ-a/d΄榌 {BE&|ړ&u*#)0,lV)0,l>R`X6smR`X6)0,lU`MgεЕҵdwP95 Vk–3 [4o D=D+!հZ`+b0{Ks0,\%PcX$]|p"Z B0,\5+cXr1>`XjSðp4fPѼ*3p/ T49,PpYAT$._7X uFX pΆ='w"&TX/Jq''TpZژ˄X׌?6o|*wUؕP^fxϿ_/f/=~cmd[{$ \\l9$cs CrͶ{=tqX / wbc" ,P,Hm_ KC?]`~]q2V(u{s=h{̴\q*VەmM܂!X̊-#'ڽ-T;8pBۥv;{qpΉ`*-Iޜ.vv;&@p؃?Vau{s+ j]ފ.`b?~ÿG ~gfVPc* 9}8ža~[⯍PB_~6%s_6 )ފc@)NL4tP4KC(YPdLsХDsN=@B&:w[i@ÂBUP B"UP/֞4*,pWLDH:i]PuFq.U:nPvF q! K6ވYXp'y8$0ߏ_kQ`GJAI`#uj$W~ \P|I0_J`~fVK43e `~NX\LXz<)GF 0i@/@9 x^'uh \`\3t*<:h Imfsx!`=ʍb0..H-A#m'0.@A@0 # p ` @0 `H:lYlK8/`!$V`A $R`AK v ! J(Ĉ,vr@M,} DP__ FRWb3 E"C1X```5" %1n HL|Weؑ"u B늭o$/mΎ vcy$ Rn3F3MO% n߿-u 5"+FGl-qM|%m*" ra ~mP7@ 3_= ]5IAp1.N`4vi޺ UlUFVb[h{`Z8@lܠHc dkO-0%z^=ޥCW=>$ɠ`b7.;iQUiw`kmf~͚og)lҔ(1POFXv]RMJTq"1cF{ D6.)q9l擑ڽA$ּs_#S9B1ОbNԄ(', "*qW\Ǚ=甶3-{aL&ϔ 0\M[F΂q[sqh1mUxBY# ePW F-Y{0ƈ;4>5F1}.!3\͌FZ eH `Etŵ-,1Pܧ0 eԐ\#k)*HKն*M)] d7_\Ӂ- ErL'M3vwڷ.厸Y?Rpςxzsu|:U_-޺ҘM[x[mOxMoCq @ ^ FD8[|-`:w%jV,Uw\ \iXW>3r /]0nO,Ѷ%af7\"o p&P7s«xj品NxSWIxyO0N=]'ӈ^M9}h%| *'a~˛?2O.TP4CL^ wT^sqB(8 'Dٷ/ɟgI»$_+.VKVeG]:ZHb#JCd$EOfJed@\0m&$oօyΥwp *W<3HKr< x;q@#vSf d;;+rGA(M`$r |xHQmM}|*=9rX|3A7L9 h'o !hk  3 #韢D'IKd7;a?D dUOWeld 8]5V\"ғ~nԜ17;I㧯!cȏ_ ҙsૅtH9AzgHλu1:۾p (6TWB+Y8Pn:xvRWZ4P셾ڥm4^32cqu{h@IU鿽ޯ^/\-&̴ Rs3wco7_BEVr d) PѠ?[ i:[m@Ah݃_Q}97Pa2";#$!9o@軂Db1tW RTHLL7HsNH## [OB%I*ڷa|TLT@c`+†nD%(۴w#@$0sT޹!QKGM.|0c3S Y(b@VD (xߢ֞IjU9fh;3;;kᇺ]'?tD6- n#ek .@6;O%+Ĕ121%CXBTh'R LG=LE&%BѬV^'"xX?a[d xY?ȢB i"61_>?QMηֱ7@9@,<(P߻@ #Q\h㫋~!_F.ЙꐍCAkߦB(XKHP 3Q/@`}\8X(+(YW»pzOB4XիYb!α9sjӁoD t|X ov݃?!mcdEferUE:$EuDL?O3Е,wn|S~@#0) kf6 LRZglftR1aR(:?ǼDcL^~;!1eCFӔdႣ\po(,wT{S" I  :%'w%/gT.Ӫ+2?D߀!|/vZlӟ3:Sw0߹;5z`.A!%M拎f#kTDEZXΜjңs4<{٤nc%0!Me\_(L7)5\/`VVA|m֩ ls.;ƛ s nK_A>jN q՟_a?kWGS !` :F.?MAЅԎX;޶A|O {BdIsg q<Ўj[Dk_n HO% JM7f+sS/W6GbpQ`ۂXa!r6b3_.Zj$jЁL%DŽ[h싒WO-nY <F&Ϩf͞~'YpaJ1ɹXgdYt75b\=:%drR+xv$;;d3=yʏSLN!-X\Ǩ߱1gZ` RAJ0xf'B&s%XBmTK"cXoy]Q;<|֑ԞCw=Bb9Uǎ6Gq*-YY}zMXm:t@dCJ`R̃G0ܡ,[jpȷ@.5&_Aw3EshDFL h[{EwMTOȫЪxBjQX|AG2I\ 4Mdnj?vo<ײdt ٍn'_ZsDp6'_r;`<mضcdR;c4L6V߆ɮN't&0K-J=EZm.Igs=5-_r99;nM+qH@UO+7pDG!3 3Zڽ/*zMmà%(x@\Ppة9ӟL;XT$oq!ٓ6C82΁,νp?"9[^v=[wFr.С@#o0xElg,tHt$Bw,vۛ8ɳ$ÿ;K׉lACJ(4^' e1.4NjV'OR*+4Nb|NgGE0ԟə#3 :tWZLg8j}#J4exty{eKNEkVgq/C~qS2;ўvz^%$jzf6$5 S!`u;Q$dWz^$/2_ەz|$# B~\i*L"؀D~X-N&Sј G›*ci~qP ٗ$ PsG8AvJ8>}5d ,B:7!@hk^!} HX0)dd[ "K`f4 ibV*UB>A@(QMK*5J'6B뻡iN +HvΞhOK+`f0syGc炔'U#1),?v8 ܢi KmQ {psd$@bAgrނ&skB_gQgRlD;yl=R'Kn_d.=o&)U s1$"ok1qC~4Q@3R36#N2,4rP mwa *uyA)?[ ~4ޭ= 48Z@ʺd|򎣁#"=R\@}{d}c+!aSA$t=d:#{ @'lb|`>-Z !$SќO4\aߓ߽Hc{QiѨ ኢFWR.JJ!ǑOj"h&ovSw 2 =T=,/ \N4٤Hhd'!٩V&,=R&u\ek'NB8]h;2;ynf K\[f([P`ɂv]:`7}"O@B#%hck#5!|b*'˿Yug*8S'G%xOy7naѢ7byξSxR; '~ Y0@q7P ^J:Cae8}7mR_7p3e7 ]f7n>ʹ6aqdBJvS7oգk+y.0٤~ T/2PAH y=$AL|%"/qtT$8O@,CcxH "K)5mVWWD~Bx̠ݷf:/@C>HƊwR96vK,:g::'o.'XXC=DT_JAwezJ 8&Lz>.B c^/0+-11#L;Z(FHA4'T@5qX[CkÍPef0^pN@KG jC^9؏-<+huߎ bN_x]ZpRBC7hj6ਣD߂GGMtP%HH?\3BȕR 'HcCDN?8W z׿.~ RI?F!$tMOţ6qӂsX[XbnQ0Dy,er_Vi{T dqT#.Q8݋a{Ǵ~B;[ӆ7_䞆; .% _}:Q0rg[ rqhT9os]L/ Jݶ{ޣ?0G !zuV0ï)q>``īIO_\,L;& mӇ?{6 MN_ٙJ򳻏{t3$[ RmftnQ] aeu4 &5@STQV<ƹ`i e<Ȓs$ڇbe&ټ8Г?D_Ի#4#ssy^nTjHMrwܦ\>*2mTIlP??D~[@fph[lGE8k5a~Ao7-ZQ3I-xRPyWKl1)Mp!A s!gχ{i }lZnbo\0CtآOz1(%5 }1(3Uv&0Bq=/mlF0kqƣWsm,*.hH`¯1Vp6`A^pNCxGGu-yAJJ XFsb;Gq>1u(Kxc}ka2 2;A tQS"` [b87v9C,}9&a ʾҏk/C31TWa>i7ت+O,AH?Ά9:55*h*peXA2#F1HgY/h;ܓl/t6ԣz@s:N&F?uG6Dr4 =]~] ,CdQ|W!(Fe+sEsL!>{-ฆ JSw| k?ηBW"uYmBt>67m%ُf-@$QGz DgSt'Fs+[`L 8d[nd"T{/j,\m+*,<Y8 zRof{fԡMT?ϜGD3G[Gwk2Lވ {rth;/_}j}k-{3} JJIlW< 8}C'7>c7)8h}s xa;\LDI?K g+ uvN{.}MCmnP.*wJuqm[/ ?\o v sѳقţw u"`,3P } ^:sf !xV(Q*rLgfz5ܝ.+70wJ;Q-겢3pI.z ?0^_wbCX{=+\25\/cL> V=p+áQm 4}&IvdbS] i\G'81ø..֤VC O/:"2泜 @{Rp3ksf71'_uNtш?8V#zr_"$#SR28ymbؿ`;W:\C=n?mlpdيK䅭xH< tt8;uz|H8<jkd>\ϑ:9^]jzFAPJI΁oyoz6}@p;V'zxW -ÃF?Oތy2w cvO}y{Ej<}az_}-L4"} {EkBGjvpgQ&E T谿C:ŝ@'b8+g@75v8d@ Ώt#߿¥&atQ~b?Uc?Srz:߯N(.CfrFr. RNZ Iv]CCւh;v~QH[ߗOdc7aJnj(m0!piཇ|' C:O,]z X]*3VJ@^Gj.# AH#:+Wg& Z=EXw㒈Pɹ눾Y$Vɍ $4mLm߅>LcI !l]0>Ch̠5'X(-B|R $u%9?j\fP]vq ]ImZK, d q~YO5hq '@J^ޣy[)_ҝ,n/&]lCyW} y!~9w`ZεT0щQIU~0.ր%mKm["Cv0QջΓ-03#ZTh/[kI`T}B*W2v#M1"-/_wP[[js9BU3];( Ig7 >XG5b/wPYxVa㿝`w IZQH)h!%T ڀ}M8IBJpdmcRƎoyX t^^^)(w`r_ ܫ8͗+ښ͟CoJ M%h7f,F){S@}Oh0O'3_AzJe{“Bc<4Jt0nqrՈH/͌_Oa)? Ze!/P% GX- ۚPyC(3PF:c֎p7=huŴD<*B,! Ud*+g. msXF5sb$"?) ;a^DKuP ٬#T#T3@=>TF&c$ J7%:_a Ԯt4n\hkgPQ'ikiTlQ)={?B;,JȖ S87JW+R+h_:ME6vBj!l1?Tjp5XMA"Cd+kRG߼1]Ȏ+`VQ6'Qy"NBsv涪{xo$Ggs56 {ڤO K9@P1 =1˘AN|(,}&O%۪TLɐdg"u}2 8H \r0x?^.,Hr9|8 &-"Q\I UsqQ{♰ŀr; 9y>ٔckmR+55gOy&E`WM>ȏ͇޻ \v*լ} briA􉳇/W<*IZ{do;3$9ʿp3? Gω~-PXn!]ǔܚ&}+\=|ԎKhό03ng3XMq|} ([[`w*pA[ _ǴXG=^s7?7Q]˭Y, LЬ,mRԆ vcͭ;H&DLt2:Kl\yT*=BM)8xa31B#|/"5"u4 ;ĈYx (~ JZe2n ceQH``rRg ACFtQzVGx[@*+a)=<ϿkkWsA[if7*F 9Gh9Ky ChLZعhXJa4dbY  ͊iT@^3&W:Lk KԆIV(Z9eAi2U3Ha[7v8ڐ]Il ?مڨ0g,j8ikўyB$͡b{sІ Zz% <‰Mo{< b Ĥٔ06nK*q{lxހ{;+Q?i5cm8-Cx769/#RPv|k۔Du0i1gLy?c8NW\`݀Y5,H$Riy%]x --0 9{0z7}jfb:X^C{o;dN@Isf p|{ Ѐ=_.x:Ϛ9kN Eq. ^9 ұ\M@ޟ@b1js=D2\ġvxAͳ a&c"2B} Y~U0xi("Ԑ%dQm (BkH.nzj 89M$t;xtҏ D ys8JdMC, DEqRcx@ Ր7aTCx dR7LO#KyG`dpP+Z6H9ࠃ L n3(|dŭWDNrX[wHo C/)}81\Ϩ#CiS&?!~G.&"B/,D`NhT~Ov8%pC;z!|^y;N)g!&-sB-WГ#vMHIFǓI1p5ȋgH L H'D*dP+% L$P+! $0*%3(PHnH llkR}%Wܥ&S&(#wɐ3cZ6Hd)ׁ{smNR ,B77lVv Ui6Mݸ_%>͚񳆫ϸ=#vLˣ}@$Ɣx ]nDraPōU|C*(D2J^h,/xi"H!d[£`{_0=Nv_55WFVi}JtO|Zko5ݑLB{htJڝ.gإ8OQ {twU h]8ߌI tRexК@Kor{bѐz&=s%.nMdcEi_E>{RE#rv?gRn2RޤAJVC@npȁ|ޗE;ovŭI7JJAc7]^4E-W{> #:쒱&%Er i" V@wZ$i(Q0b Ex Y=~֏&|m_0jVZo23wUt?eo%dh]iBQiPt?~M|~p&} I ErfwuyQϫn;-_Q ,jW}~ -D/ erPG|r)ޚw 66ss>DHo7ۜvDRls۹lYǨYc7Y9i^R }ẉx̨"^ivg|A~\,IsRck͝=yNp_!Ku+; aVÜ?ngߋxdYtNzN=+<7 >@N+~-HPD~K-,Ip`@n 򫠥ul H2ۇG:%T,xrs2ΓW O҃lH9C;<~RBkqsWƜCo%lY"(B$ԊL }xP[`VJWV"F>+yl:$AK?X+X޼3Osm\tUibԦ֌D /fO˛'6hL{r~9^Lo32gvO=1rdl{uR9纎̧jKm6xYA[;yzBJ$.QFN<k*i,^sLMgD?8qG _cșq3b֋=| 4Gh5{V%0]V]H6ɕ6R-3*~29|r=sx{p"~9['9#〟@Jzh&d堵lE/&ޅnp ^v(뻚ႩÓyIC#t0+[k`՗ oQjs?̧`ě!x(?&=6=g "Tq)6k3܆& Ao:F~d9 IOY%!)r};Aw9' uZXj2{";Sl҇h|7)Y=\x 5΁aܣB~wCk:L]]饽6`]6_{n^:u! :qDaNНP{lJxyдKAbxϝ]=[n>n=.9oB ,ҏ ̈́ޡ"Dn"L(hi?o}VKm`/UZ3ۿpoڻdFK]S{חNs%:й?KsǢ/c%Q[&kw ~d82RR >j(0NiqUSW85%%Ml}/FBG['߅&5LF]rS&5%=^5-Sإݸ :nxqs}Ik7qV!;g- pA၇RFmdel͉EҨEk*{n %^ Ut ^!7Bo=Mlr8ex)y m`ϳ/<9h~(}vT+߯&~@MnQY|bίSh.7GU"[$?ֱ%A}gD <@m7!.1_qjf'Ւ<Ƞ&ZJQG=/_{ʥu7?%c-?=[dKݖ>'l'?߄T? -/6TW;DCiA0T(,+M+%[Ԑ6o%EեeU*CZmlZfъBq9`fِZ;jjuZ겉e&!X\YX6" mIgn $ rN3NGx pFg4<Jyq8  3 #}w“R_aMt ǎbtc*y#N(2;@D ¡@i=p657īc2BDު \*>xdpO( lQ Z JiWi ,P= EQ 7(9- )p;([S`Q \?W`oVL~?S R\V,TEeʙ\,̬T*բ9|JtTK*xfV^_J│նjKvNpi* ~5V^I:RVP1tiq*J_,+_^Xx,-leŕ̳ڂj@2G1v92'NC 5PPn,Z,mVnEʊeŋJELXQhEa-MdBbV-f! W2X伋J+W SbqQae"qU%E4Q]\gXZVάЊekYTDCCb a3T9}2Jh84[8EeE2&բrR|j=.\RQ%2V(A <-.*-KrELPBΔcSPլ(^QT wAY2>MX˺e9ʋVT2E_kj{:w~ee(I+v~Y#.9:?D&t[GyL{M4,V8OY? FFCB:vyQg)GtO_V\^\UZªk8 _.3L30Z\:}YTR2 &UV^]]9ij>IHO&]|kӋ8J˖.-V@OZ95=#=#*KjJorIV1EhݪE"Mx ɺزeQVQR;Fy jp)*1,^kURFp}Z kbd..'A٘E9ּًۜZs̵0O KZ6sU2,#>eABJ?6jE)GgmlNJ%Uy8Ti)R訠 ~a#!nG#MX3gvuAӡѫI e +gc 7&dTHSbb}@eVB0>iς4|FٱViXKU~b)@,QIcy̨7]Ϩ7bȨrĨXeZFjcA-boXC%{cVW24ػ4+e>{j6ΝʨhdK\3n_Lkn'u@ zBc!knMam4&CFNcsK]4֟xdwGjnj\_ďWjB(cG.i8KDzpWJ4UE *HkGFYU< RTVH1mt@!QϷΞ3ĬMG}g\7"296 f(#s~.QҌz<"FLˇyl 7w#~neԿW*"q6 9/F4yPIe2(ҕHB ,w*%^NXD/YfNʃW&BzQiG#JJ(]QwbFrm2`O bЄB s֦P|V`M`> N±Q5dPZݷ P6H=Ƣ](úkcNWY(L?j)nʉ' ACUhoc!ʚعU+0ic՜"2M;vR'mZI8:v:S؉Į_y%qI{gfE9=;}=r~Ν;w&yR.7l kSDBj-GT[0 `>-`%p3DD+C@d  1&1sc@W&1 ̭*0R{0ֳBj1Ư c'5{װ_Hjs I I# cDsG_e3|%갿HMqDޱv'Bc('$n@峰_:7hS8oo8 kn wjrDi lz\"~O5/Wq R:jTȼx?230EN 1ޭ`]7#R[aSQ:RS?钚;k(t0"t`?V[fP㢙 04pɲi:δ&fSDZnBUX:mgp\Clt7V[u zCj0TB`(Az'stfUM͑Հ 3t!5(0/NCzFc}?)Gզj4@ 2LeV 9nkM\"$ _o4#+RYO8# "u o`-Ej^pL׆H4qKWxXc3,8^ш|Sۼ9SII90eRsgSc8`K9Y)KdT)$ZcS17fbW4!Wm2ZRC_'i׾qg})@4H#Df׺Ni5$jCDJ67ʑbb,J:fZ;nU~I?!(JV@ڂ0B'ɔ:J;šz;O9ҫ|YnPr3jU|6(!t3WwQ9t/¡+|t+6+rC;|;/S pmRV vu+;8ԣ܊wp)Ae;9V[]Oy ͡oɒP\9;9RBШilc%SWj8zO.zxMz[4Ň nxbp#p ey/<x0x' )|f 2YwG(2~8:zli8\pp}q>G TCc7Cx7O&.&À HaÈc/ClA*Gc+#0-V n~}e:@3|Bg.$ lk{C=Tt9]53D$[(G?pgB 7p|#PLjd#,_H H8*Ǧ6dحLPT$՗@Og/e`z@䨦[a%dJxj'(t ;C7sXٹxad-0+4 Eq_*GD" Ƃm"F =?;4HjXP:SX;q@':HOtc"E6r Xixɋ)0H,C+T+1CD7BVt  %pdx"G $_q>оl ]v ZW`z !{hBzBX;͌\5+" G$G`o;0ju* Qtg ^ PŲ3׫}T?RyhU+dcI1hu! 5F6 j0Q΢i .Hqr~YUe;%RJYa$hWnq`6W1|9obӊ EbO&d#.C?v]|aQX!`l'#)- @+ۯ3À{B5~Kp?gD,Z­9kk H[LV3ºHp p\}]u&̈́!2ч b?~Oe p> CK4Tgd< \7Q:``/OD6ؓ,8$>-K8O3` )yS)B-+ ]`7ѵ(2'X'H  p F˄ \TK85h3ۀPln:[?h'+G= =i;ć!W4+GhM ? }-b KM/ _kXVQ_pIc$+Ў̼Az/|#1=cz\ci%4+oi5tீ+BlП$@#Nquןw9> cO{U\l@9zpuG+0րI1OUH|$3LM J|Q/1M?D]} tphSmQMC % Iml ߄[ 1 q O5Uߍ~ +aU(z~/C 9qP{:z >""sܖM<U/qV$ O6h7zJ5b(HLNb9L0DW߇PSY7sp89Fӑdōo.J``1OfWʕd-_Spd0 kQZl1!,ܫxB~Ǧe~62|{2bNHL} 0y9 {fﲘ(OV]//_&Ue/:`Y3PdQGYêtᆓx/(Qv=tDhO*hgvKaaGUŝw* x@,=u#YqR<#1*-S58Q*6AwԌ $+\#a8ѡ#,Iȏk;z-ݗpS]OKJF[`L!_l+GC b>wyGp2~;%`ƃ^= t<\0Kwg+6M&7>, [858Y}\ںcoKڜ.Ԏ)öq4Vr XMǹĩ[8MSN߷tRwu-,2"[yoe-4m_IӸ/԰sJ`=M Nd' nh5!a҃!5 ѐ%R_Ò- #r%/e1r%^M8TQB8eXa"@,1^lepJ U`P'|kxyd L*/ֱG /RcTo /":$bXo:HچHuG*5e2 ҉L' ]#(w;'ù1&bd0WI҉$i.N`hd "c!_ `( 2k4-#5* f"`(@V+7Pa-$XgudT"`n^v5\mε+hLj|< yE2FUpR*i`E,a/.& T+6px{v-]l[UV>׶KmZnv3e2Ҏ2\Ը9\avo n0t*kh:J,ko<`zl;òle[Q$n_ũ~ѻ5tҍ))ZZgw7rjq: n^>g˕MO `C%y^e ɀpUIr^NL|'Չ`pc^0[6Auj;u _LH] tssăEˬ^ C鍍 i] Y@P*!0AHYc`CMu\dƬ1*@Zֱ1k=a11ˌƘTj.'lY n~'nkj~.FŸ"¿vx УʈL5>?nYܿ뮳z ,%}m,flhNxz~}F Khc5&$/N3qbf|+(Pg9.q2z%D!9<1`nfApܜJ z($:I ) m`!sN&laFAYE#r؀#yFʥ=!G (& 0gV6<14òo Ozމ)⦩bal8OOl 0p\.?BqoJh |7 %&1TZRJYv,KuD}Ɗ3Xl*ay՟.#H%`p8* 7ALhX9dZ.\D(˴I/=ֳIXj=&]<#S0R0kZm}o6@3'i3 P:n\3ԣZsXle *Q3(PvۭV遒|̊DvPP)POܢT0 ,ϑ{uV]&U] za~"CXAc|v*3=kDڒE=)uGۯ[g 4ϊ}+@\"+`!B>囋cnoBj+2L<Ц.AWO.%SX۶"8AW%RM6o2ܿc|;>זe6v{<-WiW_Z}_ryϻP˒MA}AݼL7,z /|>k񹼷JY)K+S՜2{N sDcz%4 NAhI췪8*:6]d},~3 d{\[{8\b-|63ɳNo܌){"OTn>d̗!nzs=)RsvҾkkFu-S&\МUܬis UDnl*ll=EctX1/TH_==81N)yxMApv ` i?k]$n[2="g.Fҥ>+JK?a)y|Ғ,ZO{H|y/$NE%JhPBXRΔsE)gb%LKo,5"i)IҒ:ChifXfY"JUqm PF\KI3{AJ+^+P#O;TBK.eMV*QWQh2ߵxg",rLe6MU;)n&4e-pq7afznƶç5ޚ0+!B[KžyN~uyy5ZwV!yϙ2de_*:?O[i^t^ј&0E8qW38c噣Ӣ4gyN&9oUo6$~_ ~@K ęV"]&90| IT!yրO|U<bAmV|\ɶs 9T)~}\wP|<$㽗9|mdZFg3tfKo{0ͻ 1D-!qAM|-"ynk.e}%,{ Behyo0|Q%x$|qf<3o] pWu^ؖd?۲8fЀ\Eq%nFbdGu[=՟*LҐtuкL5 M fäi=4FS\43ui:d%=g{ٷPӝ{{ヘ࿦Q?mb2 Df՗ycQ5\f/Wfɶ}_fw,ջx9k}l;Geׁ~r3U*ZF͂UΡPNi_+dzӞ&Bvhw ј-bJu] -&3 2_T̈h }AX8cT*L8V5t.V ~X7GY[lZ2bVbWHkdb>2| _R̆xr C ]g(OkY,hKA[|]֝ːPӗm1MEȡ;W&x/rQ/"ԫSWDk8Z'DY> |'R/#9ݹΕo< ߈Hwh`68o}&GwMp ˫Sa>ttVKct\ЪGԽsU.7W꾚Mj*_6UbU@f#t^jո0_ ߡʊ%Z>P Zz̼U_ ת .כ$NMXu?_NR'hбtd<:vX J5q^M?wfW,Mߙۨς;^^}{Tc=2{;dc8_4qqfWyi7ժRِYM@1.k1ᚖ>d3VqL g[ۇhXҌXG5Xc>AFԲԽ)w'Ϛ>Gh\G`נ @“s/@*<[F)s`xxrOcץa*ze Ȃ' =JH* EHg[d-҆o"󸛰a%M^૸Bz+cBoJqҤ:} x},R65tkѼoXijhnw(hd\$켃DvMl},i?Apvl9!v6XQvfag-r;BkŦ駲:cmЦhmGA~l9hì&l\1JAя,>[WצDZO:WK\M+>~Z4Ig7fkk%S~C@{\bb%A|IO2 F.FHVA~2 #m-;HmaӴ\ZT̽?|=)r v?=nWۋFzMSoAeo%Eǐkk%>Bǝ+ ӳ'<.g@Z5V[Ֆ5F7֐Un1]/佲 ߛl5+D9gTu^*pokV}?W>v141}*#z?$9%,i\^''쳍pq.usu ceS M5f}*usA^~g"EkAuֺ-꺻k.)|!ub$ya aRV~_$=;a@Cbo#C_}8x婜9^-'u)2L tY/ezV)~ k4kb;Oogr/7'̗؃l<;Gqe/Z nMMg}bmMk-0J_Ka2X;5F^}hJEX[s HC8Q7ƍR6>zysdD9>†jdp^6PbP57۰Rlci5:ky75j| &F[m1bz5ZYUqVkzb}ޏU9lA&S}X9-}:kZ"҆dp>쳨-}jx &gd Yy%e(%{μ׵:,&wdh6+Ag!'EI.zdu aJw'jO] 9~#j,y~J$su_qWBGE|]G^ a" B]#4g#,a.aSCåC7U<\$^_uy>йzN2Ԙ*sMcCuSrxK$Fu #9v} F?,H>,?&9Zh^oo1:̅3k*' -aލ@Kw_W_Ot4"V %/ "3䗀}j5?3=|1@vי! y9U\#njo嗬OE=&5rcHK C3-pl> "drOtI!N> Ʉ2ӭbN-ys?*Vy5ZQ_i_˾,{COKa2_xO!3)^w@:kZC>ȳJM?6Z/rQ* }im[f1W ZV ,Gѧu^ouW d8aGk3ur\=urŐ'E}@TOX'Wq:x]KF>ukI>u; mJ~0#[Dһ,ь2_q##Đ'YⳀlSd;  -avܯ jaF?ʸևmGZZ^/3X/1@T "> @sv+zx{CVVd6R.@v*2wl6EPa4XE-9hXZFzcdU@(\"s`ȗ76 2#rŽQNȺwc4 HGJU(xXJ}r#Sqr ;S@bDqkl(5mBb w(O}^䣀lWdL^r(f1;K~EŪN> k1'ma7ZC6l y 7¸Co_ ;@&ԫw1GQ,f)M'7S,"C9FLx4~>V1O`?v̱t,ܼS3fJ5H4) Q]FG ׄ+qRѽ y ' a}ᑽCCz#8t,(8xe#es0<Tkdx֤>[,I W弲Cpb5q21jˌ[t}_Y8ԈAXY-J"ƲY+J:xVTwI_[CW0ҽիp{1SԩSjGB.;fr*`$payhpWAr>Bl7!}ht*l: b)3gt;W.M2kB *'p_rN%Nf^1;wߥ;%*8 FCks#c8OFz@Â#s'~`!Tո7` k 8,'t?jⶎ_0{];&SX}D:t}!) j bVJ.}3㱢7=~㾲7wL׍W640m4q% 1K/k&zйlk1$m&Е:)QȍP(|i!B`СJF)tgȻ-1h,ykZ5f B fI_fwR3128~C˟pqkt.?;]H=gF bT` CﴇIcA-9cq+kh秕ԮХV8;[cctt(/Q='DP ] 8;48oY`A VyT(4ւ^DɷTDmCM vJ o3&)dRgIIv"cĕCڵ]_$Ơa/Gz "4{Zݴܡ`P>1Kk8TJ]:ń4s~QnC7a;RbM}>E!>d.9cpO <@duўh) NȁV WO杲Jv]bT3Ibrgv !˙ۣi-"#凭N>ݭ9kʅԌSzϸiTNSCuq!*oaOi hJ&cn=.kfB 7d.g;rCE_ aƻjU(A ]/(^(Gkxi ,&^dX3Rlm\[!}KSwuwƈ#`L@#b$=OA`̛쇡Gxñ1W \hC)EZ9bIʊ,5R CPUJxU6.DO8wa^! 'X:tFhBJDuGHpȊ9~LEZHUmkˤ R "$5W'uYa*9m\PuYI;]y`U` r~23swШB6eʇLݣ 'YKװ;u?}RY>PKսwPK-hVicon.pngPNG  IHDRnPLTE^S9tRNS &8 BzI ӣ*2װk.p[VNφ=u_Sgc_v#IDATxVP $EnjGDvHN{X afО^fQ,7CY)?ObP%jY1ΏW#MGr -d;u!kuF)kHsa+պHy$doĜ/BHyJcTB6"%=fHﻐ-a/d΄榌 {BE&|ړ&u*#)0,lV)0,l>R`X6smR`X6)0,lU`MgεЕҵdwP95 Vk–3 [4o D=D+!հZ`+b0{Ks0,\%PcX$]|p"Z B0,\5+cXr1>`XjSðp4fPѼ*3p/ T49,PpYAT$._7X uFX pΆ='w"&TX/Jq''TpZژ˄X׌?6o|*wUؕP^fxϿ_/f/=~cmd[{$ \\l9$cs CrͶ{=tqX / wbc" ,P,Hm_ KC?]`~]q2V(u{s=h{̴\q*VەmM܂!X̊-#'ڽ-T;8pBۥv;{qpΉ`*-Iޜ.vv;&@p؃?Vau{s+ j]ފ.`b?~ÿG ~gfVPc* 9}8ža~[⯍PB_~6%s_6 )ފc@)NL4tP4KC(YPdLsХDsN=@B&:w[i@ÂBUP B"UP/֞4*,pWLDH:i]PuFq.U:nPvF q! K6ވYXp'y8$0ߏ_kQ`GJAI`#uj$W~ \P|I0_J`~fVK43e `~NX\LXz<)GF 0i@/@9 x^'uh \`\3t*<:h Imfsx!`=ʍb0..H-A#m'0.@A@0 # p ` @0 `H:lYlK8/`!$V`A $R`AK v ! J(Ĉ,vr@M,} DP__ FRWb3 E"C1X```5" %1n HL|Weؑ"u B늭o$/mΎ vcy$ Rn3F3MO% n߿-u 5"+FGl-qM|%m*" ra ~mP7@ 3_= ]5IAp1.N`4vi޺ UlUFVb[h{`Z8@lܠHc dkO-0%z^=ޥCW=>$ɠ`b7.;iQUiw`kmf~͚og)lҔ(1POFXv]RMJTq"1cF{ D6.)q9l擑ڽA$ּs_#S9B1ОbNԄ(', "*qW\Ǚ=甶3-{aL&ϔ 0\M[F΂q[sqh1mUxBY# ePW F-Y{0ƈ;4>5F1}.!3\͌FZ eH `Etŵ-,1Pܧ0 eԐ\#k)*HKն*M)] d7_\Ӂ- ErL'M3vwڷ.厸Y?Rpςxzsu|:U_-޺ҘM[x[mOxMoCq @ ^ FD8[|-`:w%jV,Uw\ \iXW>3r /]0nO,Ѷ%af7\"o p&P7s«xj品NxSWIxyO0N=]'ӈ^M9}h%| *'a~˛?2O.TP4CL^ wT^sqB(8 'Dٷ/ɟgI»$_+.VKVeG]:ZHb#JCd$EOfJed@\0m&$oօyΥwp *W<3HKr< x;q@#vSf d;;+rGA(M`$r |xHQmM}|*=9rX|3A7L9 h'o !hk  3 #韢D'IKd7;a?D dUOWeld 8]5V\"ғ~nԜ17;I㧯!cȏ_ ҙsૅtH9AzgHλu1:۾p (6TWB+Y8Pn:xvRWZ4P셾ڥm4^32cqu{h@IU鿽ޯ^/\-&̴ Rs3wco7_BEVr d) PѠ?[ i:[m@Ah݃_Q}97Pa2";#$!9o@軂Db1tW RTHLL7HsNH## [OB%I*ڷa|TLT@c`+†nD%(۴w#@$0sT޹!QKGM.|0c3S Y(b@VD (xߢ֞IjU9fh;3;;kᇺ]'?tD6- n#ek .@6;O%+Ĕ121%CXBTh'R LG=LE&%BѬV^'"xX?a[d xY?ȢB i"61_>?QMηֱ7@9@,<(P߻@ #Q\h㫋~!_F.ЙꐍCAkߦB(XKHP 3Q/@`}\8X(+(YW»pzOB4XիYb!α9sjӁoD t|X ov݃?!mcdEferUE:$EuDL?O3Е,wn|S~@#0) kf6 LRZglftR1aR(:?ǼDcL^~;!1eCFӔdႣ\po(,wT{S" I  :%'w%/gT.Ӫ+2?D߀!|/vZlӟ3:Sw0߹;5z`.A!%M拎f#kTDEZXΜjңs4<{٤nc%0!Me\_(L7)5\/`VVA|m֩ ls.;ƛ s nK_A>jN q՟_a?kWGS !` :F.?MAЅԎX;޶A|O {BdIsg q<Ўj[Dk_n HO% JM7f+sS/W6GbpQ`ۂXa!r6b3_.Zj$jЁL%DŽ[h싒WO-nY <F&Ϩf͞~'Ypcːܦ G?KNJ7OhjsaF:$LbJخC:ٮRںPU^u}С\W5Wۄoq>F֡Yй.t&VQ>gvL: V{#%tdUQ)umW3;:jP8Qڄ;n p,\Jv{}DH隒TYq8>O&.xzPJ_Fo͞=t<Օ/;㭣- ZB"^DnΔ RUM3!3vr)m$Zw{tNP؀Cw&\K) Ӝh+_љIo `[FRiMq~㖡?/PKJ؅qPK-hVAppxBlockMap.xmll]o@7`K ⦴񛂨 qc<':K;QM@":Oh = ^b@(xK,wZ=eA` <ǫ,ù1O\UX"+v"о1!Ix|4p֒SN"bPBgK7^eOlx&3{d54d|y05'3' _ Vto@a*d'l0RyY}[ ?}x?lzPKI<PK--hV unsigned.exewPK--hV.icon.pngPK--hVJAppxManifest.xmlqPK--hV$dAppxBlockMap.xml-5ȩPK--hVI<[Content_Types].xmlCPK,--nPK'PKPKG/PK-/_Vunsigned/AppxManifest.xmlTO0~彖Y5UI EBjY5<Z$v߹MJS%;wIΛ$`*hD (WR)n}gd/`@+ҍs1+6PqURmEBWu*ckՊ;L^Z;iy!4x@ezF8H`pQI4D n R-,BN|D#dKi7`R:KߠU]B`6$Mqr-w0$?~Ggd>pcːܦ G?KNJ7OhjsaF:$LbJخC:ٮRںPU^u}С\W5Wۄoq>F֡Yй.t&VQ>gvL: V{#%tdUQ)umW3;:jP8Qڄ;n p,\Jv{}DH隒TYq8>O&.xzPJ_Fo͞=t<Օ/;㭣- ZB"^DnΔ RUM3!3vr)m$Zw{tNP؀Cw&\K) Ӝh+_љIo `[FRiMq~㖡?/PKJ؅qPK-/_Vunsigned/icon.pngPNG  IHDRnPLTE^S9tRNS &8 BzI ӣ*2װk.p[VNφ=u_Sgc_v#IDATxVP $EnjGDvHN{X afО^fQ,7CY)?ObP%jY1ΏW#MGr -d;u!kuF)kHsa+պHy$doĜ/BHyJcTB6"%=fHﻐ-a/d΄榌 {BE&|ړ&u*#)0,lV)0,l>R`X6smR`X6)0,lU`MgεЕҵdwP95 Vk–3 [4o D=D+!հZ`+b0{Ks0,\%PcX$]|p"Z B0,\5+cXr1>`XjSðp4fPѼ*3p/ T49,PpYAT$._7X uFX pΆ='w"&TX/Jq''TpZژ˄X׌?6o|*wUؕP^fxϿ_/f/=~cmd[{$ \\l9$cs CrͶ{=tqX / wbc" ,P,Hm_ KC?]`~]q2V(u{s=h{̴\q*VەmM܂!X̊-#'ڽ-T;8pBۥv;{qpΉ`*-Iޜ.vv;&@p؃?Vau{s+ j]ފ.`b?~ÿG ~gfVPc* 9}8ža~[⯍PB_~6%s_6 )ފc@)NL4tP4KC(YPdLsХDsN=@B&:w[i@ÂBUP B"UP/֞4*,pWLDH:i]PuFq.U:nPvF q! K6ވYXp'y8$0ߏ_kQ`GJAI`#uj$W~ \P|I0_J`~fVK43e `~NX\LXz<)GF 0i@/@9 x^'uh \`\3t*<:h Imfsx!`=ʍb0..H-A#m'0.@A@0 # p ` @0 `H:lYlK8/`!$V`A $R`AK v ! J(Ĉ,vr@M,} DP__ FRWb3 E"C1X```5" %1n HL|Weؑ"u B늭o$/mΎ vcy$ Rn3F3MO% n߿-u 5"+FGl-qM|%m*" ra ~mP7@ 3_= ]5IAp1.N`4vi޺ UlUFVb[h{`Z8@lܠHc dkO-0%z^=ޥCW=>$ɠ`b7.;iQUiw`kmf~͚og)lҔ(1POFXv]RMJTq"1cF{ D6.)q9l擑ڽA$ּs_#S9B1ОbNԄ(', "*qW\Ǚ=甶3-{aL&ϔ 0\M[F΂q[sqh1mUxBY# ePW F-Y{0ƈ;4>5F1}.!3\͌FZ eH `Etŵ-,1Pܧ0 eԐ\#k)*HKն*M)] d7_\Ӂ- ErL'M3vwڷ.厸Y?Rpςxzsu|:U_-޺ҘM[x[mOxMoCq @ ^ FD8[|-`:w%jV,Uw\ \iXW>3r /]0nO,Ѷ%af7\"o p&P7s«xj品NxSWIxyO0N=]'ӈ^M9}h%| *'a~˛?2O.TP4CL^ wT^sqB(8 'Dٷ/ɟgI»$_+.VKVeG]:ZHb#JCd$EOfJed@\0m&$oօyΥwp *W<3HKr< x;q@#vSf d;;+rGA(M`$r |xHQmM}|*=9rX|3A7L9 h'o !hk  3 #韢D'IKd7;a?D dUOWeld 8]5V\"ғ~nԜ17;I㧯!cȏ_ ҙsૅtH9AzgHλu1:۾p (6TWB+Y8Pn:xvRWZ4P셾ڥm4^32cqu{h@IU鿽ޯ^/\-&̴ Rs3wco7_BEVr d) PѠ?[ i:[m@Ah݃_Q}97Pa2";#$!9o@軂Db1tW RTHLL7HsNH## [OB%I*ڷa|TLT@c`+†nD%(۴w#@$0sT޹!QKGM.|0c3S Y(b@VD (xߢ֞IjU9fh;3;;kᇺ]'?tD6- n#ek .@6;O%+Ĕ121%CXBTh'R LG=LE&%BѬV^'"xX?a[d xY?ȢB i"61_>?QMηֱ7@9@,<(P߻@ #Q\h㫋~!_F.ЙꐍCAkߦB(XKHP 3Q/@`}\8X(+(YW»pzOB4XիYb!α9sjӁoD t|X ov݃?!mcdEferUE:$EuDL?O3Е,wn|S~@#0) kf6 LRZglftR1aR(:?ǼDcL^~;!1eCFӔdႣ\po(,wT{S" I  :%'w%/gT.Ӫ+2?D߀!|/vZlӟ3:Sw0߹;5z`.A!%M拎f#kTDEZXΜjңs4<{٤nc%0!Me\_(L7)5\/`VVA|m֩ ls.;ƛ s nK_A>jN q՟_a?kWGS !` :F.?MAЅԎX;޶A|O {BdIsg q<Ўj[Dk_n HO% JM7f+sS/W6GbpQ`ۂXa!r6b3_.Zj$jЁL%DŽ[h싒WO-nY <F&Ϩf͞~'YpaJ1ɹXgdYt75b\=:%drR+xv$;;d3=yʏSLN!-X\Ǩ߱1gZ` RAJ0xf'B&s%XBmTK"cXoy]Q;<|֑ԞCw=Bb9Uǎ6Gq*-YY}zMXm:t@dCJ`R̃G0ܡ,[jpȷ@.5&_Aw3EshDFL h[{EwMTOȫЪxBjQX|AG2I\ 4Mdnj?vo<ײdt ٍn'_ZsDp6'_r;`<mضcdR;c4L6V߆ɮN't&0K-J=EZm.Igs=5-_r99;nM+qH@UO+7pDG!3 3Zڽ/*zMmà%(x@\Ppة9ӟL;XT$oq!ٓ6C82΁,νp?"9[^v=[wFr.С@#o0xElg,tHt$Bw,vۛ8ɳ$ÿ;K׉lACJ(4^' e1.4NjV'OR*+4Nb|NgGE0ԟə#3 :tWZLg8j}#J4exty{eKNEkVgq/C~qS2;ўvz^%$jzf6$5 S!`u;Q$dWz^$/2_ەz|$# B~\i*L"؀D~X-N&Sј G›*ci~qP ٗ$ PsG8AvJ8>}5d ,B:7!@hk^!} HX0)dd[ "K`f4 ibV*UB>A@(QMK*5J'6B뻡iN +HvΞhOK+`f0syGc炔'U#1),?v8 ܢi KmQ {psd$@bAgrނ&skB_gQgRlD;yl=R'Kn_d.=o&)U s1$"ok1qC~4Q@3R36#N2,4rP mwa *uyA)?[ ~4ޭ= 48Z@ʺd|򎣁#"=R\@}{d}c+!aSA$t=d:#{ @'lb|`>-Z !$SќO4\aߓ߽Hc{QiѨ ኢFWR.JJ!ǑOj"h&ovSw 2 =T=,/ \N4٤Hhd'!٩V&,=R&u\ek'NB8]h;2;ynf K\[f([P`ɂv]:`7}"O@B#%hck#5!|b*'˿Yug*8S'G%xOy7naѢ7byξSxR; '~ Y0@q7P ^J:Cae8}7mR_7p3e7 ]f7n>ʹ6aqdBJvS7oգk+y.0٤~ T/2PAH y=$AL|%"/qtT$8O@,CcxH "K)5mVWWD~Bx̠ݷf:/@C>HƊwR96vK,:g::'o.'XXC=DT_JAwezJ 8&Lz>.B c^/0+-11#L;Z(FHA4'T@5qX[CkÍPef0^pN@KG jC^9؏-<+huߎ bN_x]ZpRBC7hj6ਣD߂GGMtP%HH?\3BȕR 'HcCDN?8W z׿.~ RI?F!$tMOţ6qӂsX[XbnQ0Dy,er_Vi{T dqT#.Q8݋a{Ǵ~B;[ӆ7_䞆; .% _}:Q0rg[ rqhT9os]L/ Jݶ{ޣ?0G !zuV0ï)q>``īIO_\,L;& mӇ?{6 MN_ٙJ򳻏{t3$[ RmftnQ] aeu4 &5@STQV<ƹ`i e<Ȓs$ڇbe&ټ8Г?D_Ի#4#ssy^nTjHMrwܦ\>*2mTIlP??D~[@fph[lGE8k5a~Ao7-ZQ3I-xRPyWKl1)Mp!A s!gχ{i }lZnbo\0CtآOz1(%5 }1(3Uv&0Bq=/mlF0kqƣWsm,*.hH`¯1Vp6`A^pNCxGGu-yAJJ XFsb;Gq>1u(Kxc}ka2 2;A tQS"` [b87v9C,}9&a ʾҏk/C31TWa>i7ت+O,AH?Ά9:55*h*peXA2#F1HgY/h;ܓl/t6ԣz@s:N&F?uG6Dr4 =]~] ,CdQ|W!(Fe+sEsL!>{-ฆ JSw| k?ηBW"uYmBt>67m%ُf-@$QGz DgSt'Fs+[`L 8d[nd"T{/j,\m+*,<Y8 zRof{fԡMT?ϜGD3G[Gwk2Lވ {rth;/_}j}k-{3} JJIlW< 8}C'7>c7)8h}s xa;\LDI?K g+ uvN{.}MCmnP.*wJuqm[/ ?\o v sѳقţw u"`,3P } ^:sf !xV(Q*rLgfz5ܝ.+70wJ;Q-겢3pI.z ?0^_wbCX{=+\25\/cL> V=p+áQm 4}&IvdbS] i\G'81ø..֤VC O/:"2泜 @{Rp3ksf71'_uNtш?8V#zr_"$#SR28ymbؿ`;W:\C=n?mlpdيK䅭xH< tt8;uz|H8<jkd>\ϑ:9^]jzFAPJI΁oyoz6}@p;V'zxW -ÃF?Oތy2w cvO}y{Ej<}az_}-L4"} {EkBGjvpgQ&E T谿C:ŝ@'b8+g@75v8d@ Ώt#߿¥&atQ~b?Uc?Srz:߯N(.CfrFr. RNZ Iv]CCւh;v~QH[ߗOdc7aJnj(m0!piཇ|' C:O,]z X]*3VJ@^Gj.# AH#:+Wg& Z=EXw㒈Pɹ눾Y$Vɍ $4mLm߅>LcI !l]0>Ch̠5'X(-B|R $u%9?j\fP]vq ]ImZK, d q~YO5hq '@J^ޣy[)_ҝ,n/&]lCyW} y!~9w`ZεT0щQIU~0.ր%mKm["Cv0QջΓ-03#ZTh/[kI`T}B*W2v#M1"-/_wP[[js9BU3];( Ig7 >XG5b/wPYxVa㿝`w IZQH)h!%T ڀ}M8IBJpdmcRƎoyX t^^^)(w`r_ ܫ8͗+ښ͟CoJ M%h7f,F){S@}Oh0O'3_AzJe{“Bc<4Jt0nqrՈH/͌_Oa)? Ze!/P% GX- ۚPyC(3PF:c֎p7=huŴD<*B,! Ud*+g. msXF5sb$"?) ;a^DKuP ٬#T#T3@=>TF&c$ J7%:_a Ԯt4n\hkgPQ'ikiTlQ)={?B;,JȖ S87JW+R+h_:ME6vBj!l1?Tjp5XMA"Cd+kRG߼1]Ȏ+`VQ6'Qy"NBsv涪{xo$Ggs56 {ڤO K9@P1 =1˘AN|(,}&O%۪TLɐdg"u}2 8H \r0x?^.,Hr9|8 &-"Q\I UsqQ{♰ŀr; 9y>ٔckmR+55gOy&E`WM>ȏ͇޻ \v*լ} briA􉳇/W<*IZ{do;3$9ʿp3? Gω~-PXn!]ǔܚ&}+\=|ԎKhό03ng3XMq|} ([[`w*pA[ _ǴXG=^s7?7Q]˭Y, LЬ,mRԆ vcͭ;H&DLt2:Kl\yT*=BM)8xa31B#|/"5"u4 ;ĈYx (~ JZe2n ceQH``rRg ACFtQzVGx[@*+a)=<ϿkkWsA[if7*F 9Gh9Ky ChLZعhXJa4dbY  ͊iT@^3&W:Lk KԆIV(Z9eAi2U3Ha[7v8ڐ]Il ?مڨ0g,j8ikўyB$͡b{sІ Zz% <‰Mo{< b Ĥٔ06nK*q{lxހ{;+Q?i5cm8-Cx769/#RPv|k۔Du0i1gLy?c8NW\`݀Y5,H$Riy%]x --0 9{0z7}jfb:X^C{o;dN@Isf p|{ Ѐ=_.x:Ϛ9kN Eq. ^9 ұ\M@ޟ@b1js=D2\ġvxAͳ a&c"2B} Y~U0xi("Ԑ%dQm (BkH.nzj 89M$t;xtҏ D ys8JdMC, DEqRcx@ Ր7aTCx dR7LO#KyG`dpP+Z6H9ࠃ L n3(|dŭWDNrX[wHo C/)}81\Ϩ#CiS&?!~G.&"B/,D`NhT~Ov8%pC;z!|^y;N)g!&-sB-WГ#vMHIFǓI1p5ȋgH L H'D*dP+% L$P+! $0*%3(PHnH llkR}%Wܥ&S&(#wɐ3cZ6Hd)ׁ{smNR ,B77lVv Ui6Mݸ_%>͚񳆫ϸ=#vLˣ}@$Ɣx ]nDraPōU|C*(D2J^h,/xi"H!d[£`{_0=Nv_55WFVi}JtO|Zko5ݑLB{htJڝ.gإ8OQ {twU h]8ߌI tRexК@Kor{bѐz&=s%.nMdcEi_E>{RE#rv?gRn2RޤAJVC@npȁ|ޗE;ovŭI7JJAc7]^4E-W{> #:쒱&%Er i" V@wZ$i(Q0b Ex Y=~֏&|m_0jVZo23wUt?eo%dh]iBQiPt?~M|~p&} I ErfwuyQϫn;-_Q ,jW}~ -D/ erPG|r)ޚw 66ss>DHo7ۜvDRls۹lYǨYc7Y9i^R }ẉx̨"^ivg|A~\,IsRck͝=yNp_!Ku+; aVÜ?ngߋxdYtNzN=+<7 >@N+~-HPD~K-,Ip`@n 򫠥ul H2ۇG:%T,xrs2ΓW O҃lH9C;<~RBkqsWƜCo%lY"(B$ԊL }xP[`VJWV"F>+yl:$AK?X+X޼3Osm\tUibԦ֌D /fO˛'6hL{r~9^Lo32gvO=1rdl{uR9纎̧jKm6xYA[;yzBJ$.QFN<k*i,^sLMgD?8qG _cșq3b֋=| 4Gh5{V%0]V]H6ɕ6R-3*~29|r=sx{p"~9['9#〟@Jzh&d堵lE/&ޅnp ^v(뻚ႩÓyIC#t0+[k`՗ oQjs?̧`ě!x(?&=6=g "Tq)6k3܆& Ao:F~d9 IOY%!)r};Aw9' uZXj2{";Sl҇h|7)Y=\x 5΁aܣB~wCk:L]]饽6`]6_{n^:u! :qDaNНP{lJxyдKAbxϝ]=[n>n=.9oB ,ҏ ̈́ޡ"Dn"L(hi?o}VKm`/UZ3ۿpoڻdFK]S{חNs%:й?KsǢ/c%Q[&kw ~d82RR >j(0NiqUSW85%%Ml}/FBG['߅&5LF]rS&5%=^5-Sإݸ :nxqs}Ik7qV!;g- pA၇RFmdel͉EҨEk*{n %^ Ut ^!7Bo=Mlr8ex)y m`ϳ/<9h~(}vT+߯&~@MnQY|bίSh.7GU"[$?ֱ%A}gD <@m7!.1_qjf'Ւ<Ƞ&ZJQG=/_{ʥu7?%c-?=[dKݖ>'l'?߄T? -/6TW;DCiA0T(,+M+%[Ԑ6o%EեeU*CZmlZfъBq9`fِZ;jjuZ겉e&!X\YX6" mIgn $ rN3NGx pFg4<Jyq8  3 #}w“R_aMt ǎbtc*y#N(2;@D ¡@i=p657īc2BDު \*>xdpO( lQ Z JiWi ,P= EQ 7(9- )p;([S`Q \?W`oVL~?S R\V,TEeʙ\,̬T*բ9|JtTK*xfV^_J│նjKvNpi* ~5V^I:RVP1tiq*J_,+_^Xx,-leŕ̳ڂj@2G1v92'NC 5PPn,Z,mVnEʊeŋJELXQhEa-MdBbV-f! W2X伋J+W SbqQae"qU%E4Q]\gXZVάЊekYTDCCb a3T9}2Jh84[8EeE2&բrR|j=.\RQ%2V(A <-.*-KrELPBΔcSPլ(^QT wAY2>MX˺e9ʋVT2E_kj{:w~ee(I+v~Y#.9:?D&t[GyL{M4,V8OY? FFCB:vyQg)GtO_V\^\UZªk8 _.3L30Z\:}YTR2 &UV^]]9ij>IHO&]|kӋ8J˖.-V@OZ95=#=#*KjJorIV1EhݪE"Mx ɺزeQVQR;Fy jp)*1,^kURFp}Z kbd..'A٘E9ּًۜZs̵0O KZ6sU2,#>eABJ?6jE)GgmlNJ%Uy8Ti)R訠 ~a#!nG#MX3gvuAӡѫI e +gc 7&dTHSbb}@eVB0>iς4|FٱViXKU~b)@,QIcy̨7]Ϩ7bȨrĨXeZFjcA-boXC%{cVW24ػ4+e>{j6ΝʨhdK\3n_Lkn'u@ zBc!knMam4&CFNcsK]4֟xdwGjnj\_ďWjB(cG.i8KDzpWJ4UE *HkGFYU< RTVH1mt@!QϷΞ3ĬMG}g\7"296 f(#s~.QҌz<"FLˇyl 7w#~neԿW*"q6 9/F4yPIe2(ҕHB ,w*%^NXD/YfNʃW&BzQiG#JJ(]QwbFrm2`O bЄB s֦P|V`M`> N±Q5dPZݷ P6H=Ƣ](úkcNWY(L?j)nʉ' ACUhoc!ʚعU+0ic՜"2M;vR'mZI8:v:S؉Į_y%qI{gfE9=;}=r~Ν;w&yR.7l kSDBj-GT[0 `>-`%p3DD+C@d  1&1sc@W&1 ̭*0R{0ֳBj1Ư c'5{װ_Hjs I I# cDsG_e3|%갿HMqDޱv'Bc('$n@峰_:7hS8oo8 kn wjrDi lz\"~O5/Wq R:jTȼx?230EN 1ޭ`]7#R[aSQ:RS?钚;k(t0"t`?V[fP㢙 04pɲi:δ&fSDZnBUX:mgp\Clt7V[u zCj0TB`(Az'stfUM͑Հ 3t!5(0/NCzFc}?)Gզj4@ 2LeV 9nkM\"$ _o4#+RYO8# "u o`-Ej^pL׆H4qKWxXc3,8^ш|Sۼ9SII90eRsgSc8`K9Y)KdT)$ZcS17fbW4!Wm2ZRC_'i׾qg})@4H#Df׺Ni5$jCDJ67ʑbb,J:fZ;nU~I?!(JV@ڂ0B'ɔ:J;šz;O9ҫ|YnPr3jU|6(!t3WwQ9t/¡+|t+6+rC;|;/S pmRV vu+;8ԣ܊wp)Ae;9V[]Oy ͡oɒP\9;9RBШilc%SWj8zO.zxMz[4Ň nxbp#p ey/<x0x' )|f 2YwG(2~8:zli8\pp}q>G TCc7Cx7O&.&À HaÈc/ClA*Gc+#0-V n~}e:@3|Bg.$ lk{C=Tt9]53D$[(G?pgB 7p|#PLjd#,_H H8*Ǧ6dحLPT$՗@Og/e`z@䨦[a%dJxj'(t ;C7sXٹxad-0+4 Eq_*GD" Ƃm"F =?;4HjXP:SX;q@':HOtc"E6r Xixɋ)0H,C+T+1CD7BVt  %pdx"G $_q>оl ]v ZW`z !{hBzBX;͌\5+" G$G`o;0ju* Qtg ^ PŲ3׫}T?RyhU+dcI1hu! 5F6 j0Q΢i .Hqr~YUe;%RJYa$hWnq`6W1|9obӊ EbO&d#.C?v]|aQX!`l'#)- @+ۯ3À{B5~Kp?gD,Z­9kk H[LV3ºHp p\}]u&̈́!2ч b?~Oe p> CK4Tgd< \7Q:``/OD6ؓ,8$>-K8O3` )yS)B-+ ]`7ѵ(2'X'H  p F˄ \TK85h3ۀPln:[?h'+G= =i;ć!W4+GhM ? }-b KM/ _kXVQ_pIc$+Ў̼Az/|#1=cz\ci%4+oi5tீ+BlП$@#Nquןw9> cO{U\l@9zpuG+0րI1OUH|$3LM J|Q/1M?D]} tphSmQMC % Iml ߄[ 1 q O5Uߍ~ +aU(z~/C 9qP{:z >""sܖM<U/qV$ O6h7zJ5b(HLNb9L0DW߇PSY7sp89Fӑdōo.J``1OfWʕd-_Spd0 kQZl1!,ܫxB~Ǧe~62|{2bNHL} 0y9 {fﲘ(OV]//_&Ue/:`Y3PdQGYêtᆓx/(Qv=tDhO*hgvKaaGUŝw* x@,=u#YqR<#1*-S58Q*6AwԌ $+\#a8ѡ#,Iȏk;z-ݗpS]OKJF[`L!_l+GC b>wyGp2~;%`ƃ^= t<\0Kwg+6M&7>, [858Y}\ںcoKڜ.Ԏ)öq4Vr XMǹĩ[8MSN߷tRwu-,2"[yoe-4m_IӸ/԰sJ`=M Nd' nh5!a҃!5 ѐ%R_Ò- #r%/e1r%^M8TQB8eXa"@,1^lepJ U`P'|kxyd L*/ֱG /RcTo /":$bXo:HچHuG*5e2 ҉L' ]#(w;'ù1&bd0WI҉$i.N`hd "c!_ `( 2k4-#5* f"`(@V+7Pa-$XgudT"`n^v5\mε+hLj|< yE2FUpR*i`E,a/.& T+6px{v-]l[UV>׶KmZnv3e2Ҏ2\Ը9\avo n0t*kh:J,ko<`zl;òle[Q$n_ũ~ѻ5tҍ))ZZgw7rjq: n^>g˕MO `C%y^e ɀpUIr^NL|'Չ`pc^0[6Auj;u _LH] tssăEˬ^ C鍍 i] Y@P*!0AHYc`CMu\dƬ1*@Zֱ1k=a11ˌƘTj.'lY n~'nkj~.FŸ"¿vx УʈL5>?nYܿ뮳z ,%}m,flhNxz~}F Khc5&$/N3qbf|+(Pg9.q2z%D!9<1`nfApܜJ z($:I ) m`!sN&laFAYE#r؀#yFʥ=!G (& 0gV6<14òo Ozމ)⦩bal8OOl 0p\.?BqoJh |7 %&1TZRJYv,KuD}Ɗ3Xl*ay՟.#H%`p8* 7ALhX9dZ.\D(˴I/=ֳIXj=&]<#S0R0kZm}o6@3'i3 P:n\3ԣZsXle *Q3(PvۭV遒|̊DvPP)POܢT0 ,ϑ{uV]&U] za~"CXAc|v*3=kDڒE=)uGۯ[g 4ϊ}+@\"+`!B>囋cnoBj+2L<Ц.AWO.%SX۶"8AW%RM6o2ܿc|;>זe6v{<-WiW_Z}_ryϻP˒MA}AݼL7,z /|>k񹼷JY)K+S՜2{N sDcz%4 NAhI췪8*:6]d},~3 d{\[{8\b-|63ɳNo܌){"OTn>d̗!nzs=)RsvҾkkFu-S&\МUܬis UDnl*ll=EctX1/TH_==81N)yxMApv ` i?k]$n[2="g.Fҥ>+JK?a)y|Ғ,ZO{H|y/$NE%JhPBXRΔsE)gb%LKo,5"i)IҒ:ChifXfY"JUqm PF\KI3{AJ+^+P#O;TBK.eMV*QWQh2ߵxg",rLe6MU;)n&4e-pq7afznƶç5ޚ0+!B[KžyN~uyy5ZwV!yϙ2de_*:?O[i^t^ј&0E8qW38c噣Ӣ4gyN&9oUo6$~_ ~@K ęV"]&90| IT!yրO|U<bAmV|\ɶs 9T)~}\wP|<$㽗9|mdZFg3tfKo{0ͻ 1D-!qAM|-"ynk.e}%,{ Behyo0|Q%x$|qf<3o] pWu^ؖd?۲8fЀ\Eq%nFbdGu[=՟*LҐtuкL5 M fäi=4FS\43ui:d%=g{ٷPӝ{{ヘ࿦Q?mb2 Df՗ycQ5\f/Wfɶ}_fw,ջx9k}l;Geׁ~r3U*ZF͂UΡPNi_+dzӞ&Bvhw ј-bJu] -&3 2_T̈h }AX8cT*L8V5t.V ~X7GY[lZ2bVbWHkdb>2| _R̆xr C ]g(OkY,hKA[|]֝ːPӗm1MEȡ;W&x/rQ/"ԫSWDk8Z'DY> |'R/#9ݹΕo< ߈Hwh`68o}&GwMp ˫Sa>ttVKct\ЪGԽsU.7W꾚Mj*_6UbU@f#t^jո0_ ߡʊ%Z>P Zz̼U_ ת .כ$NMXu?_NR'hбtd<:vX J5q^M?wfW,Mߙۨς;^^}{Tc=2{;dc8_4qqfWyi7ժRِYM@1.k1ᚖ>d3VqL g[ۇhXҌXG5Xc>AFԲԽ)w'Ϛ>Gh\G`נ @“s/@*<[F)s`xxrOcץa*ze Ȃ' =JH* EHg[d-҆o"󸛰a%M^૸Bz+cBoJqҤ:} x},R65tkѼoXijhnw(hd\$켃DvMl},i?Apvl9!v6XQvfag-r;BkŦ駲:cmЦhmGA~l9hì&l\1JAя,>[WצDZO:WK\M+>~Z4Ig7fkk%S~C@{\bb%A|IO2 F.FHVA~2 #m-;HmaӴ\ZT̽?|=)r v?=nWۋFzMSoAeo%Eǐkk%>Bǝ+ ӳ'<.g@Z5V[Ֆ5F7֐Un1]/佲 ߛl5+D9gTu^*pokV}?W>v141}*#z?$9%,i\^''쳍pq.usu ceS M5f}*usA^~g"EkAuֺ-꺻k.)|!ub$ya aRV~_$=;a@Cbo#C_}8x婜9^-'u)2L tY/ezV)~ k4kb;Oogr/7'̗؃l<;Gqe/Z nMMg}bmMk-0J_Ka2X;5F^}hJEX[s HC8Q7ƍR6>zysdD9>†jdp^6PbP57۰Rlci5:ky75j| &F[m1bz5ZYUqVkzb}ޏU9lA&S}X9-}:kZ"҆dp>쳨-}jx &gd Yy%e(%{μ׵:,&wdh6+Ag!'EI.zdu aJw'jO] 9~#j,y~J$su_qWBGE|]G^ a" B]#4g#,a.aSCåC7U<\$^_uy>йzN2Ԙ*sMcCuSrxK$Fu #9v} F?,H>,?&9Zh^oo1:̅3k*' -aލ@Kw_W_Ot4"V %/ "3䗀}j5?3=|1@vי! y9U\#njo嗬OE=&5rcHK C3-pl> "drOtI!N> Ʉ2ӭbN-ys?*Vy5ZQ_i_˾,{COKa2_xO!3)^w@:kZC>ȳJM?6Z/rQ* }im[f1W ZV ,Gѧu^ouW d8aGk3ur\=urŐ'E}@TOX'Wq:x]KF>ukI>u; mJ~0#[Dһ,ь2_q##Đ'YⳀlSd;  -avܯ jaF?ʸևmGZZ^/3X/1@T "> @sv+zx{CVVd6R.@v*2wl6EPa4XE-9hXZFzcdU@(\"s`ȗ76 2#rŽQNȺwc4 HGJU(xXJ}r#Sqr ;S@bDqkl(5mBb w(O}^䣀lWdL^r(f1;K~EŪN> k1'ma7ZC6l y 7¸Co_ ;@&ԫw1GQ,f)M'7S,"C9FLx4~>V1O`?v̱t,ܼS3fJ5H4) Q]FG ׄ+qRѽ y ' a}ᑽCCz#8t,(8xe#es0<Tkdx֤>[,I W弲Cpb5q21jˌ[t}_Y8ԈAXY-J"ƲY+J:xVTwI_[CW0ҽիp{1SԩSjGB.;fr*`$payhpWAr>Bl7!}ht*l: b)3gt;W.M2kB *'p_rN%Nf^1;wߥ;%*8 FCks#c8OFz@Â#s'~`!Tո7` k 8,'t?jⶎ_0{];&SX}D:t}!) j bVJ.}3㱢7=~㾲7wL׍W640m4q% 1K/k&zйlk1$m&Е:)QȍP(|i!B`СJF)tgȻ-1h,ykZ5f B fI_fwR3128~C˟pqkt.?;]H=gF bT` CﴇIcA-9cq+kh秕ԮХV8;[cctt(/Q='DP ] 8;48oY`A VyT(4ւ^DɷTDmCM vJ o3&)dRgIIv"cĕCڵ]_$Ơa/Gz "4{Zݴܡ`P>1Kk8TJ]:ń4s~QnC7a;RbM}>E!>d.9cpO <@duўh) NȁV WO杲Jv]bT3Ibrgv !˙ۣi-"#凭N>ݭ9kʅԌSzϸiTNSCuq!*oaOi hJ&cn=.kfB 7d.g;rCE_ aƻjU(A ]/(^(Gkxi ,&^dX3Rlm\[!}KSwuwƈ#`L@#b$=OA`̛쇡Gxñ1W \hC)EZ9bIʊ,5R CPUJxU6.DO8wa^! 'X:tFhBJDuGHpȊ9~LEZHUmkˤ R "$5W'uYa*9m\PuYI;]y`U` r~23swШB6eʇLݣ 'YKװ;u?}RY>PKսwPK-/_V unsigned/%5BContent_Types%5D.xmlN0 _%5)BmW9,`RmDIXv%h8z' _ Vto@a*d'l0RyY}[ ?}x?lzPKI<PK-/_Vunsigned/AppxBlockMap.xmll]o@7`K ⦴񛂨 qc<':K;QM@":Oh = ^b@(xK,wZ=eA` <ǫ,ù1O\UX"+v"о1!Ix|4p֒SN"bPBgK7^eOlx&3{d54d|y05'3pcːܦ G?KNJ7OhjsaF:$LbJخC:ٮRںPU^u}С\W5Wۄoq>F֡Yй.t&VQ>gvL: V{#%tdUQ)umW3;:jP8Qڄ;n p,\Jv{}DH隒TYq8>O&.xzPJ_Fo͞=t<Օ/;㭣- ZB"^DnΔ RUM3!3vr)m$Zw{tNP؀Cw&\K) Ӝh+_љIo `[FRiMq~㖡?/PKJ؅qPK-/_VAppxBlockMap.xmlT[s@}LCrA-/%M+@h&yh~^\qhKqB ,L\L&4>,C3NdI^]~pъ mA_xb MI;iZuA~,vR94,HpQ\!q֯. "/|^DbR#*CMSDP9y\f>5Y65UW*b ghB]~^l0SPI˿rcߘ]#A cwx/@9\P薞-@{~ ¥?@QOlHꙍp3_-o#ɺS \f;DۦN˯3@+˚8]t[S4jBlR^X)8R7.n{wz;v͸*QҤ IM4W̛._ ?]{.GF1)\+#y#{Oh{;!"O>Ei8SР3% k9t=- &5U_lpS1jԼަ}mRb,mk}Ȼ33ӠǓ\[l@CxY/PK{vDuPK/_V=34[Content_Types].xmlN1&Cӫ=1,DQc;, ?i\z|߯?l˖:qM'5gihÚ0?YL,.|FnLj]L}@@͡Ay]J8EKMCFUs5 (eW٤k=h. kƖ ~"t2N ~A~Oؑ, -GBg-ol L19;k!CQ 4hQ?nM:@yODC+uS$Te4|PK/_Vc$ AppxMetadata/CodeIntegrity.catV{4[w^3%$$[* &&q̩ʗK$2ܢS&\8 B83*Yg}k}g}k?{~{?E$`E֥ؤ̑`aaa aE|Rl`*E`!i&Fa߄D,èxՎ9uPT IG2`;] ģzDvL'qӒ r<|ɂ(%1 BZ,%q:tynꐧS GzM}z@gFWE"̡(OGPqQ ҇6@:qXbœ!A`Y% iq*o #`? ŸXIiY H :x"1,228O%+E@ңh{h~(ZXytT`Gs!ⶇE)YEِX;K,mhBQ,XeqiŰ`1  7+ͼ3sݍFb;Sl-< bnő'~q9E~ΔNvO,,Ԙ)ϸ^:P~gJNH1Iv=c?jW&t,ЖkUszkOrm57_9[/-]1oJCcgxݢ;&mEr7}$Zpaq͜a,URd ܬ̶pF`2`,:e*H"* ! G ͇E؃w} ``XG?aCG=PǑdVA &X1 a ИCG,Mjlokf*w^BPZ2kM{vYfLx6,=P^^s9>XEUqL-j=!~Z)o<4nQSj_:4A?W5nҖѫ! |bksmIj 6+b4Xm ɺ&,PF-Tde:V{UFbս|d=}j8rIssy3TYSntNoHTgz^!/.rUfeW^5_ѭYGn atEɉoB_/IGRb,w8#3x*Y},-t3j,%$yKtϥe$͡Ww2Pue+:7namt\yNc丼pmIM`jbD7u^ ՜*q”j*^ʍNr HnNOwN*imѵa7Aqqr$`7iL/{ +oYuՠF{R]ȑc/'vt@{ (uDx=w˺jŽi@V5THa%$`xU ?;II䶯S6*z4>ΗT>ȓK3]ЈZ21/Rt̡b.!m^fNf!J|k;ϋ% A`"Y@bÐ KJN ė@]Rz"<%JIľhnXc3d ZV4vAy[BO~!UCa/ri Ck+4|)[e`>cj;R=]2 .nj,&:ovŭbj>95pʦ$6yE sHnfJ<}e}1nݽb뗆j|v,3w'j-:[M'Fj*74L}d^v/O~,ѬCYhc+ןڞ_ ^!U`st I+ )@ۑy^aA/ A]_-יٹٙfulx9F񾰫gj!&nfF[rd$y2*5wXHu1DjŊg[Sndap 䨃Ja9grMr9YwO037l]*bU gK^WΗenGgk6ui&઺u[X!q bB XV!`[UBضkC7 k A-08Qh W@pr`՟jkJE~25D$2F Cp4J15.㼟CX&?,}^Y2$D &$ @nv93!n!a N+Л۽8Z-9tJl_Gzbp32aa zy_AgD\~!VxhC|+;Zq8(lҥ6Y7%g5LR^&l\-L RD; #}:9]4+Nh\nt䘆b< ) @L|Ƥhbphi5R\Wo/;2r\ƫ׾Ѥ;k5Z(տ*vY'dSblΛx Qf,lq44x Ej}M4b_(v§xLf$1\CB Lw JM}~r&dԓ޻I7JzS'A98/BvߪC:[s=8c`#bn@=YEEF AspCz>aX|"j#`h4_1~sS(o3M*oԚڣR\C'زܑuq2(:˥[},_%ߪ1>®rV֏.z;df`ޯ^+-iO*$sÑf3C=lmnzbV/{Wwi #4҈i5k Y*EV" R˺Wȕ*ʴpb}T+@iiB;\ynU̇3PK--/_Vսw unsigned.exePK--/_V.icon.pngPK--/_VG/ unsigned.appxPK--/_VJ؅qVunsigned/AppxManifest.xmlPK--/_V.Yunsigned/icon.pngPK--/_Vսwounsigned/unsigned.exePK--/_VI< unsigned/%5BContent_Types%5D.xmlPK--/_V$d5-unsigned/AppxBlockMap.xmlPK--/_VJ؅qnAppxManifest.xmlPK--/_V{vDu9AppxBlockMap.xmlPK-/_V=34 [Content_Types].xmlPK-/_Vc$ Y AppxMetadata/CodeIntegrity.catPK-`V CAppxSignature.p7xPK,-- Q5PK PKPK  PK-aVunsigned_sha256.appxPK-`V unsigned.exe xE0=dBz2d(Q$@N BYCęHv]]vu]uu ޸8@. E/z`BNU%wy}Ω˩S:e#fFO00[b gވ3a k3`yibYU CQayyhXRlrJ 9K:  qiWd ßI`$(0xOXa a сp|Pb)QO _e52L%?=0O?^.],߫ }g18}iX :!80y*{$$N OoqVz%GQiahZo")D%~*t\ub_z)к<]T/=gn3Je]:,׋]7%fV=54_^uft1@O}$X~|r|Sn ὘RwnG^S;~Q?)],/QTrl)K3O&paJ1ɹXgdYt75b\=:%drR+xv$;;d3=yʏSLN!-X\Ǩ߱1gZ` RAJ0xf'B&s%XBmTK"cXoy]Q;<|֑ԞCw=Bb9Uǎ6Gq*-YY}zMXm:t@dCJ`R̃G0ܡ,[jpȷ@.5&_Aw3EshDFL h[{EwMTOȫЪxBjQX|AG2I\ 4Mdnj?vo<ײdt ٍn'_ZsDp6'_r;`<mضcdR;c4L6V߆ɮN't&0K-J=EZm.Igs=5-_r99;nM+qH@UO+7pDG!3 3Zڽ/*zMmà%(x@\Ppة9ӟL;XT$oq!ٓ6C82΁,νp?"9[^v=[wFr.С@#o0xElg,tHt$Bw,vۛ8ɳ$ÿ;K׉lACJ(4^' e1.4NjV'OR*+4Nb|NgGE0ԟə#3 :tWZLg8j}#J4exty{eKNEkVgq/C~qS2;ўvz^%$jzf6$5 S!`u;Q$dWz^$/2_ەz|$# B~\i*L"؀D~X-N&Sј G›*ci~qP ٗ$ PsG8AvJ8>}5d ,B:7!@hk^!} HX0)dd[ "K`f4 ibV*UB>A@(QMK*5J'6B뻡iN +HvΞhOK+`f0syGc炔'U#1),?v8 ܢi KmQ {psd$@bAgrނ&skB_gQgRlD;yl=R'Kn_d.=o&)U s1$"ok1qC~4Q@3R36#N2,4rP mwa *uyA)?[ ~4ޭ= 48Z@ʺd|򎣁#"=R\@}{d}c+!aSA$t=d:#{ @'lb|`>-Z !$SќO4\aߓ߽Hc{QiѨ ኢFWR.JJ!ǑOj"h&ovSw 2 =T=,/ \N4٤Hhd'!٩V&,=R&u\ek'NB8]h;2;ynf K\[f([P`ɂv]:`7}"O@B#%hck#5!|b*'˿Yug*8S'G%xOy7naѢ7byξSxR; '~ Y0@q7P ^J:Cae8}7mR_7p3e7 ]f7n>ʹ6aqdBJvS7oգk+y.0٤~ T/2PAH y=$AL|%"/qtT$8O@,CcxH "K)5mVWWD~Bx̠ݷf:/@C>HƊwR96vK,:g::'o.'XXC=DT_JAwezJ 8&Lz>.B c^/0+-11#L;Z(FHA4'T@5qX[CkÍPef0^pN@KG jC^9؏-<+huߎ bN_x]ZpRBC7hj6ਣD߂GGMtP%HH?\3BȕR 'HcCDN?8W z׿.~ RI?F!$tMOţ6qӂsX[XbnQ0Dy,er_Vi{T dqT#.Q8݋a{Ǵ~B;[ӆ7_䞆; .% _}:Q0rg[ rqhT9os]L/ Jݶ{ޣ?0G !zuV0ï)q>``īIO_\,L;& mӇ?{6 MN_ٙJ򳻏{t3$[ RmftnQ] aeu4 &5@STQV<ƹ`i e<Ȓs$ڇbe&ټ8Г?D_Ի#4#ssy^nTjHMrwܦ\>*2mTIlP??D~[@fph[lGE8k5a~Ao7-ZQ3I-xRPyWKl1)Mp!A s!gχ{i }lZnbo\0CtآOz1(%5 }1(3Uv&0Bq=/mlF0kqƣWsm,*.hH`¯1Vp6`A^pNCxGGu-yAJJ XFsb;Gq>1u(Kxc}ka2 2;A tQS"` [b87v9C,}9&a ʾҏk/C31TWa>i7ت+O,AH?Ά9:55*h*peXA2#F1HgY/h;ܓl/t6ԣz@s:N&F?uG6Dr4 =]~] ,CdQ|W!(Fe+sEsL!>{-ฆ JSw| k?ηBW"uYmBt>67m%ُf-@$QGz DgSt'Fs+[`L 8d[nd"T{/j,\m+*,<Y8 zRof{fԡMT?ϜGD3G[Gwk2Lވ {rth;/_}j}k-{3} JJIlW< 8}C'7>c7)8h}s xa;\LDI?K g+ uvN{.}MCmnP.*wJuqm[/ ?\o v sѳقţw u"`,3P } ^:sf !xV(Q*rLgfz5ܝ.+70wJ;Q-겢3pI.z ?0^_wbCX{=+\25\/cL> V=p+áQm 4}&IvdbS] i\G'81ø..֤VC O/:"2泜 @{Rp3ksf71'_uNtш?8V#zr_"$#SR28ymbؿ`;W:\C=n?mlpdيK䅭xH< tt8;uz|H8<jkd>\ϑ:9^]jzFAPJI΁oyoz6}@p;V'zxW -ÃF?Oތy2w cvO}y{Ej<}az_}-L4"} {EkBGjvpgQ&E T谿C:ŝ@'b8+g@75v8d@ Ώt#߿¥&atQ~b?Uc?Srz:߯N(.CfrFr. RNZ Iv]CCւh;v~QH[ߗOdc7aJnj(m0!piཇ|' C:O,]z X]*3VJ@^Gj.# AH#:+Wg& Z=EXw㒈Pɹ눾Y$Vɍ $4mLm߅>LcI !l]0>Ch̠5'X(-B|R $u%9?j\fP]vq ]ImZK, d q~YO5hq '@J^ޣy[)_ҝ,n/&]lCyW} y!~9w`ZεT0щQIU~0.ր%mKm["Cv0QջΓ-03#ZTh/[kI`T}B*W2v#M1"-/_wP[[js9BU3];( Ig7 >XG5b/wPYxVa㿝`w IZQH)h!%T ڀ}M8IBJpdmcRƎoyX t^^^)(w`r_ ܫ8͗+ښ͟CoJ M%h7f,F){S@}Oh0O'3_AzJe{“Bc<4Jt0nqrՈH/͌_Oa)? Ze!/P% GX- ۚPyC(3PF:c֎p7=huŴD<*B,! Ud*+g. msXF5sb$"?) ;a^DKuP ٬#T#T3@=>TF&c$ J7%:_a Ԯt4n\hkgPQ'ikiTlQ)={?B;,JȖ S87JW+R+h_:ME6vBj!l1?Tjp5XMA"Cd+kRG߼1]Ȏ+`VQ6'Qy"NBsv涪{xo$Ggs56 {ڤO K9@P1 =1˘AN|(,}&O%۪TLɐdg"u}2 8H \r0x?^.,Hr9|8 &-"Q\I UsqQ{♰ŀr; 9y>ٔckmR+55gOy&E`WM>ȏ͇޻ \v*լ} briA􉳇/W<*IZ{do;3$9ʿp3? Gω~-PXn!]ǔܚ&}+\=|ԎKhό03ng3XMq|} ([[`w*pA[ _ǴXG=^s7?7Q]˭Y, LЬ,mRԆ vcͭ;H&DLt2:Kl\yT*=BM)8xa31B#|/"5"u4 ;ĈYx (~ JZe2n ceQH``rRg ACFtQzVGx[@*+a)=<ϿkkWsA[if7*F 9Gh9Ky ChLZعhXJa4dbY  ͊iT@^3&W:Lk KԆIV(Z9eAi2U3Ha[7v8ڐ]Il ?مڨ0g,j8ikўyB$͡b{sІ Zz% <‰Mo{< b Ĥٔ06nK*q{lxހ{;+Q?i5cm8-Cx769/#RPv|k۔Du0i1gLy?c8NW\`݀Y5,H$Riy%]x --0 9{0z7}jfb:X^C{o;dN@Isf p|{ Ѐ=_.x:Ϛ9kN Eq. ^9 ұ\M@ޟ@b1js=D2\ġvxAͳ a&c"2B} Y~U0xi("Ԑ%dQm (BkH.nzj 89M$t;xtҏ D ys8JdMC, DEqRcx@ Ր7aTCx dR7LO#KyG`dpP+Z6H9ࠃ L n3(|dŭWDNrX[wHo C/)}81\Ϩ#CiS&?!~G.&"B/,D`NhT~Ov8%pC;z!|^y;N)g!&-sB-WГ#vMHIFǓI1p5ȋgH L H'D*dP+% L$P+! $0*%3(PHnH llkR}%Wܥ&S&(#wɐ3cZ6Hd)ׁ{smNR ,B77lVv Ui6Mݸ_%>͚񳆫ϸ=#vLˣ}@$Ɣx ]nDraPōU|C*(D2J^h,/xi"H!d[£`{_0=Nv_55WFVi}JtO|Zko5ݑLB{htJڝ.gإ8OQ {twU h]8ߌI tRexК@Kor{bѐz&=s%.nMdcEi_E>{RE#rv?gRn2RޤAJVC@npȁ|ޗE;ovŭI7JJAc7]^4E-W{> #:쒱&%Er i" V@wZ$i(Q0b Ex Y=~֏&|m_0jVZo23wUt?eo%dh]iBQiPt?~M|~p&} I ErfwuyQϫn;-_Q ,jW}~ -D/ erPG|r)ޚw 66ss>DHo7ۜvDRls۹lYǨYc7Y9i^R }ẉx̨"^ivg|A~\,IsRck͝=yNp_!Ku+; aVÜ?ngߋxdYtNzN=+<7 >@N+~-HPD~K-,Ip`@n 򫠥ul H2ۇG:%T,xrs2ΓW O҃lH9C;<~RBkqsWƜCo%lY"(B$ԊL }xP[`VJWV"F>+yl:$AK?X+X޼3Osm\tUibԦ֌D /fO˛'6hL{r~9^Lo32gvO=1rdl{uR9纎̧jKm6xYA[;yzBJ$.QFN<k*i,^sLMgD?8qG _cșq3b֋=| 4Gh5{V%0]V]H6ɕ6R-3*~29|r=sx{p"~9['9#〟@Jzh&d堵lE/&ޅnp ^v(뻚ႩÓyIC#t0+[k`՗ oQjs?̧`ě!x(?&=6=g "Tq)6k3܆& Ao:F~d9 IOY%!)r};Aw9' uZXj2{";Sl҇h|7)Y=\x 5΁aܣB~wCk:L]]饽6`]6_{n^:u! :qDaNНP{lJxyдKAbxϝ]=[n>n=.9oB ,ҏ ̈́ޡ"Dn"L(hi?o}VKm`/UZ3ۿpoڻdFK]S{חNs%:й?KsǢ/c%Q[&kw ~d82RR >j(0NiqUSW85%%Ml}/FBG['߅&5LF]rS&5%=^5-Sإݸ :nxqs}Ik7qV!;g- pA၇RFmdel͉EҨEk*{n %^ Ut ^!7Bo=Mlr8ex)y m`ϳ/<9h~(}vT+߯&~@MnQY|bίSh.7GU"[$?ֱ%A}gD <@m7!.1_qjf'Ւ<Ƞ&ZJQG=/_{ʥu7?%c-?=[dKݖ>'l'?߄T? -/6TW;DCiA0T(,+M+%[Ԑ6o%EեeU*CZmlZfъBq9`fِZ;jjuZ겉e&!X\YX6" mIgn $ rN3NGx pFg4<Jyq8  3 #}w“R_aMt ǎbtc*y#N(2;@D ¡@i=p657īc2BDު \*>xdpO( lQ Z JiWi ,P= EQ 7(9- )p;([S`Q \?W`oVL~?S R\V,TEeʙ\,̬T*բ9|JtTK*xfV^_J│նjKvNpi* ~5V^I:RVP1tiq*J_,+_^Xx,-leŕ̳ڂj@2G1v92'NC 5PPn,Z,mVnEʊeŋJELXQhEa-MdBbV-f! W2X伋J+W SbqQae"qU%E4Q]\gXZVάЊekYTDCCb a3T9}2Jh84[8EeE2&բrR|j=.\RQ%2V(A <-.*-KrELPBΔcSPլ(^QT wAY2>MX˺e9ʋVT2E_kj{:w~ee(I+v~Y#.9:?D&t[GyL{M4,V8OY? FFCB:vyQg)GtO_V\^\UZªk8 _.3L30Z\:}YTR2 &UV^]]9ij>IHO&]|kӋ8J˖.-V@OZ95=#=#*KjJorIV1EhݪE"Mx ɺزeQVQR;Fy jp)*1,^kURFp}Z kbd..'A٘E9ּًۜZs̵0O KZ6sU2,#>eABJ?6jE)GgmlNJ%Uy8Ti)R訠 ~a#!nG#MX3gvuAӡѫI e +gc 7&dTHSbb}@eVB0>iς4|FٱViXKU~b)@,QIcy̨7]Ϩ7bȨrĨXeZFjcA-boXC%{cVW24ػ4+e>{j6ΝʨhdK\3n_Lkn'u@ zBc!knMam4&CFNcsK]4֟xdwGjnj\_ďWjB(cG.i8KDzpWJ4UE *HkGFYU< RTVH1mt@!QϷΞ3ĬMG}g\7"296 f(#s~.QҌz<"FLˇyl 7w#~neԿW*"q6 9/F4yPIe2(ҕHB ,w*%^NXD/YfNʃW&BzQiG#JJ(]QwbFrm2`O bЄB s֦P|V`M`> N±Q5dPZݷ P6H=Ƣ](úkcNWY(L?j)nʉ' ACUhoc!ʚعU+0ic՜"2M;vR'mZI8:v:S؉Į_y%qI{gfE9=;}=r~Ν;w&yR.7l kSDBj-GT[0 `>-`%p3DD+C@d  1&1sc@W&1 ̭*0R{0ֳBj1Ư c'5{װ_Hjs I I# cDsG_e3|%갿HMqDޱv'Bc('$n@峰_:7hS8oo8 kn wjrDi lz\"~O5/Wq R:jTȼx?230EN 1ޭ`]7#R[aSQ:RS?钚;k(t0"t`?V[fP㢙 04pɲi:δ&fSDZnBUX:mgp\Clt7V[u zCj0TB`(Az'stfUM͑Հ 3t!5(0/NCzFc}?)Gզj4@ 2LeV 9nkM\"$ _o4#+RYO8# "u o`-Ej^pL׆H4qKWxXc3,8^ш|Sۼ9SII90eRsgSc8`K9Y)KdT)$ZcS17fbW4!Wm2ZRC_'i׾qg})@4H#Df׺Ni5$jCDJ67ʑbb,J:fZ;nU~I?!(JV@ڂ0B'ɔ:J;šz;O9ҫ|YnPr3jU|6(!t3WwQ9t/¡+|t+6+rC;|;/S pmRV vu+;8ԣ܊wp)Ae;9V[]Oy ͡oɒP\9;9RBШilc%SWj8zO.zxMz[4Ň nxbp#p ey/<x0x' )|f 2YwG(2~8:zli8\pp}q>G TCc7Cx7O&.&À HaÈc/ClA*Gc+#0-V n~}e:@3|Bg.$ lk{C=Tt9]53D$[(G?pgB 7p|#PLjd#,_H H8*Ǧ6dحLPT$՗@Og/e`z@䨦[a%dJxj'(t ;C7sXٹxad-0+4 Eq_*GD" Ƃm"F =?;4HjXP:SX;q@':HOtc"E6r Xixɋ)0H,C+T+1CD7BVt  %pdx"G $_q>оl ]v ZW`z !{hBzBX;͌\5+" G$G`o;0ju* Qtg ^ PŲ3׫}T?RyhU+dcI1hu! 5F6 j0Q΢i .Hqr~YUe;%RJYa$hWnq`6W1|9obӊ EbO&d#.C?v]|aQX!`l'#)- @+ۯ3À{B5~Kp?gD,Z­9kk H[LV3ºHp p\}]u&̈́!2ч b?~Oe p> CK4Tgd< \7Q:``/OD6ؓ,8$>-K8O3` )yS)B-+ ]`7ѵ(2'X'H  p F˄ \TK85h3ۀPln:[?h'+G= =i;ć!W4+GhM ? }-b KM/ _kXVQ_pIc$+Ў̼Az/|#1=cz\ci%4+oi5tீ+BlП$@#Nquןw9> cO{U\l@9zpuG+0րI1OUH|$3LM J|Q/1M?D]} tphSmQMC % Iml ߄[ 1 q O5Uߍ~ +aU(z~/C 9qP{:z >""sܖM<U/qV$ O6h7zJ5b(HLNb9L0DW߇PSY7sp89Fӑdōo.J``1OfWʕd-_Spd0 kQZl1!,ܫxB~Ǧe~62|{2bNHL} 0y9 {fﲘ(OV]//_&Ue/:`Y3PdQGYêtᆓx/(Qv=tDhO*hgvKaaGUŝw* x@,=u#YqR<#1*-S58Q*6AwԌ $+\#a8ѡ#,Iȏk;z-ݗpS]OKJF[`L!_l+GC b>wyGp2~;%`ƃ^= t<\0Kwg+6M&7>, [858Y}\ںcoKڜ.Ԏ)öq4Vr XMǹĩ[8MSN߷tRwu-,2"[yoe-4m_IӸ/԰sJ`=M Nd' nh5!a҃!5 ѐ%R_Ò- #r%/e1r%^M8TQB8eXa"@,1^lepJ U`P'|kxyd L*/ֱG /RcTo /":$bXo:HچHuG*5e2 ҉L' ]#(w;'ù1&bd0WI҉$i.N`hd "c!_ `( 2k4-#5* f"`(@V+7Pa-$XgudT"`n^v5\mε+hLj|< yE2FUpR*i`E,a/.& T+6px{v-]l[UV>׶KmZnv3e2Ҏ2\Ը9\avo n0t*kh:J,ko<`zl;òle[Q$n_ũ~ѻ5tҍ))ZZgw7rjq: n^>g˕MO `C%y^e ɀpUIr^NL|'Չ`pc^0[6Auj;u _LH] tssăEˬ^ C鍍 i] Y@P*!0AHYc`CMu\dƬ1*@Zֱ1k=a11ˌƘTj.'lY n~'nkj~.FŸ"¿vx УʈL5>?nYܿ뮳z ,%}m,flhNxz~}F Khc5&$/N3qbf|+(Pg9.q2z%D!9<1`nfApܜJ z($:I ) m`!sN&laFAYE#r؀#yFʥ=!G (& 0gV6<14òo Ozމ)⦩bal8OOl 0p\.?BqoJh |7 %&1TZRJYv,KuD}Ɗ3Xl*ay՟.#H%`p8* 7ALhX9dZ.\D(˴I/=ֳIXj=&]<#S0R0kZm}o6@3'i3 P:n\3ԣZsXle *Q3(PvۭV遒|̊DvPP)POܢT0 ,ϑ{uV]&U] za~"CXAc|v*3=kDڒE=)uGۯ[g 4ϊ}+@\"+`!B>囋cnoBj+2L<Ц.AWO.%SX۶"8AW%RM6o2ܿc|;>זe6v{<-WiW_Z}_ryϻP˒MA}AݼL7,z /|>k񹼷JY)K+S՜2{N sDcz%4 NAhI췪8*:6]d},~3 d{\[{8\b-|63ɳNo܌){"OTn>d̗!nzs=)RsvҾkkFu-S&\МUܬis UDnl*ll=EctX1/TH_==81N)yxMApv ` i?k]$n[2="g.Fҥ>+JK?a)y|Ғ,ZO{H|y/$NE%JhPBXRΔsE)gb%LKo,5"i)IҒ:ChifXfY"JUqm PF\KI3{AJ+^+P#O;TBK.eMV*QWQh2ߵxg",rLe6MU;)n&4e-pq7afznƶç5ޚ0+!B[KžyN~uyy5ZwV!yϙ2de_*:?O[i^t^ј&0E8qW38c噣Ӣ4gyN&9oUo6$~_ ~@K ęV"]&90| IT!yրO|U<bAmV|\ɶs 9T)~}\wP|<$㽗9|mdZFg3tfKo{0ͻ 1D-!qAM|-"ynk.e}%,{ Behyo0|Q%x$|qf<3o] pWu^ؖd?۲8fЀ\Eq%nFbdGu[=՟*LҐtuкL5 M fäi=4FS\43ui:d%=g{ٷPӝ{{ヘ࿦Q?mb2 Df՗ycQ5\f/Wfɶ}_fw,ջx9k}l;Geׁ~r3U*ZF͂UΡPNi_+dzӞ&Bvhw ј-bJu] -&3 2_T̈h }AX8cT*L8V5t.V ~X7GY[lZ2bVbWHkdb>2| _R̆xr C ]g(OkY,hKA[|]֝ːPӗm1MEȡ;W&x/rQ/"ԫSWDk8Z'DY> |'R/#9ݹΕo< ߈Hwh`68o}&GwMp ˫Sa>ttVKct\ЪGԽsU.7W꾚Mj*_6UbU@f#t^jո0_ ߡʊ%Z>P Zz̼U_ ת .כ$NMXu?_NR'hбtd<:vX J5q^M?wfW,Mߙۨς;^^}{Tc=2{;dc8_4qqfWyi7ժRِYM@1.k1ᚖ>d3VqL g[ۇhXҌXG5Xc>AFԲԽ)w'Ϛ>Gh\G`נ @“s/@*<[F)s`xxrOcץa*ze Ȃ' =JH* EHg[d-҆o"󸛰a%M^૸Bz+cBoJqҤ:} x},R65tkѼoXijhnw(hd\$켃DvMl},i?Apvl9!v6XQvfag-r;BkŦ駲:cmЦhmGA~l9hì&l\1JAя,>[WצDZO:WK\M+>~Z4Ig7fkk%S~C@{\bb%A|IO2 F.FHVA~2 #m-;HmaӴ\ZT̽?|=)r v?=nWۋFzMSoAeo%Eǐkk%>Bǝ+ ӳ'<.g@Z5V[Ֆ5F7֐Un1]/佲 ߛl5+D9gTu^*pokV}?W>v141}*#z?$9%,i\^''쳍pq.usu ceS M5f}*usA^~g"EkAuֺ-꺻k.)|!ub$ya aRV~_$=;a@Cbo#C_}8x婜9^-'u)2L tY/ezV)~ k4kb;Oogr/7'̗؃l<;Gqe/Z nMMg}bmMk-0J_Ka2X;5F^}hJEX[s HC8Q7ƍR6>zysdD9>†jdp^6PbP57۰Rlci5:ky75j| &F[m1bz5ZYUqVkzb}ޏU9lA&S}X9-}:kZ"҆dp>쳨-}jx &gd Yy%e(%{μ׵:,&wdh6+Ag!'EI.zdu aJw'jO] 9~#j,y~J$su_qWBGE|]G^ a" B]#4g#,a.aSCåC7U<\$^_uy>йzN2Ԙ*sMcCuSrxK$Fu #9v} F?,H>,?&9Zh^oo1:̅3k*' -aލ@Kw_W_Ot4"V %/ "3䗀}j5?3=|1@vי! y9U\#njo嗬OE=&5rcHK C3-pl> "drOtI!N> Ʉ2ӭbN-ys?*Vy5ZQ_i_˾,{COKa2_xO!3)^w@:kZC>ȳJM?6Z/rQ* }im[f1W ZV ,Gѧu^ouW d8aGk3ur\=urŐ'E}@TOX'Wq:x]KF>ukI>u; mJ~0#[Dһ,ь2_q##Đ'YⳀlSd;  -avܯ jaF?ʸևmGZZ^/3X/1@T "> @sv+zx{CVVd6R.@v*2wl6EPa4XE-9hXZFzcdU@(\"s`ȗ76 2#rŽQNȺwc4 HGJU(xXJ}r#Sqr ;S@bDqkl(5mBb w(O}^䣀lWdL^r(f1;K~EŪN> k1'ma7ZC6l y 7¸Co_ ;@&ԫw1GQ,f)M'7S,"C9FLx4~>V1O`?v̱t,ܼS3fJ5H4) Q]FG ׄ+qRѽ y ' a}ᑽCCz#8t,(8xe#es0<Tkdx֤>[,I W弲Cpb5q21jˌ[t}_Y8ԈAXY-J"ƲY+J:xVTwI_[CW0ҽիp{1SԩSjGB.;fr*`$payhpWAr>Bl7!}ht*l: b)3gt;W.M2kB *'p_rN%Nf^1;wߥ;%*8 FCks#c8OFz@Â#s'~`!Tո7` k 8,'t?jⶎ_0{];&SX}D:t}!) j bVJ.}3㱢7=~㾲7wL׍W640m4q% 1K/k&zйlk1$m&Е:)QȍP(|i!B`СJF)tgȻ-1h,ykZ5f B fI_fwR3128~C˟pqkt.?;]H=gF bT` CﴇIcA-9cq+kh秕ԮХV8;[cctt(/Q='DP ] 8;48oY`A VyT(4ւ^DɷTDmCM vJ o3&)dRgIIv"cĕCڵ]_$Ơa/Gz "4{Zݴܡ`P>1Kk8TJ]:ń4s~QnC7a;RbM}>E!>d.9cpO <@duўh) NȁV WO杲Jv]bT3Ibrgv !˙ۣi-"#凭N>ݭ9kʅԌSzϸiTNSCuq!*oaOi hJ&cn=.kfB 7d.g;rCE_ aƻjU(A ]/(^(Gkxi ,&^dX3Rlm\[!}KSwuwƈ#`L@#b$=OA`̛쇡Gxñ1W \hC)EZ9bIʊ,5R CPUJxU6.DO8wa^! 'X:tFhBJDuGHpȊ9~LEZHUmkˤ R "$5W'uYa*9m\PuYI;]y`U` r~23swШB6eʇLݣ 'YKװ;u?}RY>PKսwPK-`Vicon.pngPNG  IHDRnPLTE^S9tRNS &8 BzI ӣ*2װk.p[VNφ=u_Sgc_v#IDATxVP $EnjGDvHN{X afО^fQ,7CY)?ObP%jY1ΏW#MGr -d;u!kuF)kHsa+պHy$doĜ/BHyJcTB6"%=fHﻐ-a/d΄榌 {BE&|ړ&u*#)0,lV)0,l>R`X6smR`X6)0,lU`MgεЕҵdwP95 Vk–3 [4o D=D+!հZ`+b0{Ks0,\%PcX$]|p"Z B0,\5+cXr1>`XjSðp4fPѼ*3p/ T49,PpYAT$._7X uFX pΆ='w"&TX/Jq''TpZژ˄X׌?6o|*wUؕP^fxϿ_/f/=~cmd[{$ \\l9$cs CrͶ{=tqX / wbc" ,P,Hm_ KC?]`~]q2V(u{s=h{̴\q*VەmM܂!X̊-#'ڽ-T;8pBۥv;{qpΉ`*-Iޜ.vv;&@p؃?Vau{s+ j]ފ.`b?~ÿG ~gfVPc* 9}8ža~[⯍PB_~6%s_6 )ފc@)NL4tP4KC(YPdLsХDsN=@B&:w[i@ÂBUP B"UP/֞4*,pWLDH:i]PuFq.U:nPvF q! K6ވYXp'y8$0ߏ_kQ`GJAI`#uj$W~ \P|I0_J`~fVK43e `~NX\LXz<)GF 0i@/@9 x^'uh \`\3t*<:h Imfsx!`=ʍb0..H-A#m'0.@A@0 # p ` @0 `H:lYlK8/`!$V`A $R`AK v ! J(Ĉ,vr@M,} DP__ FRWb3 E"C1X```5" %1n HL|Weؑ"u B늭o$/mΎ vcy$ Rn3F3MO% n߿-u 5"+FGl-qM|%m*" ra ~mP7@ 3_= ]5IAp1.N`4vi޺ UlUFVb[h{`Z8@lܠHc dkO-0%z^=ޥCW=>$ɠ`b7.;iQUiw`kmf~͚og)lҔ(1POFXv]RMJTq"1cF{ D6.)q9l擑ڽA$ּs_#S9B1ОbNԄ(', "*qW\Ǚ=甶3-{aL&ϔ 0\M[F΂q[sqh1mUxBY# ePW F-Y{0ƈ;4>5F1}.!3\͌FZ eH `Etŵ-,1Pܧ0 eԐ\#k)*HKն*M)] d7_\Ӂ- ErL'M3vwڷ.厸Y?Rpςxzsu|:U_-޺ҘM[x[mOxMoCq @ ^ FD8[|-`:w%jV,Uw\ \iXW>3r /]0nO,Ѷ%af7\"o p&P7s«xj品NxSWIxyO0N=]'ӈ^M9}h%| *'a~˛?2O.TP4CL^ wT^sqB(8 'Dٷ/ɟgI»$_+.VKVeG]:ZHb#JCd$EOfJed@\0m&$oօyΥwp *W<3HKr< x;q@#vSf d;;+rGA(M`$r |xHQmM}|*=9rX|3A7L9 h'o !hk  3 #韢D'IKd7;a?D dUOWeld 8]5V\"ғ~nԜ17;I㧯!cȏ_ ҙsૅtH9AzgHλu1:۾p (6TWB+Y8Pn:xvRWZ4P셾ڥm4^32cqu{h@IU鿽ޯ^/\-&̴ Rs3wco7_BEVr d) PѠ?[ i:[m@Ah݃_Q}97Pa2";#$!9o@軂Db1tW RTHLL7HsNH## [OB%I*ڷa|TLT@c`+†nD%(۴w#@$0sT޹!QKGM.|0c3S Y(b@VD (xߢ֞IjU9fh;3;;kᇺ]'?tD6- n#ek .@6;O%+Ĕ121%CXBTh'R LG=LE&%BѬV^'"xX?a[d xY?ȢB i"61_>?QMηֱ7@9@,<(P߻@ #Q\h㫋~!_F.ЙꐍCAkߦB(XKHP 3Q/@`}\8X(+(YW»pzOB4XիYb!α9sjӁoD t|X ov݃?!mcdEferUE:$EuDL?O3Е,wn|S~@#0) kf6 LRZglftR1aR(:?ǼDcL^~;!1eCFӔdႣ\po(,wT{S" I  :%'w%/gT.Ӫ+2?D߀!|/vZlӟ3:Sw0߹;5z`.A!%M拎f#kTDEZXΜjңs4<{٤nc%0!Me\_(L7)5\/`VVA|m֩ ls.;ƛ s nK_A>jN q՟_a?kWGS !` :F.?MAЅԎX;޶A|O {BdIsg q<Ўj[Dk_n HO% JM7f+sS/W6GbpQ`ۂXa!r6b3_.Zj$jЁL%DŽ[h싒WO-nY <F&Ϩf͞~'YpaJ1ɹXgdYt75b\=:%drR+xv$;;d3=yʏSLN!-X\Ǩ߱1gZ` RAJ0xf'B&s%XBmTK"cXoy]Q;<|֑ԞCw=Bb9Uǎ6Gq*-YY}zMXm:t@dCJ`R̃G0ܡ,[jpȷ@.5&_Aw3EshDFL h[{EwMTOȫЪxBjQX|AG2I\ 4Mdnj?vo<ײdt ٍn'_ZsDp6'_r;`<mضcdR;c4L6V߆ɮN't&0K-J=EZm.Igs=5-_r99;nM+qH@UO+7pDG!3 3Zڽ/*zMmà%(x@\Ppة9ӟL;XT$oq!ٓ6C82΁,νp?"9[^v=[wFr.С@#o0xElg,tHt$Bw,vۛ8ɳ$ÿ;K׉lACJ(4^' e1.4NjV'OR*+4Nb|NgGE0ԟə#3 :tWZLg8j}#J4exty{eKNEkVgq/C~qS2;ўvz^%$jzf6$5 S!`u;Q$dWz^$/2_ەz|$# B~\i*L"؀D~X-N&Sј G›*ci~qP ٗ$ PsG8AvJ8>}5d ,B:7!@hk^!} HX0)dd[ "K`f4 ibV*UB>A@(QMK*5J'6B뻡iN +HvΞhOK+`f0syGc炔'U#1),?v8 ܢi KmQ {psd$@bAgrނ&skB_gQgRlD;yl=R'Kn_d.=o&)U s1$"ok1qC~4Q@3R36#N2,4rP mwa *uyA)?[ ~4ޭ= 48Z@ʺd|򎣁#"=R\@}{d}c+!aSA$t=d:#{ @'lb|`>-Z !$SќO4\aߓ߽Hc{QiѨ ኢFWR.JJ!ǑOj"h&ovSw 2 =T=,/ \N4٤Hhd'!٩V&,=R&u\ek'NB8]h;2;ynf K\[f([P`ɂv]:`7}"O@B#%hck#5!|b*'˿Yug*8S'G%xOy7naѢ7byξSxR; '~ Y0@q7P ^J:Cae8}7mR_7p3e7 ]f7n>ʹ6aqdBJvS7oգk+y.0٤~ T/2PAH y=$AL|%"/qtT$8O@,CcxH "K)5mVWWD~Bx̠ݷf:/@C>HƊwR96vK,:g::'o.'XXC=DT_JAwezJ 8&Lz>.B c^/0+-11#L;Z(FHA4'T@5qX[CkÍPef0^pN@KG jC^9؏-<+huߎ bN_x]ZpRBC7hj6ਣD߂GGMtP%HH?\3BȕR 'HcCDN?8W z׿.~ RI?F!$tMOţ6qӂsX[XbnQ0Dy,er_Vi{T dqT#.Q8݋a{Ǵ~B;[ӆ7_䞆; .% _}:Q0rg[ rqhT9os]L/ Jݶ{ޣ?0G !zuV0ï)q>``īIO_\,L;& mӇ?{6 MN_ٙJ򳻏{t3$[ RmftnQ] aeu4 &5@STQV<ƹ`i e<Ȓs$ڇbe&ټ8Г?D_Ի#4#ssy^nTjHMrwܦ\>*2mTIlP??D~[@fph[lGE8k5a~Ao7-ZQ3I-xRPyWKl1)Mp!A s!gχ{i }lZnbo\0CtآOz1(%5 }1(3Uv&0Bq=/mlF0kqƣWsm,*.hH`¯1Vp6`A^pNCxGGu-yAJJ XFsb;Gq>1u(Kxc}ka2 2;A tQS"` [b87v9C,}9&a ʾҏk/C31TWa>i7ت+O,AH?Ά9:55*h*peXA2#F1HgY/h;ܓl/t6ԣz@s:N&F?uG6Dr4 =]~] ,CdQ|W!(Fe+sEsL!>{-ฆ JSw| k?ηBW"uYmBt>67m%ُf-@$QGz DgSt'Fs+[`L 8d[nd"T{/j,\m+*,<Y8 zRof{fԡMT?ϜGD3G[Gwk2Lވ {rth;/_}j}k-{3} JJIlW< 8}C'7>c7)8h}s xa;\LDI?K g+ uvN{.}MCmnP.*wJuqm[/ ?\o v sѳقţw u"`,3P } ^:sf !xV(Q*rLgfz5ܝ.+70wJ;Q-겢3pI.z ?0^_wbCX{=+\25\/cL> V=p+áQm 4}&IvdbS] i\G'81ø..֤VC O/:"2泜 @{Rp3ksf71'_uNtш?8V#zr_"$#SR28ymbؿ`;W:\C=n?mlpdيK䅭xH< tt8;uz|H8<jkd>\ϑ:9^]jzFAPJI΁oyoz6}@p;V'zxW -ÃF?Oތy2w cvO}y{Ej<}az_}-L4"} {EkBGjvpgQ&E T谿C:ŝ@'b8+g@75v8d@ Ώt#߿¥&atQ~b?Uc?Srz:߯N(.CfrFr. RNZ Iv]CCւh;v~QH[ߗOdc7aJnj(m0!piཇ|' C:O,]z X]*3VJ@^Gj.# AH#:+Wg& Z=EXw㒈Pɹ눾Y$Vɍ $4mLm߅>LcI !l]0>Ch̠5'X(-B|R $u%9?j\fP]vq ]ImZK, d q~YO5hq '@J^ޣy[)_ҝ,n/&]lCyW} y!~9w`ZεT0щQIU~0.ր%mKm["Cv0QջΓ-03#ZTh/[kI`T}B*W2v#M1"-/_wP[[js9BU3];( Ig7 >XG5b/wPYxVa㿝`w IZQH)h!%T ڀ}M8IBJpdmcRƎoyX t^^^)(w`r_ ܫ8͗+ښ͟CoJ M%h7f,F){S@}Oh0O'3_AzJe{“Bc<4Jt0nqrՈH/͌_Oa)? Ze!/P% GX- ۚPyC(3PF:c֎p7=huŴD<*B,! Ud*+g. msXF5sb$"?) ;a^DKuP ٬#T#T3@=>TF&c$ J7%:_a Ԯt4n\hkgPQ'ikiTlQ)={?B;,JȖ S87JW+R+h_:ME6vBj!l1?Tjp5XMA"Cd+kRG߼1]Ȏ+`VQ6'Qy"NBsv涪{xo$Ggs56 {ڤO K9@P1 =1˘AN|(,}&O%۪TLɐdg"u}2 8H \r0x?^.,Hr9|8 &-"Q\I UsqQ{♰ŀr; 9y>ٔckmR+55gOy&E`WM>ȏ͇޻ \v*լ} briA􉳇/W<*IZ{do;3$9ʿp3? Gω~-PXn!]ǔܚ&}+\=|ԎKhό03ng3XMq|} ([[`w*pA[ _ǴXG=^s7?7Q]˭Y, LЬ,mRԆ vcͭ;H&DLt2:Kl\yT*=BM)8xa31B#|/"5"u4 ;ĈYx (~ JZe2n ceQH``rRg ACFtQzVGx[@*+a)=<ϿkkWsA[if7*F 9Gh9Ky ChLZعhXJa4dbY  ͊iT@^3&W:Lk KԆIV(Z9eAi2U3Ha[7v8ڐ]Il ?مڨ0g,j8ikўyB$͡b{sІ Zz% <‰Mo{< b Ĥٔ06nK*q{lxހ{;+Q?i5cm8-Cx769/#RPv|k۔Du0i1gLy?c8NW\`݀Y5,H$Riy%]x --0 9{0z7}jfb:X^C{o;dN@Isf p|{ Ѐ=_.x:Ϛ9kN Eq. ^9 ұ\M@ޟ@b1js=D2\ġvxAͳ a&c"2B} Y~U0xi("Ԑ%dQm (BkH.nzj 89M$t;xtҏ D ys8JdMC, DEqRcx@ Ր7aTCx dR7LO#KyG`dpP+Z6H9ࠃ L n3(|dŭWDNrX[wHo C/)}81\Ϩ#CiS&?!~G.&"B/,D`NhT~Ov8%pC;z!|^y;N)g!&-sB-WГ#vMHIFǓI1p5ȋgH L H'D*dP+% L$P+! $0*%3(PHnH llkR}%Wܥ&S&(#wɐ3cZ6Hd)ׁ{smNR ,B77lVv Ui6Mݸ_%>͚񳆫ϸ=#vLˣ}@$Ɣx ]nDraPōU|C*(D2J^h,/xi"H!d[£`{_0=Nv_55WFVi}JtO|Zko5ݑLB{htJڝ.gإ8OQ {twU h]8ߌI tRexК@Kor{bѐz&=s%.nMdcEi_E>{RE#rv?gRn2RޤAJVC@npȁ|ޗE;ovŭI7JJAc7]^4E-W{> #:쒱&%Er i" V@wZ$i(Q0b Ex Y=~֏&|m_0jVZo23wUt?eo%dh]iBQiPt?~M|~p&} I ErfwuyQϫn;-_Q ,jW}~ -D/ erPG|r)ޚw 66ss>DHo7ۜvDRls۹lYǨYc7Y9i^R }ẉx̨"^ivg|A~\,IsRck͝=yNp_!Ku+; aVÜ?ngߋxdYtNzN=+<7 >@N+~-HPD~K-,Ip`@n 򫠥ul H2ۇG:%T,xrs2ΓW O҃lH9C;<~RBkqsWƜCo%lY"(B$ԊL }xP[`VJWV"F>+yl:$AK?X+X޼3Osm\tUibԦ֌D /fO˛'6hL{r~9^Lo32gvO=1rdl{uR9纎̧jKm6xYA[;yzBJ$.QFN<k*i,^sLMgD?8qG _cșq3b֋=| 4Gh5{V%0]V]H6ɕ6R-3*~29|r=sx{p"~9['9#〟@Jzh&d堵lE/&ޅnp ^v(뻚ႩÓyIC#t0+[k`՗ oQjs?̧`ě!x(?&=6=g "Tq)6k3܆& Ao:F~d9 IOY%!)r};Aw9' uZXj2{";Sl҇h|7)Y=\x 5΁aܣB~wCk:L]]饽6`]6_{n^:u! :qDaNНP{lJxyдKAbxϝ]=[n>n=.9oB ,ҏ ̈́ޡ"Dn"L(hi?o}VKm`/UZ3ۿpoڻdFK]S{חNs%:й?KsǢ/c%Q[&kw ~d82RR >j(0NiqUSW85%%Ml}/FBG['߅&5LF]rS&5%=^5-Sإݸ :nxqs}Ik7qV!;g- pA၇RFmdel͉EҨEk*{n %^ Ut ^!7Bo=Mlr8ex)y m`ϳ/<9h~(}vT+߯&~@MnQY|bίSh.7GU"[$?ֱ%A}gD <@m7!.1_qjf'Ւ<Ƞ&ZJQG=/_{ʥu7?%c-?=[dKݖ>'l'?߄T? -/6TW;DCiA0T(,+M+%[Ԑ6o%EեeU*CZmlZfъBq9`fِZ;jjuZ겉e&!X\YX6" mIgn $ rN3NGx pFg4<Jyq8  3 #}w“R_aMt ǎbtc*y#N(2;@D ¡@i=p657īc2BDު \*>xdpO( lQ Z JiWi ,P= EQ 7(9- )p;([S`Q \?W`oVL~?S R\V,TEeʙ\,̬T*բ9|JtTK*xfV^_J│նjKvNpi* ~5V^I:RVP1tiq*J_,+_^Xx,-leŕ̳ڂj@2G1v92'NC 5PPn,Z,mVnEʊeŋJELXQhEa-MdBbV-f! W2X伋J+W SbqQae"qU%E4Q]\gXZVάЊekYTDCCb a3T9}2Jh84[8EeE2&բrR|j=.\RQ%2V(A <-.*-KrELPBΔcSPլ(^QT wAY2>MX˺e9ʋVT2E_kj{:w~ee(I+v~Y#.9:?D&t[GyL{M4,V8OY? FFCB:vyQg)GtO_V\^\UZªk8 _.3L30Z\:}YTR2 &UV^]]9ij>IHO&]|kӋ8J˖.-V@OZ95=#=#*KjJorIV1EhݪE"Mx ɺزeQVQR;Fy jp)*1,^kURFp}Z kbd..'A٘E9ּًۜZs̵0O KZ6sU2,#>eABJ?6jE)GgmlNJ%Uy8Ti)R訠 ~a#!nG#MX3gvuAӡѫI e +gc 7&dTHSbb}@eVB0>iς4|FٱViXKU~b)@,QIcy̨7]Ϩ7bȨrĨXeZFjcA-boXC%{cVW24ػ4+e>{j6ΝʨhdK\3n_Lkn'u@ zBc!knMam4&CFNcsK]4֟xdwGjnj\_ďWjB(cG.i8KDzpWJ4UE *HkGFYU< RTVH1mt@!QϷΞ3ĬMG}g\7"296 f(#s~.QҌz<"FLˇyl 7w#~neԿW*"q6 9/F4yPIe2(ҕHB ,w*%^NXD/YfNʃW&BzQiG#JJ(]QwbFrm2`O bЄB s֦P|V`M`> N±Q5dPZݷ P6H=Ƣ](úkcNWY(L?j)nʉ' ACUhoc!ʚعU+0ic՜"2M;vR'mZI8:v:S؉Į_y%qI{gfE9=;}=r~Ν;w&yR.7l kSDBj-GT[0 `>-`%p3DD+C@d  1&1sc@W&1 ̭*0R{0ֳBj1Ư c'5{װ_Hjs I I# cDsG_e3|%갿HMqDޱv'Bc('$n@峰_:7hS8oo8 kn wjrDi lz\"~O5/Wq R:jTȼx?230EN 1ޭ`]7#R[aSQ:RS?钚;k(t0"t`?V[fP㢙 04pɲi:δ&fSDZnBUX:mgp\Clt7V[u zCj0TB`(Az'stfUM͑Հ 3t!5(0/NCzFc}?)Gզj4@ 2LeV 9nkM\"$ _o4#+RYO8# "u o`-Ej^pL׆H4qKWxXc3,8^ш|Sۼ9SII90eRsgSc8`K9Y)KdT)$ZcS17fbW4!Wm2ZRC_'i׾qg})@4H#Df׺Ni5$jCDJ67ʑbb,J:fZ;nU~I?!(JV@ڂ0B'ɔ:J;šz;O9ҫ|YnPr3jU|6(!t3WwQ9t/¡+|t+6+rC;|;/S pmRV vu+;8ԣ܊wp)Ae;9V[]Oy ͡oɒP\9;9RBШilc%SWj8zO.zxMz[4Ň nxbp#p ey/<x0x' )|f 2YwG(2~8:zli8\pp}q>G TCc7Cx7O&.&À HaÈc/ClA*Gc+#0-V n~}e:@3|Bg.$ lk{C=Tt9]53D$[(G?pgB 7p|#PLjd#,_H H8*Ǧ6dحLPT$՗@Og/e`z@䨦[a%dJxj'(t ;C7sXٹxad-0+4 Eq_*GD" Ƃm"F =?;4HjXP:SX;q@':HOtc"E6r Xixɋ)0H,C+T+1CD7BVt  %pdx"G $_q>оl ]v ZW`z !{hBzBX;͌\5+" G$G`o;0ju* Qtg ^ PŲ3׫}T?RyhU+dcI1hu! 5F6 j0Q΢i .Hqr~YUe;%RJYa$hWnq`6W1|9obӊ EbO&d#.C?v]|aQX!`l'#)- @+ۯ3À{B5~Kp?gD,Z­9kk H[LV3ºHp p\}]u&̈́!2ч b?~Oe p> CK4Tgd< \7Q:``/OD6ؓ,8$>-K8O3` )yS)B-+ ]`7ѵ(2'X'H  p F˄ \TK85h3ۀPln:[?h'+G= =i;ć!W4+GhM ? }-b KM/ _kXVQ_pIc$+Ў̼Az/|#1=cz\ci%4+oi5tீ+BlП$@#Nquןw9> cO{U\l@9zpuG+0րI1OUH|$3LM J|Q/1M?D]} tphSmQMC % Iml ߄[ 1 q O5Uߍ~ +aU(z~/C 9qP{:z >""sܖM<U/qV$ O6h7zJ5b(HLNb9L0DW߇PSY7sp89Fӑdōo.J``1OfWʕd-_Spd0 kQZl1!,ܫxB~Ǧe~62|{2bNHL} 0y9 {fﲘ(OV]//_&Ue/:`Y3PdQGYêtᆓx/(Qv=tDhO*hgvKaaGUŝw* x@,=u#YqR<#1*-S58Q*6AwԌ $+\#a8ѡ#,Iȏk;z-ݗpS]OKJF[`L!_l+GC b>wyGp2~;%`ƃ^= t<\0Kwg+6M&7>, [858Y}\ںcoKڜ.Ԏ)öq4Vr XMǹĩ[8MSN߷tRwu-,2"[yoe-4m_IӸ/԰sJ`=M Nd' nh5!a҃!5 ѐ%R_Ò- #r%/e1r%^M8TQB8eXa"@,1^lepJ U`P'|kxyd L*/ֱG /RcTo /":$bXo:HچHuG*5e2 ҉L' ]#(w;'ù1&bd0WI҉$i.N`hd "c!_ `( 2k4-#5* f"`(@V+7Pa-$XgudT"`n^v5\mε+hLj|< yE2FUpR*i`E,a/.& T+6px{v-]l[UV>׶KmZnv3e2Ҏ2\Ը9\avo n0t*kh:J,ko<`zl;òle[Q$n_ũ~ѻ5tҍ))ZZgw7rjq: n^>g˕MO `C%y^e ɀpUIr^NL|'Չ`pc^0[6Auj;u _LH] tssăEˬ^ C鍍 i] Y@P*!0AHYc`CMu\dƬ1*@Zֱ1k=a11ˌƘTj.'lY n~'nkj~.FŸ"¿vx УʈL5>?nYܿ뮳z ,%}m,flhNxz~}F Khc5&$/N3qbf|+(Pg9.q2z%D!9<1`nfApܜJ z($:I ) m`!sN&laFAYE#r؀#yFʥ=!G (& 0gV6<14òo Ozމ)⦩bal8OOl 0p\.?BqoJh |7 %&1TZRJYv,KuD}Ɗ3Xl*ay՟.#H%`p8* 7ALhX9dZ.\D(˴I/=ֳIXj=&]<#S0R0kZm}o6@3'i3 P:n\3ԣZsXle *Q3(PvۭV遒|̊DvPP)POܢT0 ,ϑ{uV]&U] za~"CXAc|v*3=kDڒE=)uGۯ[g 4ϊ}+@\"+`!B>囋cnoBj+2L<Ц.AWO.%SX۶"8AW%RM6o2ܿc|;>זe6v{<-WiW_Z}_ryϻP˒MA}AݼL7,z /|>k񹼷JY)K+S՜2{N sDcz%4 NAhI췪8*:6]d},~3 d{\[{8\b-|63ɳNo܌){"OTn>d̗!nzs=)RsvҾkkFu-S&\МUܬis UDnl*ll=EctX1/TH_==81N)yxMApv ` i?k]$n[2="g.Fҥ>+JK?a)y|Ғ,ZO{H|y/$NE%JhPBXRΔsE)gb%LKo,5"i)IҒ:ChifXfY"JUqm PF\KI3{AJ+^+P#O;TBK.eMV*QWQh2ߵxg",rLe6MU;)n&4e-pq7afznƶç5ޚ0+!B[KžyN~uyy5ZwV!yϙ2de_*:?O[i^t^ј&0E8qW38c噣Ӣ4gyN&9oUo6$~_ ~@K ęV"]&90| IT!yրO|U<bAmV|\ɶs 9T)~}\wP|<$㽗9|mdZFg3tfKo{0ͻ 1D-!qAM|-"ynk.e}%,{ Behyo0|Q%x$|qf<3o] pWu^ؖd?۲8fЀ\Eq%nFbdGu[=՟*LҐtuкL5 M fäi=4FS\43ui:d%=g{ٷPӝ{{ヘ࿦Q?mb2 Df՗ycQ5\f/Wfɶ}_fw,ջx9k}l;Geׁ~r3U*ZF͂UΡPNi_+dzӞ&Bvhw ј-bJu] -&3 2_T̈h }AX8cT*L8V5t.V ~X7GY[lZ2bVbWHkdb>2| _R̆xr C ]g(OkY,hKA[|]֝ːPӗm1MEȡ;W&x/rQ/"ԫSWDk8Z'DY> |'R/#9ݹΕo< ߈Hwh`68o}&GwMp ˫Sa>ttVKct\ЪGԽsU.7W꾚Mj*_6UbU@f#t^jո0_ ߡʊ%Z>P Zz̼U_ ת .כ$NMXu?_NR'hбtd<:vX J5q^M?wfW,Mߙۨς;^^}{Tc=2{;dc8_4qqfWyi7ժRِYM@1.k1ᚖ>d3VqL g[ۇhXҌXG5Xc>AFԲԽ)w'Ϛ>Gh\G`נ @“s/@*<[F)s`xxrOcץa*ze Ȃ' =JH* EHg[d-҆o"󸛰a%M^૸Bz+cBoJqҤ:} x},R65tkѼoXijhnw(hd\$켃DvMl},i?Apvl9!v6XQvfag-r;BkŦ駲:cmЦhmGA~l9hì&l\1JAя,>[WצDZO:WK\M+>~Z4Ig7fkk%S~C@{\bb%A|IO2 F.FHVA~2 #m-;HmaӴ\ZT̽?|=)r v?=nWۋFzMSoAeo%Eǐkk%>Bǝ+ ӳ'<.g@Z5V[Ֆ5F7֐Un1]/佲 ߛl5+D9gTu^*pokV}?W>v141}*#z?$9%,i\^''쳍pq.usu ceS M5f}*usA^~g"EkAuֺ-꺻k.)|!ub$ya aRV~_$=;a@Cbo#C_}8x婜9^-'u)2L tY/ezV)~ k4kb;Oogr/7'̗؃l<;Gqe/Z nMMg}bmMk-0J_Ka2X;5F^}hJEX[s HC8Q7ƍR6>zysdD9>†jdp^6PbP57۰Rlci5:ky75j| &F[m1bz5ZYUqVkzb}ޏU9lA&S}X9-}:kZ"҆dp>쳨-}jx &gd Yy%e(%{μ׵:,&wdh6+Ag!'EI.zdu aJw'jO] 9~#j,y~J$su_qWBGE|]G^ a" B]#4g#,a.aSCåC7U<\$^_uy>йzN2Ԙ*sMcCuSrxK$Fu #9v} F?,H>,?&9Zh^oo1:̅3k*' -aލ@Kw_W_Ot4"V %/ "3䗀}j5?3=|1@vי! y9U\#njo嗬OE=&5rcHK C3-pl> "drOtI!N> Ʉ2ӭbN-ys?*Vy5ZQ_i_˾,{COKa2_xO!3)^w@:kZC>ȳJM?6Z/rQ* }im[f1W ZV ,Gѧu^ouW d8aGk3ur\=urŐ'E}@TOX'Wq:x]KF>ukI>u; mJ~0#[Dһ,ь2_q##Đ'YⳀlSd;  -avܯ jaF?ʸևmGZZ^/3X/1@T "> @sv+zx{CVVd6R.@v*2wl6EPa4XE-9hXZFzcdU@(\"s`ȗ76 2#rŽQNȺwc4 HGJU(xXJ}r#Sqr ;S@bDqkl(5mBb w(O}^䣀lWdL^r(f1;K~EŪN> k1'ma7ZC6l y 7¸Co_ ;@&ԫw1GQ,f)M'7S,"C9FLx4~>V1O`?v̱t,ܼS3fJ5H4) Q]FG ׄ+qRѽ y ' a}ᑽCCz#8t,(8xe#es0<Tkdx֤>[,I W弲Cpb5q21jˌ[t}_Y8ԈAXY-J"ƲY+J:xVTwI_[CW0ҽիp{1SԩSjGB.;fr*`$payhpWAr>Bl7!}ht*l: b)3gt;W.M2kB *'p_rN%Nf^1;wߥ;%*8 FCks#c8OFz@Â#s'~`!Tո7` k 8,'t?jⶎ_0{];&SX}D:t}!) j bVJ.}3㱢7=~㾲7wL׍W640m4q% 1K/k&zйlk1$m&Е:)QȍP(|i!B`СJF)tgȻ-1h,ykZ5f B fI_fwR3128~C˟pqkt.?;]H=gF bT` CﴇIcA-9cq+kh秕ԮХV8;[cctt(/Q='DP ] 8;48oY`A VyT(4ւ^DɷTDmCM vJ o3&)dRgIIv"cĕCڵ]_$Ơa/Gz "4{Zݴܡ`P>1Kk8TJ]:ń4s~QnC7a;RbM}>E!>d.9cpO <@duўh) NȁV WO杲Jv]bT3Ibrgv !˙ۣi-"#凭N>ݭ9kʅԌSzϸiTNSCuq!*oaOi hJ&cn=.kfB 7d.g;rCE_ aƻjU(A ]/(^(Gkxi ,&^dX3Rlm\[!}KSwuwƈ#`L@#b$=OA`̛쇡Gxñ1W \hC)EZ9bIʊ,5R CPUJxU6.DO8wa^! 'X:tFhBJDuGHpȊ9~LEZHUmkˤ R "$5W'uYa*9m\PuYI;]y`U` r~23swШB6eʇLݣ 'YKװ;u?}RY>PKսwPK-/_Vicon.pngPNG  IHDRnPLTE^S9tRNS &8 BzI ӣ*2װk.p[VNφ=u_Sgc_v#IDATxVP $EnjGDvHN{X afО^fQ,7CY)?ObP%jY1ΏW#MGr -d;u!kuF)kHsa+պHy$doĜ/BHyJcTB6"%=fHﻐ-a/d΄榌 {BE&|ړ&u*#)0,lV)0,l>R`X6smR`X6)0,lU`MgεЕҵdwP95 Vk–3 [4o D=D+!հZ`+b0{Ks0,\%PcX$]|p"Z B0,\5+cXr1>`XjSðp4fPѼ*3p/ T49,PpYAT$._7X uFX pΆ='w"&TX/Jq''TpZژ˄X׌?6o|*wUؕP^fxϿ_/f/=~cmd[{$ \\l9$cs CrͶ{=tqX / wbc" ,P,Hm_ KC?]`~]q2V(u{s=h{̴\q*VەmM܂!X̊-#'ڽ-T;8pBۥv;{qpΉ`*-Iޜ.vv;&@p؃?Vau{s+ j]ފ.`b?~ÿG ~gfVPc* 9}8ža~[⯍PB_~6%s_6 )ފc@)NL4tP4KC(YPdLsХDsN=@B&:w[i@ÂBUP B"UP/֞4*,pWLDH:i]PuFq.U:nPvF q! K6ވYXp'y8$0ߏ_kQ`GJAI`#uj$W~ \P|I0_J`~fVK43e `~NX\LXz<)GF 0i@/@9 x^'uh \`\3t*<:h Imfsx!`=ʍb0..H-A#m'0.@A@0 # p ` @0 `H:lYlK8/`!$V`A $R`AK v ! J(Ĉ,vr@M,} DP__ FRWb3 E"C1X```5" %1n HL|Weؑ"u B늭o$/mΎ vcy$ Rn3F3MO% n߿-u 5"+FGl-qM|%m*" ra ~mP7@ 3_= ]5IAp1.N`4vi޺ UlUFVb[h{`Z8@lܠHc dkO-0%z^=ޥCW=>$ɠ`b7.;iQUiw`kmf~͚og)lҔ(1POFXv]RMJTq"1cF{ D6.)q9l擑ڽA$ּs_#S9B1ОbNԄ(', "*qW\Ǚ=甶3-{aL&ϔ 0\M[F΂q[sqh1mUxBY# ePW F-Y{0ƈ;4>5F1}.!3\͌FZ eH `Etŵ-,1Pܧ0 eԐ\#k)*HKն*M)] d7_\Ӂ- ErL'M3vwڷ.厸Y?Rpςxzsu|:U_-޺ҘM[x[mOxMoCq @ ^ FD8[|-`:w%jV,Uw\ \iXW>3r /]0nO,Ѷ%af7\"o p&P7s«xj品NxSWIxyO0N=]'ӈ^M9}h%| *'a~˛?2O.TP4CL^ wT^sqB(8 'Dٷ/ɟgI»$_+.VKVeG]:ZHb#JCd$EOfJed@\0m&$oօyΥwp *W<3HKr< x;q@#vSf d;;+rGA(M`$r |xHQmM}|*=9rX|3A7L9 h'o !hk  3 #韢D'IKd7;a?D dUOWeld 8]5V\"ғ~nԜ17;I㧯!cȏ_ ҙsૅtH9AzgHλu1:۾p (6TWB+Y8Pn:xvRWZ4P셾ڥm4^32cqu{h@IU鿽ޯ^/\-&̴ Rs3wco7_BEVr d) PѠ?[ i:[m@Ah݃_Q}97Pa2";#$!9o@軂Db1tW RTHLL7HsNH## [OB%I*ڷa|TLT@c`+†nD%(۴w#@$0sT޹!QKGM.|0c3S Y(b@VD (xߢ֞IjU9fh;3;;kᇺ]'?tD6- n#ek .@6;O%+Ĕ121%CXBTh'R LG=LE&%BѬV^'"xX?a[d xY?ȢB i"61_>?QMηֱ7@9@,<(P߻@ #Q\h㫋~!_F.ЙꐍCAkߦB(XKHP 3Q/@`}\8X(+(YW»pzOB4XիYb!α9sjӁoD t|X ov݃?!mcdEferUE:$EuDL?O3Е,wn|S~@#0) kf6 LRZglftR1aR(:?ǼDcL^~;!1eCFӔdႣ\po(,wT{S" I  :%'w%/gT.Ӫ+2?D߀!|/vZlӟ3:Sw0߹;5z`.A!%M拎f#kTDEZXΜjңs4<{٤nc%0!Me\_(L7)5\/`VVA|m֩ ls.;ƛ s nK_A>jN q՟_a?kWGS !` :F.?MAЅԎX;޶A|O {BdIsg q<Ўj[Dk_n HO% JM7f+sS/W6GbpQ`ۂXa!r6b3_.Zj$jЁL%DŽ[h싒WO-nY <F&Ϩf͞~'YpaJ1ɹXgdYt75b\=:%drR+xv$;;d3=yʏSLN!-X\Ǩ߱1gZ` RAJ0xf'B&s%XBmTK"cXoy]Q;<|֑ԞCw=Bb9Uǎ6Gq*-YY}zMXm:t@dCJ`R̃G0ܡ,[jpȷ@.5&_Aw3EshDFL h[{EwMTOȫЪxBjQX|AG2I\ 4Mdnj?vo<ײdt ٍn'_ZsDp6'_r;`<mضcdR;c4L6V߆ɮN't&0K-J=EZm.Igs=5-_r99;nM+qH@UO+7pDG!3 3Zڽ/*zMmà%(x@\Ppة9ӟL;XT$oq!ٓ6C82΁,νp?"9[^v=[wFr.С@#o0xElg,tHt$Bw,vۛ8ɳ$ÿ;K׉lACJ(4^' e1.4NjV'OR*+4Nb|NgGE0ԟə#3 :tWZLg8j}#J4exty{eKNEkVgq/C~qS2;ўvz^%$jzf6$5 S!`u;Q$dWz^$/2_ەz|$# B~\i*L"؀D~X-N&Sј G›*ci~qP ٗ$ PsG8AvJ8>}5d ,B:7!@hk^!} HX0)dd[ "K`f4 ibV*UB>A@(QMK*5J'6B뻡iN +HvΞhOK+`f0syGc炔'U#1),?v8 ܢi KmQ {psd$@bAgrނ&skB_gQgRlD;yl=R'Kn_d.=o&)U s1$"ok1qC~4Q@3R36#N2,4rP mwa *uyA)?[ ~4ޭ= 48Z@ʺd|򎣁#"=R\@}{d}c+!aSA$t=d:#{ @'lb|`>-Z !$SќO4\aߓ߽Hc{QiѨ ኢFWR.JJ!ǑOj"h&ovSw 2 =T=,/ \N4٤Hhd'!٩V&,=R&u\ek'NB8]h;2;ynf K\[f([P`ɂv]:`7}"O@B#%hck#5!|b*'˿Yug*8S'G%xOy7naѢ7byξSxR; '~ Y0@q7P ^J:Cae8}7mR_7p3e7 ]f7n>ʹ6aqdBJvS7oգk+y.0٤~ T/2PAH y=$AL|%"/qtT$8O@,CcxH "K)5mVWWD~Bx̠ݷf:/@C>HƊwR96vK,:g::'o.'XXC=DT_JAwezJ 8&Lz>.B c^/0+-11#L;Z(FHA4'T@5qX[CkÍPef0^pN@KG jC^9؏-<+huߎ bN_x]ZpRBC7hj6ਣD߂GGMtP%HH?\3BȕR 'HcCDN?8W z׿.~ RI?F!$tMOţ6qӂsX[XbnQ0Dy,er_Vi{T dqT#.Q8݋a{Ǵ~B;[ӆ7_䞆; .% _}:Q0rg[ rqhT9os]L/ Jݶ{ޣ?0G !zuV0ï)q>``īIO_\,L;& mӇ?{6 MN_ٙJ򳻏{t3$[ RmftnQ] aeu4 &5@STQV<ƹ`i e<Ȓs$ڇbe&ټ8Г?D_Ի#4#ssy^nTjHMrwܦ\>*2mTIlP??D~[@fph[lGE8k5a~Ao7-ZQ3I-xRPyWKl1)Mp!A s!gχ{i }lZnbo\0CtآOz1(%5 }1(3Uv&0Bq=/mlF0kqƣWsm,*.hH`¯1Vp6`A^pNCxGGu-yAJJ XFsb;Gq>1u(Kxc}ka2 2;A tQS"` [b87v9C,}9&a ʾҏk/C31TWa>i7ت+O,AH?Ά9:55*h*peXA2#F1HgY/h;ܓl/t6ԣz@s:N&F?uG6Dr4 =]~] ,CdQ|W!(Fe+sEsL!>{-ฆ JSw| k?ηBW"uYmBt>67m%ُf-@$QGz DgSt'Fs+[`L 8d[nd"T{/j,\m+*,<Y8 zRof{fԡMT?ϜGD3G[Gwk2Lވ {rth;/_}j}k-{3} JJIlW< 8}C'7>c7)8h}s xa;\LDI?K g+ uvN{.}MCmnP.*wJuqm[/ ?\o v sѳقţw u"`,3P } ^:sf !xV(Q*rLgfz5ܝ.+70wJ;Q-겢3pI.z ?0^_wbCX{=+\25\/cL> V=p+áQm 4}&IvdbS] i\G'81ø..֤VC O/:"2泜 @{Rp3ksf71'_uNtш?8V#zr_"$#SR28ymbؿ`;W:\C=n?mlpdيK䅭xH< tt8;uz|H8<jkd>\ϑ:9^]jzFAPJI΁oyoz6}@p;V'zxW -ÃF?Oތy2w cvO}y{Ej<}az_}-L4"} {EkBGjvpgQ&E T谿C:ŝ@'b8+g@75v8d@ Ώt#߿¥&atQ~b?Uc?Srz:߯N(.CfrFr. RNZ Iv]CCւh;v~QH[ߗOdc7aJnj(m0!piཇ|' C:O,]z X]*3VJ@^Gj.# AH#:+Wg& Z=EXw㒈Pɹ눾Y$Vɍ $4mLm߅>LcI !l]0>Ch̠5'X(-B|R $u%9?j\fP]vq ]ImZK, d q~YO5hq '@J^ޣy[)_ҝ,n/&]lCyW} y!~9w`ZεT0щQIU~0.ր%mKm["Cv0QջΓ-03#ZTh/[kI`T}B*W2v#M1"-/_wP[[js9BU3];( Ig7 >XG5b/wPYxVa㿝`w IZQH)h!%T ڀ}M8IBJpdmcRƎoyX t^^^)(w`r_ ܫ8͗+ښ͟CoJ M%h7f,F){S@}Oh0O'3_AzJe{“Bc<4Jt0nqrՈH/͌_Oa)? Ze!/P% GX- ۚPyC(3PF:c֎p7=huŴD<*B,! Ud*+g. msXF5sb$"?) ;a^DKuP ٬#T#T3@=>TF&c$ J7%:_a Ԯt4n\hkgPQ'ikiTlQ)={?B;,JȖ S87JW+R+h_:ME6vBj!l1?Tjp5XMA"Cd+kRG߼1]Ȏ+`VQ6'Qy"NBsv涪{xo$Ggs56 {ڤO K9@P1 =1˘AN|(,}&O%۪TLɐdg"u}2 8H \r0x?^.,Hr9|8 &-"Q\I UsqQ{♰ŀr; 9y>ٔckmR+55gOy&E`WM>ȏ͇޻ \v*լ} briA􉳇/W<*IZ{do;3$9ʿp3? Gω~-PXn!]ǔܚ&}+\=|ԎKhό03ng3XMq|} ([[`w*pA[ _ǴXG=^s7?7Q]˭Y, LЬ,mRԆ vcͭ;H&DLt2:Kl\yT*=BM)8xa31B#|/"5"u4 ;ĈYx (~ JZe2n ceQH``rRg ACFtQzVGx[@*+a)=<ϿkkWsA[if7*F 9Gh9Ky ChLZعhXJa4dbY  ͊iT@^3&W:Lk KԆIV(Z9eAi2U3Ha[7v8ڐ]Il ?مڨ0g,j8ikўyB$͡b{sІ Zz% <‰Mo{< b Ĥٔ06nK*q{lxހ{;+Q?i5cm8-Cx769/#RPv|k۔Du0i1gLy?c8NW\`݀Y5,H$Riy%]x --0 9{0z7}jfb:X^C{o;dN@Isf p|{ Ѐ=_.x:Ϛ9kN Eq. ^9 ұ\M@ޟ@b1js=D2\ġvxAͳ a&c"2B} Y~U0xi("Ԑ%dQm (BkH.nzj 89M$t;xtҏ D ys8JdMC, DEqRcx@ Ր7aTCx dR7LO#KyG`dpP+Z6H9ࠃ L n3(|dŭWDNrX[wHo C/)}81\Ϩ#CiS&?!~G.&"B/,D`NhT~Ov8%pC;z!|^y;N)g!&-sB-WГ#vMHIFǓI1p5ȋgH L H'D*dP+% L$P+! $0*%3(PHnH llkR}%Wܥ&S&(#wɐ3cZ6Hd)ׁ{smNR ,B77lVv Ui6Mݸ_%>͚񳆫ϸ=#vLˣ}@$Ɣx ]nDraPōU|C*(D2J^h,/xi"H!d[£`{_0=Nv_55WFVi}JtO|Zko5ݑLB{htJڝ.gإ8OQ {twU h]8ߌI tRexК@Kor{bѐz&=s%.nMdcEi_E>{RE#rv?gRn2RޤAJVC@npȁ|ޗE;ovŭI7JJAc7]^4E-W{> #:쒱&%Er i" V@wZ$i(Q0b Ex Y=~֏&|m_0jVZo23wUt?eo%dh]iBQiPt?~M|~p&} I ErfwuyQϫn;-_Q ,jW}~ -D/ erPG|r)ޚw 66ss>DHo7ۜvDRls۹lYǨYc7Y9i^R }ẉx̨"^ivg|A~\,IsRck͝=yNp_!Ku+; aVÜ?ngߋxdYtNzN=+<7 >@N+~-HPD~K-,Ip`@n 򫠥ul H2ۇG:%T,xrs2ΓW O҃lH9C;<~RBkqsWƜCo%lY"(B$ԊL }xP[`VJWV"F>+yl:$AK?X+X޼3Osm\tUibԦ֌D /fO˛'6hL{r~9^Lo32gvO=1rdl{uR9纎̧jKm6xYA[;yzBJ$.QFN<k*i,^sLMgD?8qG _cșq3b֋=| 4Gh5{V%0]V]H6ɕ6R-3*~29|r=sx{p"~9['9#〟@Jzh&d堵lE/&ޅnp ^v(뻚ႩÓyIC#t0+[k`՗ oQjs?̧`ě!x(?&=6=g "Tq)6k3܆& Ao:F~d9 IOY%!)r};Aw9' uZXj2{";Sl҇h|7)Y=\x 5΁aܣB~wCk:L]]饽6`]6_{n^:u! :qDaNНP{lJxyдKAbxϝ]=[n>n=.9oB ,ҏ ̈́ޡ"Dn"L(hi?o}VKm`/UZ3ۿpoڻdFK]S{חNs%:й?KsǢ/c%Q[&kw ~d82RR >j(0NiqUSW85%%Ml}/FBG['߅&5LF]rS&5%=^5-Sإݸ :nxqs}Ik7qV!;g- pA၇RFmdel͉EҨEk*{n %^ Ut ^!7Bo=Mlr8ex)y m`ϳ/<9h~(}vT+߯&~@MnQY|bίSh.7GU"[$?ֱ%A}gD <@m7!.1_qjf'Ւ<Ƞ&ZJQG=/_{ʥu7?%c-?=[dKݖ>'l'?߄T? -/6TW;DCiA0T(,+M+%[Ԑ6o%EեeU*CZmlZfъBq9`fِZ;jjuZ겉e&!X\YX6" mIgn $ rN3NGx pFg4<Jyq8  3 #}w“R_aMt ǎbtc*y#N(2;@D ¡@i=p657īc2BDު \*>xdpO( lQ Z JiWi ,P= EQ 7(9- )p;([S`Q \?W`oVL~?S R\V,TEeʙ\,̬T*բ9|JtTK*xfV^_J│նjKvNpi* ~5V^I:RVP1tiq*J_,+_^Xx,-leŕ̳ڂj@2G1v92'NC 5PPn,Z,mVnEʊeŋJELXQhEa-MdBbV-f! W2X伋J+W SbqQae"qU%E4Q]\gXZVάЊekYTDCCb a3T9}2Jh84[8EeE2&բrR|j=.\RQ%2V(A <-.*-KrELPBΔcSPլ(^QT wAY2>MX˺e9ʋVT2E_kj{:w~ee(I+v~Y#.9:?D&t[GyL{M4,V8OY? FFCB:vyQg)GtO_V\^\UZªk8 _.3L30Z\:}YTR2 &UV^]]9ij>IHO&]|kӋ8J˖.-V@OZ95=#=#*KjJorIV1EhݪE"Mx ɺزeQVQR;Fy jp)*1,^kURFp}Z kbd..'A٘E9ּًۜZs̵0O KZ6sU2,#>eABJ?6jE)GgmlNJ%Uy8Ti)R訠 ~a#!nG#MX3gvuAӡѫI e +gc 7&dTHSbb}@eVB0>iς4|FٱViXKU~b)@,QIcy̨7]Ϩ7bȨrĨXeZFjcA-boXC%{cVW24ػ4+e>{j6ΝʨhdK\3n_Lkn'u@ zBc!knMam4&CFNcsK]4֟xdwGjnj\_ďWjB(cG.i8KDzpWJ4UE *HkGFYU< RTVH1mt@!QϷΞ3ĬMG}g\7"296 f(#s~.QҌz<"FLˇyl 7w#~neԿW*"q6 9/F4yPIe2(ҕHB ,w*%^NXD/YfNʃW&BzQiG#JJ(]QwbFrm2`O bЄB s֦P|V`M`> N±Q5dPZݷ P6H=Ƣ](úkcNWY(L?j)nʉ' ACUhoc!ʚعU+0ic՜"2M;vR'mZI8:v:S؉Į_y%qI{gfE9=;}=r~Ν;w&yR.7l kSDBj-GT[0 `>-`%p3DD+C@d  1&1sc@W&1 ̭*0R{0ֳBj1Ư c'5{װ_Hjs I I# cDsG_e3|%갿HMqDޱv'Bc('$n@峰_:7hS8oo8 kn wjrDi lz\"~O5/Wq R:jTȼx?230EN 1ޭ`]7#R[aSQ:RS?钚;k(t0"t`?V[fP㢙 04pɲi:δ&fSDZnBUX:mgp\Clt7V[u zCj0TB`(Az'stfUM͑Հ 3t!5(0/NCzFc}?)Gզj4@ 2LeV 9nkM\"$ _o4#+RYO8# "u o`-Ej^pL׆H4qKWxXc3,8^ш|Sۼ9SII90eRsgSc8`K9Y)KdT)$ZcS17fbW4!Wm2ZRC_'i׾qg})@4H#Df׺Ni5$jCDJ67ʑbb,J:fZ;nU~I?!(JV@ڂ0B'ɔ:J;šz;O9ҫ|YnPr3jU|6(!t3WwQ9t/¡+|t+6+rC;|;/S pmRV vu+;8ԣ܊wp)Ae;9V[]Oy ͡oɒP\9;9RBШilc%SWj8zO.zxMz[4Ň nxbp#p ey/<x0x' )|f 2YwG(2~8:zli8\pp}q>G TCc7Cx7O&.&À HaÈc/ClA*Gc+#0-V n~}e:@3|Bg.$ lk{C=Tt9]53D$[(G?pgB 7p|#PLjd#,_H H8*Ǧ6dحLPT$՗@Og/e`z@䨦[a%dJxj'(t ;C7sXٹxad-0+4 Eq_*GD" Ƃm"F =?;4HjXP:SX;q@':HOtc"E6r Xixɋ)0H,C+T+1CD7BVt  %pdx"G $_q>оl ]v ZW`z !{hBzBX;͌\5+" G$G`o;0ju* Qtg ^ PŲ3׫}T?RyhU+dcI1hu! 5F6 j0Q΢i .Hqr~YUe;%RJYa$hWnq`6W1|9obӊ EbO&d#.C?v]|aQX!`l'#)- @+ۯ3À{B5~Kp?gD,Z­9kk H[LV3ºHp p\}]u&̈́!2ч b?~Oe p> CK4Tgd< \7Q:``/OD6ؓ,8$>-K8O3` )yS)B-+ ]`7ѵ(2'X'H  p F˄ \TK85h3ۀPln:[?h'+G= =i;ć!W4+GhM ? }-b KM/ _kXVQ_pIc$+Ў̼Az/|#1=cz\ci%4+oi5tீ+BlП$@#Nquןw9> cO{U\l@9zpuG+0րI1OUH|$3LM J|Q/1M?D]} tphSmQMC % Iml ߄[ 1 q O5Uߍ~ +aU(z~/C 9qP{:z >""sܖM<U/qV$ O6h7zJ5b(HLNb9L0DW߇PSY7sp89Fӑdōo.J``1OfWʕd-_Spd0 kQZl1!,ܫxB~Ǧe~62|{2bNHL} 0y9 {fﲘ(OV]//_&Ue/:`Y3PdQGYêtᆓx/(Qv=tDhO*hgvKaaGUŝw* x@,=u#YqR<#1*-S58Q*6AwԌ $+\#a8ѡ#,Iȏk;z-ݗpS]OKJF[`L!_l+GC b>wyGp2~;%`ƃ^= t<\0Kwg+6M&7>, [858Y}\ںcoKڜ.Ԏ)öq4Vr XMǹĩ[8MSN߷tRwu-,2"[yoe-4m_IӸ/԰sJ`=M Nd' nh5!a҃!5 ѐ%R_Ò- #r%/e1r%^M8TQB8eXa"@,1^lepJ U`P'|kxyd L*/ֱG /RcTo /":$bXo:HچHuG*5e2 ҉L' ]#(w;'ù1&bd0WI҉$i.N`hd "c!_ `( 2k4-#5* f"`(@V+7Pa-$XgudT"`n^v5\mε+hLj|< yE2FUpR*i`E,a/.& T+6px{v-]l[UV>׶KmZnv3e2Ҏ2\Ը9\avo n0t*kh:J,ko<`zl;òle[Q$n_ũ~ѻ5tҍ))ZZgw7rjq: n^>g˕MO `C%y^e ɀpUIr^NL|'Չ`pc^0[6Auj;u _LH] tssăEˬ^ C鍍 i] Y@P*!0AHYc`CMu\dƬ1*@Zֱ1k=a11ˌƘTj.'lY n~'nkj~.FŸ"¿vx УʈL5>?nYܿ뮳z ,%}m,flhNxz~}F Khc5&$/N3qbf|+(Pg9.q2z%D!9<1`nfApܜJ z($:I ) m`!sN&laFAYE#r؀#yFʥ=!G (& 0gV6<14òo Ozމ)⦩bal8OOl 0p\.?BqoJh |7 %&1TZRJYv,KuD}Ɗ3Xl*ay՟.#H%`p8* 7ALhX9dZ.\D(˴I/=ֳIXj=&]<#S0R0kZm}o6@3'i3 P:n\3ԣZsXle *Q3(PvۭV遒|̊DvPP)POܢT0 ,ϑ{uV]&U] za~"CXAc|v*3=kDڒE=)uGۯ[g 4ϊ}+@\"+`!B>囋cnoBj+2L<Ц.AWO.%SX۶"8AW%RM6o2ܿc|;>זe6v{<-WiW_Z}_ryϻP˒MA}AݼL7,z /|>k񹼷JY)K+S՜2{N sDcz%4 NAhI췪8*:6]d},~3 d{\[{8\b-|63ɳNo܌){"OTn>d̗!nzs=)RsvҾkkFu-S&\МUܬis UDnl*ll=EctX1/TH_==81N)yxMApv ` i?k]$n[2="g.Fҥ>+JK?a)y|Ғ,ZO{H|y/$NE%JhPBXRΔsE)gb%LKo,5"i)IҒ:ChifXfY"JUqm PF\KI3{AJ+^+P#O;TBK.eMV*QWQh2ߵxg",rLe6MU;)n&4e-pq7afznƶç5ޚ0+!B[KžyN~uyy5ZwV!yϙ2de_*:?O[i^t^ј&0E8qW38c噣Ӣ4gyN&9oUo6$~_ ~@K ęV"]&90| IT!yրO|U<bAmV|\ɶs 9T)~}\wP|<$㽗9|mdZFg3tfKo{0ͻ 1D-!qAM|-"ynk.e}%,{ Behyo0|Q%x$|qf<3o] pWu^ؖd?۲8fЀ\Eq%nFbdGu[=՟*LҐtuкL5 M fäi=4FS\43ui:d%=g{ٷPӝ{{ヘ࿦Q?mb2 Df՗ycQ5\f/Wfɶ}_fw,ջx9k}l;Geׁ~r3U*ZF͂UΡPNi_+dzӞ&Bvhw ј-bJu] -&3 2_T̈h }AX8cT*L8V5t.V ~X7GY[lZ2bVbWHkdb>2| _R̆xr C ]g(OkY,hKA[|]֝ːPӗm1MEȡ;W&x/rQ/"ԫSWDk8Z'DY> |'R/#9ݹΕo< ߈Hwh`68o}&GwMp ˫Sa>ttVKct\ЪGԽsU.7W꾚Mj*_6UbU@f#t^jո0_ ߡʊ%Z>P Zz̼U_ ת .כ$NMXu?_NR'hбtd<:vX J5q^M?wfW,Mߙۨς;^^}{Tc=2{;dc8_4qqfWyi7ժRِYM@1.k1ᚖ>d3VqL g[ۇhXҌXG5Xc>AFԲԽ)w'Ϛ>Gh\G`נ @“s/@*<[F)s`xxrOcץa*ze Ȃ' =JH* EHg[d-҆o"󸛰a%M^૸Bz+cBoJqҤ:} x},R65tkѼoXijhnw(hd\$켃DvMl},i?Apvl9!v6XQvfag-r;BkŦ駲:cmЦhmGA~l9hì&l\1JAя,>[WצDZO:WK\M+>~Z4Ig7fkk%S~C@{\bb%A|IO2 F.FHVA~2 #m-;HmaӴ\ZT̽?|=)r v?=nWۋFzMSoAeo%Eǐkk%>Bǝ+ ӳ'<.g@Z5V[Ֆ5F7֐Un1]/佲 ߛl5+D9gTu^*pokV}?W>v141}*#z?$9%,i\^''쳍pq.usu ceS M5f}*usA^~g"EkAuֺ-꺻k.)|!ub$ya aRV~_$=;a@Cbo#C_}8x婜9^-'u)2L tY/ezV)~ k4kb;Oogr/7'̗؃l<;Gqe/Z nMMg}bmMk-0J_Ka2X;5F^}hJEX[s HC8Q7ƍR6>zysdD9>†jdp^6PbP57۰Rlci5:ky75j| &F[m1bz5ZYUqVkzb}ޏU9lA&S}X9-}:kZ"҆dp>쳨-}jx &gd Yy%e(%{μ׵:,&wdh6+Ag!'EI.zdu aJw'jO] 9~#j,y~J$su_qWBGE|]G^ a" B]#4g#,a.aSCåC7U<\$^_uy>йzN2Ԙ*sMcCuSrxK$Fu #9v} F?,H>,?&9Zh^oo1:̅3k*' -aލ@Kw_W_Ot4"V %/ "3䗀}j5?3=|1@vי! y9U\#njo嗬OE=&5rcHK C3-pl> "drOtI!N> Ʉ2ӭbN-ys?*Vy5ZQ_i_˾,{COKa2_xO!3)^w@:kZC>ȳJM?6Z/rQ* }im[f1W ZV ,Gѧu^ouW d8aGk3ur\=urŐ'E}@TOX'Wq:x]KF>ukI>u; mJ~0#[Dһ,ь2_q##Đ'YⳀlSd;  -avܯ jaF?ʸևmGZZ^/3X/1@T "> @sv+zx{CVVd6R.@v*2wl6EPa4XE-9hXZFzcdU@(\"s`ȗ76 2#rŽQNȺwc4 HGJU(xXJ}r#Sqr ;S@bDqkl(5mBb w(O}^䣀lWdL^r(f1;K~EŪN> k1'ma7ZC6l y 7¸Co_ ;@&ԫw1GQ,f)M'7S,"C9FLx4~>V1O`?v̱t,ܼS3fJ5H4) Q]FG ׄ+qRѽ y ' a}ᑽCCz#8t,(8xe#es0<Tkdx֤>[,I W弲Cpb5q21jˌ[t}_Y8ԈAXY-J"ƲY+J:xVTwI_[CW0ҽիp{1SԩSjGB.;fr*`$payhpWAr>Bl7!}ht*l: b)3gt;W.M2kB *'p_rN%Nf^1;wߥ;%*8 FCks#c8OFz@Â#s'~`!Tո7` k 8,'t?jⶎ_0{];&SX}D:t}!) j bVJ.}3㱢7=~㾲7wL׍W640m4q% 1K/k&zйlk1$m&Е:)QȍP(|i!B`СJF)tgȻ-1h,ykZ5f B fI_fwR3128~C˟pqkt.?;]H=gF bT` CﴇIcA-9cq+kh秕ԮХV8;[cctt(/Q='DP ] 8;48oY`A VyT(4ւ^DɷTDmCM vJ o3&)dRgIIv"cĕCڵ]_$Ơa/Gz "4{Zݴܡ`P>1Kk8TJ]:ń4s~QnC7a;RbM}>E!>d.9cpO <@duўh) NȁV WO杲Jv]bT3Ibrgv !˙ۣi-"#凭N>ݭ9kʅԌSzϸiTNSCuq!*oaOi hJ&cn=.kfB 7d.g;rCE_ aƻjU(A ]/(^(Gkxi ,&^dX3Rlm\[!}KSwuwƈ#`L@#b$=OA`̛쇡Gxñ1W \hC)EZ9bIʊ,5R CPUJxU6.DO8wa^! 'X:tFhBJDuGHpȊ9~LEZHUmkˤ R "$5W'uYa*9m\PuYI;]y`U` r~23swШB6eʇLݣ 'YKװ;u?}RY>PKսwPK-hVicon.pngPNG  IHDRnPLTE^S9tRNS &8 BzI ӣ*2װk.p[VNφ=u_Sgc_v#IDATxVP $EnjGDvHN{X afО^fQ,7CY)?ObP%jY1ΏW#MGr -d;u!kuF)kHsa+պHy$doĜ/BHyJcTB6"%=fHﻐ-a/d΄榌 {BE&|ړ&u*#)0,lV)0,l>R`X6smR`X6)0,lU`MgεЕҵdwP95 Vk–3 [4o D=D+!հZ`+b0{Ks0,\%PcX$]|p"Z B0,\5+cXr1>`XjSðp4fPѼ*3p/ T49,PpYAT$._7X uFX pΆ='w"&TX/Jq''TpZژ˄X׌?6o|*wUؕP^fxϿ_/f/=~cmd[{$ \\l9$cs CrͶ{=tqX / wbc" ,P,Hm_ KC?]`~]q2V(u{s=h{̴\q*VەmM܂!X̊-#'ڽ-T;8pBۥv;{qpΉ`*-Iޜ.vv;&@p؃?Vau{s+ j]ފ.`b?~ÿG ~gfVPc* 9}8ža~[⯍PB_~6%s_6 )ފc@)NL4tP4KC(YPdLsХDsN=@B&:w[i@ÂBUP B"UP/֞4*,pWLDH:i]PuFq.U:nPvF q! K6ވYXp'y8$0ߏ_kQ`GJAI`#uj$W~ \P|I0_J`~fVK43e `~NX\LXz<)GF 0i@/@9 x^'uh \`\3t*<:h Imfsx!`=ʍb0..H-A#m'0.@A@0 # p ` @0 `H:lYlK8/`!$V`A $R`AK v ! J(Ĉ,vr@M,} DP__ FRWb3 E"C1X```5" %1n HL|Weؑ"u B늭o$/mΎ vcy$ Rn3F3MO% n߿-u 5"+FGl-qM|%m*" ra ~mP7@ 3_= ]5IAp1.N`4vi޺ UlUFVb[h{`Z8@lܠHc dkO-0%z^=ޥCW=>$ɠ`b7.;iQUiw`kmf~͚og)lҔ(1POFXv]RMJTq"1cF{ D6.)q9l擑ڽA$ּs_#S9B1ОbNԄ(', "*qW\Ǚ=甶3-{aL&ϔ 0\M[F΂q[sqh1mUxBY# ePW F-Y{0ƈ;4>5F1}.!3\͌FZ eH `Etŵ-,1Pܧ0 eԐ\#k)*HKն*M)] d7_\Ӂ- ErL'M3vwڷ.厸Y?Rpςxzsu|:U_-޺ҘM[x[mOxMoCq @ ^ FD8[|-`:w%jV,Uw\ \iXW>3r /]0nO,Ѷ%af7\"o p&P7s«xj品NxSWIxyO0N=]'ӈ^M9}h%| *'a~˛?2O.TP4CL^ wT^sqB(8 'Dٷ/ɟgI»$_+.VKVeG]:ZHb#JCd$EOfJed@\0m&$oօyΥwp *W<3HKr< x;q@#vSf d;;+rGA(M`$r |xHQmM}|*=9rX|3A7L9 h'o !hk  3 #韢D'IKd7;a?D dUOWeld 8]5V\"ғ~nԜ17;I㧯!cȏ_ ҙsૅtH9AzgHλu1:۾p (6TWB+Y8Pn:xvRWZ4P셾ڥm4^32cqu{h@IU鿽ޯ^/\-&̴ Rs3wco7_BEVr d) PѠ?[ i:[m@Ah݃_Q}97Pa2";#$!9o@軂Db1tW RTHLL7HsNH## [OB%I*ڷa|TLT@c`+†nD%(۴w#@$0sT޹!QKGM.|0c3S Y(b@VD (xߢ֞IjU9fh;3;;kᇺ]'?tD6- n#ek .@6;O%+Ĕ121%CXBTh'R LG=LE&%BѬV^'"xX?a[d xY?ȢB i"61_>?QMηֱ7@9@,<(P߻@ #Q\h㫋~!_F.ЙꐍCAkߦB(XKHP 3Q/@`}\8X(+(YW»pzOB4XիYb!α9sjӁoD t|X ov݃?!mcdEferUE:$EuDL?O3Е,wn|S~@#0) kf6 LRZglftR1aR(:?ǼDcL^~;!1eCFӔdႣ\po(,wT{S" I  :%'w%/gT.Ӫ+2?D߀!|/vZlӟ3:Sw0߹;5z`.A!%M拎f#kTDEZXΜjңs4<{٤nc%0!Me\_(L7)5\/`VVA|m֩ ls.;ƛ s nK_A>jN q՟_a?kWGS !` :F.?MAЅԎX;޶A|O {BdIsg q<Ўj[Dk_n HO% JM7f+sS/W6GbpQ`ۂXa!r6b3_.Zj$jЁL%DŽ[h싒WO-nY <F&Ϩf͞~'Ypcːܦ G?KNJ7OhjsaF:$LbJخC:ٮRںPU^u}С\W5Wۄoq>F֡Yй.t&VQ>gvL: V{#%tdUQ)umW3;:jP8Qڄ;n p,\Jv{}DH隒TYq8>O&.xzPJ_Fo͞=t<Օ/;㭣- ZB"^DnΔ RUM3!3vr)m$Zw{tNP؀Cw&\K) Ӝh+_љIo `[FRiMq~㖡?/PKJ؅qPK-hVAppxBlockMap.xmll]o@7`K ⦴񛂨 qc<':K;QM@":Oh = ^b@(xK,wZ=eA` <ǫ,ù1O\UX"+v"о1!Ix|4p֒SN"bPBgK7^eOlx&3{d54d|y05'3' _ Vto@a*d'l0RyY}[ ?}x?lzPKI<PK--hV unsigned.exewPK--hV.icon.pngPK--hVJAppxManifest.xmlqPK--hV$dAppxBlockMap.xml-5ȩPK--hVI<[Content_Types].xmlCPK,--nPK'PKPKG/PK-/_Vunsigned/AppxManifest.xmlTO0~彖Y5UI EBjY5<Z$v߹MJS%;wIΛ$`*hD (WR)n}gd/`@+ҍs1+6PqURmEBWu*ckՊ;L^Z;iy!4x@ezF8H`pQI4D n R-,BN|D#dKi7`R:KߠU]B`6$Mqr-w0$?~Ggd>pcːܦ G?KNJ7OhjsaF:$LbJخC:ٮRںPU^u}С\W5Wۄoq>F֡Yй.t&VQ>gvL: V{#%tdUQ)umW3;:jP8Qڄ;n p,\Jv{}DH隒TYq8>O&.xzPJ_Fo͞=t<Օ/;㭣- ZB"^DnΔ RUM3!3vr)m$Zw{tNP؀Cw&\K) Ӝh+_љIo `[FRiMq~㖡?/PKJ؅qPK-/_Vunsigned/icon.pngPNG  IHDRnPLTE^S9tRNS &8 BzI ӣ*2װk.p[VNφ=u_Sgc_v#IDATxVP $EnjGDvHN{X afО^fQ,7CY)?ObP%jY1ΏW#MGr -d;u!kuF)kHsa+պHy$doĜ/BHyJcTB6"%=fHﻐ-a/d΄榌 {BE&|ړ&u*#)0,lV)0,l>R`X6smR`X6)0,lU`MgεЕҵdwP95 Vk–3 [4o D=D+!հZ`+b0{Ks0,\%PcX$]|p"Z B0,\5+cXr1>`XjSðp4fPѼ*3p/ T49,PpYAT$._7X uFX pΆ='w"&TX/Jq''TpZژ˄X׌?6o|*wUؕP^fxϿ_/f/=~cmd[{$ \\l9$cs CrͶ{=tqX / wbc" ,P,Hm_ KC?]`~]q2V(u{s=h{̴\q*VەmM܂!X̊-#'ڽ-T;8pBۥv;{qpΉ`*-Iޜ.vv;&@p؃?Vau{s+ j]ފ.`b?~ÿG ~gfVPc* 9}8ža~[⯍PB_~6%s_6 )ފc@)NL4tP4KC(YPdLsХDsN=@B&:w[i@ÂBUP B"UP/֞4*,pWLDH:i]PuFq.U:nPvF q! K6ވYXp'y8$0ߏ_kQ`GJAI`#uj$W~ \P|I0_J`~fVK43e `~NX\LXz<)GF 0i@/@9 x^'uh \`\3t*<:h Imfsx!`=ʍb0..H-A#m'0.@A@0 # p ` @0 `H:lYlK8/`!$V`A $R`AK v ! J(Ĉ,vr@M,} DP__ FRWb3 E"C1X```5" %1n HL|Weؑ"u B늭o$/mΎ vcy$ Rn3F3MO% n߿-u 5"+FGl-qM|%m*" ra ~mP7@ 3_= ]5IAp1.N`4vi޺ UlUFVb[h{`Z8@lܠHc dkO-0%z^=ޥCW=>$ɠ`b7.;iQUiw`kmf~͚og)lҔ(1POFXv]RMJTq"1cF{ D6.)q9l擑ڽA$ּs_#S9B1ОbNԄ(', "*qW\Ǚ=甶3-{aL&ϔ 0\M[F΂q[sqh1mUxBY# ePW F-Y{0ƈ;4>5F1}.!3\͌FZ eH `Etŵ-,1Pܧ0 eԐ\#k)*HKն*M)] d7_\Ӂ- ErL'M3vwڷ.厸Y?Rpςxzsu|:U_-޺ҘM[x[mOxMoCq @ ^ FD8[|-`:w%jV,Uw\ \iXW>3r /]0nO,Ѷ%af7\"o p&P7s«xj品NxSWIxyO0N=]'ӈ^M9}h%| *'a~˛?2O.TP4CL^ wT^sqB(8 'Dٷ/ɟgI»$_+.VKVeG]:ZHb#JCd$EOfJed@\0m&$oօyΥwp *W<3HKr< x;q@#vSf d;;+rGA(M`$r |xHQmM}|*=9rX|3A7L9 h'o !hk  3 #韢D'IKd7;a?D dUOWeld 8]5V\"ғ~nԜ17;I㧯!cȏ_ ҙsૅtH9AzgHλu1:۾p (6TWB+Y8Pn:xvRWZ4P셾ڥm4^32cqu{h@IU鿽ޯ^/\-&̴ Rs3wco7_BEVr d) PѠ?[ i:[m@Ah݃_Q}97Pa2";#$!9o@軂Db1tW RTHLL7HsNH## [OB%I*ڷa|TLT@c`+†nD%(۴w#@$0sT޹!QKGM.|0c3S Y(b@VD (xߢ֞IjU9fh;3;;kᇺ]'?tD6- n#ek .@6;O%+Ĕ121%CXBTh'R LG=LE&%BѬV^'"xX?a[d xY?ȢB i"61_>?QMηֱ7@9@,<(P߻@ #Q\h㫋~!_F.ЙꐍCAkߦB(XKHP 3Q/@`}\8X(+(YW»pzOB4XիYb!α9sjӁoD t|X ov݃?!mcdEferUE:$EuDL?O3Е,wn|S~@#0) kf6 LRZglftR1aR(:?ǼDcL^~;!1eCFӔdႣ\po(,wT{S" I  :%'w%/gT.Ӫ+2?D߀!|/vZlӟ3:Sw0߹;5z`.A!%M拎f#kTDEZXΜjңs4<{٤nc%0!Me\_(L7)5\/`VVA|m֩ ls.;ƛ s nK_A>jN q՟_a?kWGS !` :F.?MAЅԎX;޶A|O {BdIsg q<Ўj[Dk_n HO% JM7f+sS/W6GbpQ`ۂXa!r6b3_.Zj$jЁL%DŽ[h싒WO-nY <F&Ϩf͞~'YpaJ1ɹXgdYt75b\=:%drR+xv$;;d3=yʏSLN!-X\Ǩ߱1gZ` RAJ0xf'B&s%XBmTK"cXoy]Q;<|֑ԞCw=Bb9Uǎ6Gq*-YY}zMXm:t@dCJ`R̃G0ܡ,[jpȷ@.5&_Aw3EshDFL h[{EwMTOȫЪxBjQX|AG2I\ 4Mdnj?vo<ײdt ٍn'_ZsDp6'_r;`<mضcdR;c4L6V߆ɮN't&0K-J=EZm.Igs=5-_r99;nM+qH@UO+7pDG!3 3Zڽ/*zMmà%(x@\Ppة9ӟL;XT$oq!ٓ6C82΁,νp?"9[^v=[wFr.С@#o0xElg,tHt$Bw,vۛ8ɳ$ÿ;K׉lACJ(4^' e1.4NjV'OR*+4Nb|NgGE0ԟə#3 :tWZLg8j}#J4exty{eKNEkVgq/C~qS2;ўvz^%$jzf6$5 S!`u;Q$dWz^$/2_ەz|$# B~\i*L"؀D~X-N&Sј G›*ci~qP ٗ$ PsG8AvJ8>}5d ,B:7!@hk^!} HX0)dd[ "K`f4 ibV*UB>A@(QMK*5J'6B뻡iN +HvΞhOK+`f0syGc炔'U#1),?v8 ܢi KmQ {psd$@bAgrނ&skB_gQgRlD;yl=R'Kn_d.=o&)U s1$"ok1qC~4Q@3R36#N2,4rP mwa *uyA)?[ ~4ޭ= 48Z@ʺd|򎣁#"=R\@}{d}c+!aSA$t=d:#{ @'lb|`>-Z !$SќO4\aߓ߽Hc{QiѨ ኢFWR.JJ!ǑOj"h&ovSw 2 =T=,/ \N4٤Hhd'!٩V&,=R&u\ek'NB8]h;2;ynf K\[f([P`ɂv]:`7}"O@B#%hck#5!|b*'˿Yug*8S'G%xOy7naѢ7byξSxR; '~ Y0@q7P ^J:Cae8}7mR_7p3e7 ]f7n>ʹ6aqdBJvS7oգk+y.0٤~ T/2PAH y=$AL|%"/qtT$8O@,CcxH "K)5mVWWD~Bx̠ݷf:/@C>HƊwR96vK,:g::'o.'XXC=DT_JAwezJ 8&Lz>.B c^/0+-11#L;Z(FHA4'T@5qX[CkÍPef0^pN@KG jC^9؏-<+huߎ bN_x]ZpRBC7hj6ਣD߂GGMtP%HH?\3BȕR 'HcCDN?8W z׿.~ RI?F!$tMOţ6qӂsX[XbnQ0Dy,er_Vi{T dqT#.Q8݋a{Ǵ~B;[ӆ7_䞆; .% _}:Q0rg[ rqhT9os]L/ Jݶ{ޣ?0G !zuV0ï)q>``īIO_\,L;& mӇ?{6 MN_ٙJ򳻏{t3$[ RmftnQ] aeu4 &5@STQV<ƹ`i e<Ȓs$ڇbe&ټ8Г?D_Ի#4#ssy^nTjHMrwܦ\>*2mTIlP??D~[@fph[lGE8k5a~Ao7-ZQ3I-xRPyWKl1)Mp!A s!gχ{i }lZnbo\0CtآOz1(%5 }1(3Uv&0Bq=/mlF0kqƣWsm,*.hH`¯1Vp6`A^pNCxGGu-yAJJ XFsb;Gq>1u(Kxc}ka2 2;A tQS"` [b87v9C,}9&a ʾҏk/C31TWa>i7ت+O,AH?Ά9:55*h*peXA2#F1HgY/h;ܓl/t6ԣz@s:N&F?uG6Dr4 =]~] ,CdQ|W!(Fe+sEsL!>{-ฆ JSw| k?ηBW"uYmBt>67m%ُf-@$QGz DgSt'Fs+[`L 8d[nd"T{/j,\m+*,<Y8 zRof{fԡMT?ϜGD3G[Gwk2Lވ {rth;/_}j}k-{3} JJIlW< 8}C'7>c7)8h}s xa;\LDI?K g+ uvN{.}MCmnP.*wJuqm[/ ?\o v sѳقţw u"`,3P } ^:sf !xV(Q*rLgfz5ܝ.+70wJ;Q-겢3pI.z ?0^_wbCX{=+\25\/cL> V=p+áQm 4}&IvdbS] i\G'81ø..֤VC O/:"2泜 @{Rp3ksf71'_uNtш?8V#zr_"$#SR28ymbؿ`;W:\C=n?mlpdيK䅭xH< tt8;uz|H8<jkd>\ϑ:9^]jzFAPJI΁oyoz6}@p;V'zxW -ÃF?Oތy2w cvO}y{Ej<}az_}-L4"} {EkBGjvpgQ&E T谿C:ŝ@'b8+g@75v8d@ Ώt#߿¥&atQ~b?Uc?Srz:߯N(.CfrFr. RNZ Iv]CCւh;v~QH[ߗOdc7aJnj(m0!piཇ|' C:O,]z X]*3VJ@^Gj.# AH#:+Wg& Z=EXw㒈Pɹ눾Y$Vɍ $4mLm߅>LcI !l]0>Ch̠5'X(-B|R $u%9?j\fP]vq ]ImZK, d q~YO5hq '@J^ޣy[)_ҝ,n/&]lCyW} y!~9w`ZεT0щQIU~0.ր%mKm["Cv0QջΓ-03#ZTh/[kI`T}B*W2v#M1"-/_wP[[js9BU3];( Ig7 >XG5b/wPYxVa㿝`w IZQH)h!%T ڀ}M8IBJpdmcRƎoyX t^^^)(w`r_ ܫ8͗+ښ͟CoJ M%h7f,F){S@}Oh0O'3_AzJe{“Bc<4Jt0nqrՈH/͌_Oa)? Ze!/P% GX- ۚPyC(3PF:c֎p7=huŴD<*B,! Ud*+g. msXF5sb$"?) ;a^DKuP ٬#T#T3@=>TF&c$ J7%:_a Ԯt4n\hkgPQ'ikiTlQ)={?B;,JȖ S87JW+R+h_:ME6vBj!l1?Tjp5XMA"Cd+kRG߼1]Ȏ+`VQ6'Qy"NBsv涪{xo$Ggs56 {ڤO K9@P1 =1˘AN|(,}&O%۪TLɐdg"u}2 8H \r0x?^.,Hr9|8 &-"Q\I UsqQ{♰ŀr; 9y>ٔckmR+55gOy&E`WM>ȏ͇޻ \v*լ} briA􉳇/W<*IZ{do;3$9ʿp3? Gω~-PXn!]ǔܚ&}+\=|ԎKhό03ng3XMq|} ([[`w*pA[ _ǴXG=^s7?7Q]˭Y, LЬ,mRԆ vcͭ;H&DLt2:Kl\yT*=BM)8xa31B#|/"5"u4 ;ĈYx (~ JZe2n ceQH``rRg ACFtQzVGx[@*+a)=<ϿkkWsA[if7*F 9Gh9Ky ChLZعhXJa4dbY  ͊iT@^3&W:Lk KԆIV(Z9eAi2U3Ha[7v8ڐ]Il ?مڨ0g,j8ikўyB$͡b{sІ Zz% <‰Mo{< b Ĥٔ06nK*q{lxހ{;+Q?i5cm8-Cx769/#RPv|k۔Du0i1gLy?c8NW\`݀Y5,H$Riy%]x --0 9{0z7}jfb:X^C{o;dN@Isf p|{ Ѐ=_.x:Ϛ9kN Eq. ^9 ұ\M@ޟ@b1js=D2\ġvxAͳ a&c"2B} Y~U0xi("Ԑ%dQm (BkH.nzj 89M$t;xtҏ D ys8JdMC, DEqRcx@ Ր7aTCx dR7LO#KyG`dpP+Z6H9ࠃ L n3(|dŭWDNrX[wHo C/)}81\Ϩ#CiS&?!~G.&"B/,D`NhT~Ov8%pC;z!|^y;N)g!&-sB-WГ#vMHIFǓI1p5ȋgH L H'D*dP+% L$P+! $0*%3(PHnH llkR}%Wܥ&S&(#wɐ3cZ6Hd)ׁ{smNR ,B77lVv Ui6Mݸ_%>͚񳆫ϸ=#vLˣ}@$Ɣx ]nDraPōU|C*(D2J^h,/xi"H!d[£`{_0=Nv_55WFVi}JtO|Zko5ݑLB{htJڝ.gإ8OQ {twU h]8ߌI tRexК@Kor{bѐz&=s%.nMdcEi_E>{RE#rv?gRn2RޤAJVC@npȁ|ޗE;ovŭI7JJAc7]^4E-W{> #:쒱&%Er i" V@wZ$i(Q0b Ex Y=~֏&|m_0jVZo23wUt?eo%dh]iBQiPt?~M|~p&} I ErfwuyQϫn;-_Q ,jW}~ -D/ erPG|r)ޚw 66ss>DHo7ۜvDRls۹lYǨYc7Y9i^R }ẉx̨"^ivg|A~\,IsRck͝=yNp_!Ku+; aVÜ?ngߋxdYtNzN=+<7 >@N+~-HPD~K-,Ip`@n 򫠥ul H2ۇG:%T,xrs2ΓW O҃lH9C;<~RBkqsWƜCo%lY"(B$ԊL }xP[`VJWV"F>+yl:$AK?X+X޼3Osm\tUibԦ֌D /fO˛'6hL{r~9^Lo32gvO=1rdl{uR9纎̧jKm6xYA[;yzBJ$.QFN<k*i,^sLMgD?8qG _cșq3b֋=| 4Gh5{V%0]V]H6ɕ6R-3*~29|r=sx{p"~9['9#〟@Jzh&d堵lE/&ޅnp ^v(뻚ႩÓyIC#t0+[k`՗ oQjs?̧`ě!x(?&=6=g "Tq)6k3܆& Ao:F~d9 IOY%!)r};Aw9' uZXj2{";Sl҇h|7)Y=\x 5΁aܣB~wCk:L]]饽6`]6_{n^:u! :qDaNНP{lJxyдKAbxϝ]=[n>n=.9oB ,ҏ ̈́ޡ"Dn"L(hi?o}VKm`/UZ3ۿpoڻdFK]S{חNs%:й?KsǢ/c%Q[&kw ~d82RR >j(0NiqUSW85%%Ml}/FBG['߅&5LF]rS&5%=^5-Sإݸ :nxqs}Ik7qV!;g- pA၇RFmdel͉EҨEk*{n %^ Ut ^!7Bo=Mlr8ex)y m`ϳ/<9h~(}vT+߯&~@MnQY|bίSh.7GU"[$?ֱ%A}gD <@m7!.1_qjf'Ւ<Ƞ&ZJQG=/_{ʥu7?%c-?=[dKݖ>'l'?߄T? -/6TW;DCiA0T(,+M+%[Ԑ6o%EեeU*CZmlZfъBq9`fِZ;jjuZ겉e&!X\YX6" mIgn $ rN3NGx pFg4<Jyq8  3 #}w“R_aMt ǎbtc*y#N(2;@D ¡@i=p657īc2BDު \*>xdpO( lQ Z JiWi ,P= EQ 7(9- )p;([S`Q \?W`oVL~?S R\V,TEeʙ\,̬T*բ9|JtTK*xfV^_J│նjKvNpi* ~5V^I:RVP1tiq*J_,+_^Xx,-leŕ̳ڂj@2G1v92'NC 5PPn,Z,mVnEʊeŋJELXQhEa-MdBbV-f! W2X伋J+W SbqQae"qU%E4Q]\gXZVάЊekYTDCCb a3T9}2Jh84[8EeE2&բrR|j=.\RQ%2V(A <-.*-KrELPBΔcSPլ(^QT wAY2>MX˺e9ʋVT2E_kj{:w~ee(I+v~Y#.9:?D&t[GyL{M4,V8OY? FFCB:vyQg)GtO_V\^\UZªk8 _.3L30Z\:}YTR2 &UV^]]9ij>IHO&]|kӋ8J˖.-V@OZ95=#=#*KjJorIV1EhݪE"Mx ɺزeQVQR;Fy jp)*1,^kURFp}Z kbd..'A٘E9ּًۜZs̵0O KZ6sU2,#>eABJ?6jE)GgmlNJ%Uy8Ti)R訠 ~a#!nG#MX3gvuAӡѫI e +gc 7&dTHSbb}@eVB0>iς4|FٱViXKU~b)@,QIcy̨7]Ϩ7bȨrĨXeZFjcA-boXC%{cVW24ػ4+e>{j6ΝʨhdK\3n_Lkn'u@ zBc!knMam4&CFNcsK]4֟xdwGjnj\_ďWjB(cG.i8KDzpWJ4UE *HkGFYU< RTVH1mt@!QϷΞ3ĬMG}g\7"296 f(#s~.QҌz<"FLˇyl 7w#~neԿW*"q6 9/F4yPIe2(ҕHB ,w*%^NXD/YfNʃW&BzQiG#JJ(]QwbFrm2`O bЄB s֦P|V`M`> N±Q5dPZݷ P6H=Ƣ](úkcNWY(L?j)nʉ' ACUhoc!ʚعU+0ic՜"2M;vR'mZI8:v:S؉Į_y%qI{gfE9=;}=r~Ν;w&yR.7l kSDBj-GT[0 `>-`%p3DD+C@d  1&1sc@W&1 ̭*0R{0ֳBj1Ư c'5{װ_Hjs I I# cDsG_e3|%갿HMqDޱv'Bc('$n@峰_:7hS8oo8 kn wjrDi lz\"~O5/Wq R:jTȼx?230EN 1ޭ`]7#R[aSQ:RS?钚;k(t0"t`?V[fP㢙 04pɲi:δ&fSDZnBUX:mgp\Clt7V[u zCj0TB`(Az'stfUM͑Հ 3t!5(0/NCzFc}?)Gզj4@ 2LeV 9nkM\"$ _o4#+RYO8# "u o`-Ej^pL׆H4qKWxXc3,8^ш|Sۼ9SII90eRsgSc8`K9Y)KdT)$ZcS17fbW4!Wm2ZRC_'i׾qg})@4H#Df׺Ni5$jCDJ67ʑbb,J:fZ;nU~I?!(JV@ڂ0B'ɔ:J;šz;O9ҫ|YnPr3jU|6(!t3WwQ9t/¡+|t+6+rC;|;/S pmRV vu+;8ԣ܊wp)Ae;9V[]Oy ͡oɒP\9;9RBШilc%SWj8zO.zxMz[4Ň nxbp#p ey/<x0x' )|f 2YwG(2~8:zli8\pp}q>G TCc7Cx7O&.&À HaÈc/ClA*Gc+#0-V n~}e:@3|Bg.$ lk{C=Tt9]53D$[(G?pgB 7p|#PLjd#,_H H8*Ǧ6dحLPT$՗@Og/e`z@䨦[a%dJxj'(t ;C7sXٹxad-0+4 Eq_*GD" Ƃm"F =?;4HjXP:SX;q@':HOtc"E6r Xixɋ)0H,C+T+1CD7BVt  %pdx"G $_q>оl ]v ZW`z !{hBzBX;͌\5+" G$G`o;0ju* Qtg ^ PŲ3׫}T?RyhU+dcI1hu! 5F6 j0Q΢i .Hqr~YUe;%RJYa$hWnq`6W1|9obӊ EbO&d#.C?v]|aQX!`l'#)- @+ۯ3À{B5~Kp?gD,Z­9kk H[LV3ºHp p\}]u&̈́!2ч b?~Oe p> CK4Tgd< \7Q:``/OD6ؓ,8$>-K8O3` )yS)B-+ ]`7ѵ(2'X'H  p F˄ \TK85h3ۀPln:[?h'+G= =i;ć!W4+GhM ? }-b KM/ _kXVQ_pIc$+Ў̼Az/|#1=cz\ci%4+oi5tீ+BlП$@#Nquןw9> cO{U\l@9zpuG+0րI1OUH|$3LM J|Q/1M?D]} tphSmQMC % Iml ߄[ 1 q O5Uߍ~ +aU(z~/C 9qP{:z >""sܖM<U/qV$ O6h7zJ5b(HLNb9L0DW߇PSY7sp89Fӑdōo.J``1OfWʕd-_Spd0 kQZl1!,ܫxB~Ǧe~62|{2bNHL} 0y9 {fﲘ(OV]//_&Ue/:`Y3PdQGYêtᆓx/(Qv=tDhO*hgvKaaGUŝw* x@,=u#YqR<#1*-S58Q*6AwԌ $+\#a8ѡ#,Iȏk;z-ݗpS]OKJF[`L!_l+GC b>wyGp2~;%`ƃ^= t<\0Kwg+6M&7>, [858Y}\ںcoKڜ.Ԏ)öq4Vr XMǹĩ[8MSN߷tRwu-,2"[yoe-4m_IӸ/԰sJ`=M Nd' nh5!a҃!5 ѐ%R_Ò- #r%/e1r%^M8TQB8eXa"@,1^lepJ U`P'|kxyd L*/ֱG /RcTo /":$bXo:HچHuG*5e2 ҉L' ]#(w;'ù1&bd0WI҉$i.N`hd "c!_ `( 2k4-#5* f"`(@V+7Pa-$XgudT"`n^v5\mε+hLj|< yE2FUpR*i`E,a/.& T+6px{v-]l[UV>׶KmZnv3e2Ҏ2\Ը9\avo n0t*kh:J,ko<`zl;òle[Q$n_ũ~ѻ5tҍ))ZZgw7rjq: n^>g˕MO `C%y^e ɀpUIr^NL|'Չ`pc^0[6Auj;u _LH] tssăEˬ^ C鍍 i] Y@P*!0AHYc`CMu\dƬ1*@Zֱ1k=a11ˌƘTj.'lY n~'nkj~.FŸ"¿vx УʈL5>?nYܿ뮳z ,%}m,flhNxz~}F Khc5&$/N3qbf|+(Pg9.q2z%D!9<1`nfApܜJ z($:I ) m`!sN&laFAYE#r؀#yFʥ=!G (& 0gV6<14òo Ozމ)⦩bal8OOl 0p\.?BqoJh |7 %&1TZRJYv,KuD}Ɗ3Xl*ay՟.#H%`p8* 7ALhX9dZ.\D(˴I/=ֳIXj=&]<#S0R0kZm}o6@3'i3 P:n\3ԣZsXle *Q3(PvۭV遒|̊DvPP)POܢT0 ,ϑ{uV]&U] za~"CXAc|v*3=kDڒE=)uGۯ[g 4ϊ}+@\"+`!B>囋cnoBj+2L<Ц.AWO.%SX۶"8AW%RM6o2ܿc|;>זe6v{<-WiW_Z}_ryϻP˒MA}AݼL7,z /|>k񹼷JY)K+S՜2{N sDcz%4 NAhI췪8*:6]d},~3 d{\[{8\b-|63ɳNo܌){"OTn>d̗!nzs=)RsvҾkkFu-S&\МUܬis UDnl*ll=EctX1/TH_==81N)yxMApv ` i?k]$n[2="g.Fҥ>+JK?a)y|Ғ,ZO{H|y/$NE%JhPBXRΔsE)gb%LKo,5"i)IҒ:ChifXfY"JUqm PF\KI3{AJ+^+P#O;TBK.eMV*QWQh2ߵxg",rLe6MU;)n&4e-pq7afznƶç5ޚ0+!B[KžyN~uyy5ZwV!yϙ2de_*:?O[i^t^ј&0E8qW38c噣Ӣ4gyN&9oUo6$~_ ~@K ęV"]&90| IT!yրO|U<bAmV|\ɶs 9T)~}\wP|<$㽗9|mdZFg3tfKo{0ͻ 1D-!qAM|-"ynk.e}%,{ Behyo0|Q%x$|qf<3o] pWu^ؖd?۲8fЀ\Eq%nFbdGu[=՟*LҐtuкL5 M fäi=4FS\43ui:d%=g{ٷPӝ{{ヘ࿦Q?mb2 Df՗ycQ5\f/Wfɶ}_fw,ջx9k}l;Geׁ~r3U*ZF͂UΡPNi_+dzӞ&Bvhw ј-bJu] -&3 2_T̈h }AX8cT*L8V5t.V ~X7GY[lZ2bVbWHkdb>2| _R̆xr C ]g(OkY,hKA[|]֝ːPӗm1MEȡ;W&x/rQ/"ԫSWDk8Z'DY> |'R/#9ݹΕo< ߈Hwh`68o}&GwMp ˫Sa>ttVKct\ЪGԽsU.7W꾚Mj*_6UbU@f#t^jո0_ ߡʊ%Z>P Zz̼U_ ת .כ$NMXu?_NR'hбtd<:vX J5q^M?wfW,Mߙۨς;^^}{Tc=2{;dc8_4qqfWyi7ժRِYM@1.k1ᚖ>d3VqL g[ۇhXҌXG5Xc>AFԲԽ)w'Ϛ>Gh\G`נ @“s/@*<[F)s`xxrOcץa*ze Ȃ' =JH* EHg[d-҆o"󸛰a%M^૸Bz+cBoJqҤ:} x},R65tkѼoXijhnw(hd\$켃DvMl},i?Apvl9!v6XQvfag-r;BkŦ駲:cmЦhmGA~l9hì&l\1JAя,>[WצDZO:WK\M+>~Z4Ig7fkk%S~C@{\bb%A|IO2 F.FHVA~2 #m-;HmaӴ\ZT̽?|=)r v?=nWۋFzMSoAeo%Eǐkk%>Bǝ+ ӳ'<.g@Z5V[Ֆ5F7֐Un1]/佲 ߛl5+D9gTu^*pokV}?W>v141}*#z?$9%,i\^''쳍pq.usu ceS M5f}*usA^~g"EkAuֺ-꺻k.)|!ub$ya aRV~_$=;a@Cbo#C_}8x婜9^-'u)2L tY/ezV)~ k4kb;Oogr/7'̗؃l<;Gqe/Z nMMg}bmMk-0J_Ka2X;5F^}hJEX[s HC8Q7ƍR6>zysdD9>†jdp^6PbP57۰Rlci5:ky75j| &F[m1bz5ZYUqVkzb}ޏU9lA&S}X9-}:kZ"҆dp>쳨-}jx &gd Yy%e(%{μ׵:,&wdh6+Ag!'EI.zdu aJw'jO] 9~#j,y~J$su_qWBGE|]G^ a" B]#4g#,a.aSCåC7U<\$^_uy>йzN2Ԙ*sMcCuSrxK$Fu #9v} F?,H>,?&9Zh^oo1:̅3k*' -aލ@Kw_W_Ot4"V %/ "3䗀}j5?3=|1@vי! y9U\#njo嗬OE=&5rcHK C3-pl> "drOtI!N> Ʉ2ӭbN-ys?*Vy5ZQ_i_˾,{COKa2_xO!3)^w@:kZC>ȳJM?6Z/rQ* }im[f1W ZV ,Gѧu^ouW d8aGk3ur\=urŐ'E}@TOX'Wq:x]KF>ukI>u; mJ~0#[Dһ,ь2_q##Đ'YⳀlSd;  -avܯ jaF?ʸևmGZZ^/3X/1@T "> @sv+zx{CVVd6R.@v*2wl6EPa4XE-9hXZFzcdU@(\"s`ȗ76 2#rŽQNȺwc4 HGJU(xXJ}r#Sqr ;S@bDqkl(5mBb w(O}^䣀lWdL^r(f1;K~EŪN> k1'ma7ZC6l y 7¸Co_ ;@&ԫw1GQ,f)M'7S,"C9FLx4~>V1O`?v̱t,ܼS3fJ5H4) Q]FG ׄ+qRѽ y ' a}ᑽCCz#8t,(8xe#es0<Tkdx֤>[,I W弲Cpb5q21jˌ[t}_Y8ԈAXY-J"ƲY+J:xVTwI_[CW0ҽիp{1SԩSjGB.;fr*`$payhpWAr>Bl7!}ht*l: b)3gt;W.M2kB *'p_rN%Nf^1;wߥ;%*8 FCks#c8OFz@Â#s'~`!Tո7` k 8,'t?jⶎ_0{];&SX}D:t}!) j bVJ.}3㱢7=~㾲7wL׍W640m4q% 1K/k&zйlk1$m&Е:)QȍP(|i!B`СJF)tgȻ-1h,ykZ5f B fI_fwR3128~C˟pqkt.?;]H=gF bT` CﴇIcA-9cq+kh秕ԮХV8;[cctt(/Q='DP ] 8;48oY`A VyT(4ւ^DɷTDmCM vJ o3&)dRgIIv"cĕCڵ]_$Ơa/Gz "4{Zݴܡ`P>1Kk8TJ]:ń4s~QnC7a;RbM}>E!>d.9cpO <@duўh) NȁV WO杲Jv]bT3Ibrgv !˙ۣi-"#凭N>ݭ9kʅԌSzϸiTNSCuq!*oaOi hJ&cn=.kfB 7d.g;rCE_ aƻjU(A ]/(^(Gkxi ,&^dX3Rlm\[!}KSwuwƈ#`L@#b$=OA`̛쇡Gxñ1W \hC)EZ9bIʊ,5R CPUJxU6.DO8wa^! 'X:tFhBJDuGHpȊ9~LEZHUmkˤ R "$5W'uYa*9m\PuYI;]y`U` r~23swШB6eʇLݣ 'YKװ;u?}RY>PKսwPK-/_V unsigned/%5BContent_Types%5D.xmlN0 _%5)BmW9,`RmDIXv%h8z' _ Vto@a*d'l0RyY}[ ?}x?lzPKI<PK-/_Vunsigned/AppxBlockMap.xmll]o@7`K ⦴񛂨 qc<':K;QM@":Oh = ^b@(xK,wZ=eA` <ǫ,ù1O\UX"+v"о1!Ix|4p֒SN"bPBgK7^eOlx&3{d54d|y05'3pcːܦ G?KNJ7OhjsaF:$LbJخC:ٮRںPU^u}С\W5Wۄoq>F֡Yй.t&VQ>gvL: V{#%tdUQ)umW3;:jP8Qڄ;n p,\Jv{}DH隒TYq8>O&.xzPJ_Fo͞=t<Օ/;㭣- ZB"^DnΔ RUM3!3vr)m$Zw{tNP؀Cw&\K) Ӝh+_љIo `[FRiMq~㖡?/PKJ؅qPK-/_VAppxBlockMap.xmlT[s@}LCrA-/%M+@h&yh~^\qhKqB ,L\L&4>,C3NdI^]~pъ mA_xb MI;iZuA~,vR94,HpQ\!q֯. "/|^DbR#*CMSDP9y\f>5Y65UW*b ghB]~^l0SPI˿rcߘ]#A cwx/@9\P薞-@{~ ¥?@QOlHꙍp3_-o#ɺS \f;DۦN˯3@+˚8]t[S4jBlR^X)8R7.n{wz;v͸*QҤ IM4W̛._ ?]{.GF1)\+#y#{Oh{;!"O>Ei8SР3% k9t=- &5U_lpS1jԼަ}mRb,mk}Ȼ33ӠǓ\[l@CxY/PK{vDuPK/_V=34[Content_Types].xmlN1&Cӫ=1,DQc;, ?i\z|߯?l˖:qM'5gihÚ0?YL,.|FnLj]L}@@͡Ay]J8EKMCFUs5 (eW٤k=h. kƖ ~"t2N ~A~Oؑ, -GBg-ol L19;k!CQ 4hQ?nM:@yODC+uS$Te4|PK/_Vc$ AppxMetadata/CodeIntegrity.catV{4[w^3%$$[* &&q̩ʗK$2ܢS&\8 B83*Yg}k}g}k?{~{?E$`E֥ؤ̑`aaa aE|Rl`*E`!i&Fa߄D,èxՎ9uPT IG2`;] ģzDvL'qӒ r<|ɂ(%1 BZ,%q:tynꐧS GzM}z@gFWE"̡(OGPqQ ҇6@:qXbœ!A`Y% iq*o #`? ŸXIiY H :x"1,228O%+E@ңh{h~(ZXytT`Gs!ⶇE)YEِX;K,mhBQ,XeqiŰ`1  7+ͼ3sݍFb;Sl-< bnő'~q9E~ΔNvO,,Ԙ)ϸ^:P~gJNH1Iv=c?jW&t,ЖkUszkOrm57_9[/-]1oJCcgxݢ;&mEr7}$Zpaq͜a,URd ܬ̶pF`2`,:e*H"* ! G ͇E؃w} ``XG?aCG=PǑdVA &X1 a ИCG,Mjlokf*w^BPZ2kM{vYfLx6,=P^^s9>XEUqL-j=!~Z)o<4nQSj_:4A?W5nҖѫ! |bksmIj 6+b4Xm ɺ&,PF-Tde:V{UFbս|d=}j8rIssy3TYSntNoHTgz^!/.rUfeW^5_ѭYGn atEɉoB_/IGRb,w8#3x*Y},-t3j,%$yKtϥe$͡Ww2Pue+:7namt\yNc丼pmIM`jbD7u^ ՜*q”j*^ʍNr HnNOwN*imѵa7Aqqr$`7iL/{ +oYuՠF{R]ȑc/'vt@{ (uDx=w˺jŽi@V5THa%$`xU ?;II䶯S6*z4>ΗT>ȓK3]ЈZ21/Rt̡b.!m^fNf!J|k;ϋ% A`"Y@bÐ KJN ė@]Rz"<%JIľhnXc3d ZV4vAy[BO~!UCa/ri Ck+4|)[e`>cj;R=]2 .nj,&:ovŭbj>95pʦ$6yE sHnfJ<}e}1nݽb뗆j|v,3w'j-:[M'Fj*74L}d^v/O~,ѬCYhc+ןڞ_ ^!U`st I+ )@ۑy^aA/ A]_-יٹٙfulx9F񾰫gj!&nfF[rd$y2*5wXHu1DjŊg[Sndap 䨃Ja9grMr9YwO037l]*bU gK^WΗenGgk6ui&઺u[X!q bB XV!`[UBضkC7 k A-08Qh W@pr`՟jkJE~25D$2F Cp4J15.㼟CX&?,}^Y2$D &$ @nv93!n!a N+Л۽8Z-9tJl_Gzbp32aa zy_AgD\~!VxhC|+;Zq8(lҥ6Y7%g5LR^&l\-L RD; #}:9]4+Nh\nt䘆b< ) @L|Ƥhbphi5R\Wo/;2r\ƫ׾Ѥ;k5Z(տ*vY'dSblΛx Qf,lq44x Ej}M4b_(v§xLf$1\CB Lw JM}~r&dԓ޻I7JzS'A98/BvߪC:[s=8c`#bn@=YEEF AspCz>aX|"j#`h4_1~sS(o3M*oԚڣR\C'زܑuq2(:˥[},_%ߪ1>®rV֏.z;df`ޯ^+-iO*$sÑf3C=lmnzbV/{Wwi #4҈i5k Y*EV" R˺Wȕ*ʴpb}T+@iiB;\ynU̇3PK--/_Vսw unsigned.exePK--/_V.icon.pngPK--/_VG/ unsigned.appxPK--/_VJ؅qVunsigned/AppxManifest.xmlPK--/_V.Yunsigned/icon.pngPK--/_Vսwounsigned/unsigned.exePK--/_VI< unsigned/%5BContent_Types%5D.xmlPK--/_V$d5-unsigned/AppxBlockMap.xmlPK--/_VJ؅qnAppxManifest.xmlPK--/_V{vDu9AppxBlockMap.xmlPK-/_V=34 [Content_Types].xmlPK-/_Vc$ Y AppxMetadata/CodeIntegrity.catPK-`V CAppxSignature.p7xPK,-- Q5PK PKPK  PK-`VAppxManifest.xmlTO0~彖Y5UI EBjY5<Z$v߹MJS%;wIΛ$`*hD (WR)n}gd/`@+ҍs1+6PqURmEBWu*ckՊ;L^Z;iy!4x@ezF8H`pQI4D n R-,BN|D#dKi7`R:KߠU]B`6$Mqr-w0$?~Ggd>pcːܦ G?KNJ7OhjsaF:$LbJخC:ٮRںPU^u}С\W5Wۄoq>F֡Yй.t&VQ>gvL: V{#%tdUQ)umW3;:jP8Qڄ;n p,\Jv{}DH隒TYq8>O&.xzPJ_Fo͞=t<Օ/;㭣- ZB"^DnΔ RUM3!3vr)m$Zw{tNP؀Cw&\K) Ӝh+_љIo `[FRiMq~㖡?/PKJ؅qPK-`VAppxBlockMap.xmlt]s0wf^:K@>*;U zB$h@hbvmw2{sNn,N ]QdQШ+>Q!L]2[;e(\hwŸ(p r)#8by^ 82x⪪J1j 5и7|1lxw')aTRRN"C XV䥹3 Eoky]Xˇi˥uyT*،NFw:݋*˝|4ROI6wAEF =z{pcːܦ G?KNJ7OhjsaF:$LbJخC:ٮRںPU^u}С\W5Wۄoq>F֡Yй.t&VQ>gvL: V{#%tdUQ)umW3;:jP8Qڄ;n p,\Jv{}DH隒TYq8>O&.xzPJ_Fo͞=t<Օ/;㭣- ZB"^DnΔ RUM3!3vr)m$Zw{tNP؀Cw&\K) Ӝh+_љIo `[FRiMq~㖡?/PKJ؅qPK-aVAppxBlockMap.xmltYHF'b<#$;ewȢ / Bb&G|ޗm(qN&C0x2Oi8(+D(I8|�L<6xԓr2LEAfg8(2qgZMoe :*;_q4E8L8 32i8XAr'%Ixm8px' %??&ø:KxтDs/+[l*QjT2WGW 24Ԕi82k_`i#'w%qH} vW N,aG&?sx/-.2VwCCz%U}Qw1W0S [&f#d|#I'=Ie-J%fKOKLCծ +,fSKPgkgVynx{8@dsI=]X#8 mp"*jpo;;hxƫzr83Yo[x&(j#/Bw2Vtv9_lWP㮌aV/K5 J5YJd/д9`m~klwV6{!ځ:ݕke5~,g;^d5IM% !t:ƕ5E, +7 100.Fileunsigned.psc10U +71G0E0 +7010  `He )[SwHg ִ&CA^1<s0 -,{8,c!J{e3C3Yw) QX10 +7 10< +7 1.0,Fileunsigned.exe0 +71y0u0> +70.&"մ$fڎ` 10 +71C{~G@?Y[ᄦb7,dZux;pnq ճ Q_ SLz; O6orcId&y Hr[hO廙jrW6xMsgoaoj;YN۪؇[Fc7xcOqNX%(ViC5`-cJh&a8|sty?1/f)<ij:ڭ w?xm1 rW0K-rv16>| C=QU/ t?0x8眎(jydA[Q^w0SX+=s9Wc8DI,01rpUދ;UoK(# ENR$Vk%?iM|g(7@ObU3P򳛕3>ӥqܽ$0p=z;Dq-ʟ"X" ۾ysswi}ܟ8XofkOX||zڽH, /x%bn L[bs.NazRGX0So^b2 X4a-GAf#Л CICzFpnP"sV/Ed[t8QdN'h ԰^Ļv?Ta 0@{?<ĤcRDZCff^= 81pZ䑤̽ښ}_ ǟ/of'iL"ao7'}iD7OB;jJ==j`{yd cij3F /׹hxQ/Ie; o* `\010  `He -,{8,c!J{e3C3Yw) QX0 n 3脎]&@vqR10 +7 10. +7 1 0File unsigned.msi0U +71G0E0 +7010  `He n 3脎]&@vqR0*/źgmգK^10 +7 10*AZhFSJ!>10 +7 10*ǚ8 yV8Ȳ10 +7 10 #` 1rLqgIuCzW :{10 +7 10< +7 1.0,Fileunsigned.ps10U +71G0E0 +7010  `He #` 1rLqgIuCzW :{0 klnz2M&W l610 +7 10< +7 1.0,Fileunsigned.ex_0 +7100V +7Hմ$fڎ`41200 +71" f3,k8MZ~pȡYYl\7010  `He klnz2M&W l6ꖠ60402 +7 $0" OSAttr 2:6.01osslsigncode-2.9/tests/files/unsigned.ex_000066400000000000000000000001701464004761700206440ustar00rootroot00000000000000MSCFx,lDTs tests\sources\aDT's tests\sources\be f a b osslsigncode-2.9/tests/files/unsigned.exe000066400000000000000000002736261464004761700206740ustar00rootroot00000000000000MZ@ !L!This program cannot be run in DOS mode. $PEdW8a' "l @ 4@(.textkl`P`.datar@P.rdatat@`@.pdata@0@.xdata,@0@.bss `.idata4@0.CRTh@@.tls@@/4@PB/197 8@B/31.`@B/45p@B/57@@B/70@B/81h@B/92P@Bff.@H(H1HHH܇Hf8MZuHcPLH w/ff.UAWAVAUATWVSH8H$=2tHe[^_A\A]A^A_]DyHHHH L%{H{޵H)HD$ HӵLH)H~H +CSH L9YL-{I1@HIIIHH)ID>H L9scsSLLL8 t9HIIfIHH H)I.fD>L9rD޴H5?1LeDHHDEt HPHHMփH(;=|_DutC KS H f.@|HHH)IL>fDHL HIHH)I\D>@L9L5 zsD+HLD.H(D.L9rH uH huHXHųHt,$L$ HL$ HT$(T$0\$8D$@АHXff.@H yWATH HỈ CCG ==vDs? w*H+uHcHf)V@H A\@=v;=t=u41ҹUHHtи@=tH²HtLH A\HB8y1H A\1ҹ|UH:HtиA@1ҹLUHuԺ7UD1ҹ UHt1HL иT TATWVSH(H HñHt2H=H5 IօuMt HCLH[HuH H([^_A\H%DWVSH kHօu H [^_fyTHHt<8H PHp HH 8HHC1H [^_ÃSH ˅u1H [H H Ht*1HHtH9HAuHt&HBSH 1H [HiSH tFw,tPR@H [Du%t4fH [ËuVuHHtHH[RHuH HhfH <1f9MZuHcQ@E@%L$AHD$HLL$0LL$DDD$(ID҉L$ H YHD$8'HX@D$DE1f=tBzfLH %D tD$DE11rDD$DBE1T@D$DAÿ=ff.fSH HӋR@uC$9C(~L u HcC$A C$C$H [fLLC$C$H [fAVAUATUWVSH@Ll$(Ld$0LH͉M1LPCx9OC 9C DUMLHP~~LMt@HcC$A C$C$L9t6SH@uC$9C(~NL tLKC$C$L9uʃuC PS ~fHڹ C PS H@[^_]A\A]A^)C C u+C fDHڹ sC PS u C C WVSH A@HΉLÅx9OC 9C CH#HcC$ S$S$H9tDCH@uS$9S(~H tJS$f.HcC$ S$S$C PS ~.C@uS$9S(~H tʹ pJS$C H [^_@)C ‹Cu)BC Hڹ 3C PS uS ATSH(HhIHHHcRLDLx%IHILH([A\IfH8EHA@I҅tID$,-HL$-L\$,A 1AD ȈHHuHQLL)-H8AtD$,+HL$-L\$,fDA@tD$, HL$-L\$,fL\$,LyUAWAVAUATWVSH8H$ALÃo9ExAxEAIǃDk D9ALHHHAH)Ld$ LHEA fDDH!DP07D EA:ABHFHuL9EHEL)A)EIcH0IHGL9HL)D9C Ao!AC QI9{EuHcC$ C$C$L9v8{H@uC$9C(~ށ HtGC$C$L9wE#[@HcC$ C$C$AFE~=AƋ{@uC$9C(~ہ HtŹ +GC$C$AFEHe[^_A\A]A^A_]fAx /AADk MI!DD9ALHHHH)Ld$ AoIALHD{EAfDAoL9\ES0HHL)D9LfDA)ŋ{Dk AoAE~ ED6HF0E!{EuHڹ DAAAL9fDExAxEAIǃDk A9AMHHHH)Ld$ AC 0HfEEu?L9nfEEuI9>ffAx f.Dk D9ALHHHAH)Ld$ D6HF0%=7EMH0EyDMMcMLDDME)EAo-!%=tDk D9ALoUAWAVAUATWVSH(H$DrzEAIHӃt fz <s 9MHHHH)Ld$ @ǀtHN@{HIAMIADMhM9t/Et*f{ t#LL)L!HuI@A,MIfDHIHHLDl$@+$D$2DDŽ$DL$PD$`EEDD)T$`DT$pE1҉D$tD$ A1AD$TD$ >  D$hEAOΉ$AΉ$L$LDT$xA|$LDL$THD$XDT$xA!G D$Tt(T$TIƒD$T)ȉD$TED$T D$pD$DŽ$$Et%Af/f(XX AfH~fH~H @H H ЋT$LD\$L1HCfHnACH$‹D$h  ]A,HL$X^HA\f*҃0\f/%@@I$Q$D9YfHY,*҃0P\f/rf(\f/v}PH\$XH|$PH9VPHHA9tHL$XD$H T$PD$`DŽ$!DT$PDT$pD$tZf.D$ fDT$LA*Y?,ȃ$DT$LHD$XG D$TEX D$p9GDŽ$E1D$LfA)DWAD$D)ቄ$9D\$ AK~A)AD\$LAEEۉ$„t D9\T$`D$PDl$tЉՉD$`DT$xD$hDT$xIą~"L$P~9͉N)D$`)$)ʼnL$PDL$tEt[DD$hEsE~;LDD$LHILHD$x,L|$xD$T$tD)SDT$t#DT$tÃ|$ I!ED$tC E+|$PDD$`A$E~DL$IT$P~ LIŋ$|$ Å5D$LD$LJLE1LHIw$D$pH\$XD$PHD$X1D$H LMtLLH|$(HD$XL$PH|$0HtHD$H fDD$P)‰T$`fA*f.z f/AfDD$TD$ !D$hE1E1DŽ$D$Ltf(XX v<fH~fH~H @H H \Y<fHnf/ fW R<f/D$TED$p9GH>HHED$LY;f/$szH\$XE1E1|$PU@D$hD$pD$D$LW$9@D\$hEDl$tl$`E1dE1E1AD$HH\$XDt$PDLDT$tID$tAEHA|fDD$pD$PD$h/~ LIċD$tMHD$XHt$hDŽ$HD$@fH8 |$ uH|$8Ht$@Hn~ |$T]D$L9$LE1 KE1 LIM9$/LE1 IIƃ$Hl$@LLLLƍX0LLh)HLHD$`LD$`LJ D$  HL$8T$` T$THT$@t$ Ht$hHj9Y \$ 1H|$@D$HLMfDL MHL9H H\$XHl$XfD IID$h4|$ D$LL$t9)A͋D$L L$`D$P$ȉ͉D$`yDLLuD$pE1 LD$@r T$hINj$!ÅTD$pD$P$D$Lf.DŽ$Hl$X|$L%f.LE1 $ILLHX0]9$|1L$TAGU EGEtAHL$XH9PHHE9tD$H %DUHHE0t D$hDŽ$HcD$pH9D$L$DD$pDŽ$H|$Xf(A^DD$PHG,f*ɍQ0Y\f.l6$;T$LYÃH$f(^,f*ɍQ0PY\f.zuH\$XHD$XT$tLDT$x DT$xIH\$XHl$XLDT$t DT$tI+T$tE1D$tA3HD$XD$PD$H 1LLHIUu  AGD$H1H|$@D\$Tt$ Ht$hLOLEUA|$THt$ LLLt$@O_E1H I2 I9L LDE1HH LHHIX0HLHLt$@IHt$ 9D$H LMHD$@k|$T*H\$XHD$XD$H6YHD$Xf(E1DŽ$D4f.YʃEȉ$,хtfE*\H0P$D9uE!4f(Xf/\f/f.H\$Xz f/D$HDEHH@z0tHT$XDD$P[DŽ$l$`+l$LpL$LD$E7YO3 O3YX F3fH~fH~H @H H AL$IT$IHHIcD$L L I'G;D$@D$`D$PD$tD$PH\$XE1E1AHt$h9HD$@LD$H MELHt$hMG9D$@?A)DWE1AD$D)D$L$DŽ$9D$P1HL$X0~7L LHI 9t-\$ D$T 1AeLD$HMHD$@LHL$XM99D$@D$p$D$LH\$XHl$X$XPf/f.H\$Xz u D$Hf.ƍ}H\$XHD$X|$Pf/D$H}H\$XH|$Pf(LE1 IĄ:D$pD$P$D$LAODD$HD$HLPH\$XHEWE+qLMH\$XHEOLMEtAD$Hu JD$T QD$HDEWD$TD$HSA~ AEMATUWVSHcYIA9~LaHcMI4A~Dɿ HVD)AI9L@HHDD FDBAI9wH)IDDEtBH<ABAB[^_]A\ÐLI9vI9wH)IL)HABt[^_]A\DABtLff.E1HcQHAH H9r)f.HA H9vtH9vADÐVSH(t΃t{t9u#H{DӋ{tttOH([^f.UtuQH6{H StH rtH a"tHcH(tHH H([^H%ztsXqs@SH st H [DHuzH sH sHH [Hff.VSH81 ~LپHcH #HH!6 Ht=:sXp t5H@H8[^HrHcHHt-L=sLuHD$(H syHD$(@پHBL{iHcHH#L)HHHH 2HHMff.ATH IHt:y ~ H A\i 1IcT$Hq=FrH L$I $tH A\ÐH 9rH A\H%yff.AUATVSH(qIIcHc1ADHHADHHH 9MHtA9t$ ~!HcƃMA\At$LH([^A\A]AD$HIHtHHIcD$IT$LX LMSH01HqHt.H=HD$>LLDILHۉ|$(ID$ L eLLLE&HH@[^_A\A]AVAUATUWVSH@HdMMIHLDLtHHHMtpE1HuJfDHHIIHHL9v-|$(IMLl$ M)L9v uHLH@[^_]A\A]A^f.1AHt$>E1fD$> @HHIĉ|$(LMMl$ H륐E1ff.ATWVSHH1IHLfD$>z{Hۉ|$(IHcD$ HL$>HDLIHHH[^_A\ÐHXHfT$hDEufwYHXfHT$LDL$(LD$hAHT$81D$LHD$0HD$ itT$Lt*HXATVSH0HIHD$+LDALA:HH0[^A\ff.@AVAUATUWVSH0E1IHLA2I4$AHtMHtaHu'HHIƀ{HL9vmEAHILH0[^_]A\A]A^Hl$+HcЃHIր|+t>HEAHYI4$f.I$IfI뉐SH DHIHHH [ÐHaHHvaÐSH H1H9rH9vHK0H [H%gD1IHL)HiHKH [fSH H1AH9r2H9vHK0H [H%IgDc1 H)Hi۫KH [0H HÐH HÐH HÐ%g%g%Fg%&g%g%f%f%f%f%f%f%f%~f%nf%^f%Nf%>f%.f%f[{@ {@@ÿ?@y@z@z@z@ z@z@{@{@Hello world!@AA@@@Unknown errorArgument domain error (DOMAIN)Overflow range error (OVERFLOW)Partial loss of significance (PLOSS)Total loss of significance (TLOSS)The result is too small to be represented (UNDERFLOW)Argument singularity (SIGN)_matherr(): %s in %s(%g, %g) (retval=%g) Ȇ|Mingw-w64 runtime failure: Address %p has no image-section VirtualQuery failed for %d bytes at address %p VirtualProtect failed with code 0x%x Unknown pseudo relocation protocol version %d. Unknown pseudo relocation bit size %d. #(null)NaNInf(null)˵@|G`|Դ D|0ɶ*bhL²۱hhInfinityNaN0?aCoc?`(?yPD?}-<2ZGUD??$@@@@?}?$@Y@@@@j@.AcAחAeA _BvH7BmB@0BļB4&k C7yAC؅W4vCNgmC=`XC@xDPKDMDؗҜ<3#I9=D2[%Cod( 7yACnF?O8M20HwZ@ (Hh ,p01t@xjpapsxbpAP\` ( 8 D !L!!T!"X""\"(#h0#i#lp##p#$t $$x$n%|%%&' 'w''((**W*`* ++/00033@5@5899$9:0:x;<;<H<;BT@BKhK'L0LLLLLFNPNeeffSf`fstrlenAstrncmpcvfprintf}wcslenKERNEL32.dllmsvcrt.dll@@@@@@,@,)p%@2))GNU C99 10.2.1 20200723 (Fedora MinGW 10.2.1-4.fc34) -m64 -mtune=generic -march=x86-64 -g -O2 -std=gnu99 -fexceptions --param=ssp-buffer-size=4 ../crt/crtexe.c/builddir/build/BUILD/mingw-w64-v8.0.0/mingw-w64-crt/build_win64@charsize_t(,long long unsigned intlong long intuintptr_tP,wchar_tgkVshort unsigned intintlong intunsigned intlong unsigned intunsigned char_EXCEPTION_RECORD ExceptionCode ExceptionFlags ] !ExceptionAddress tNumberParameters ExceptionInformation @    _CONTEXT%P1Home dP2Home dP3Home dP4Home dP5Home d P6Home d(ContextFlags 0MxCsr 4SegCs 8SegDs :SegEs <SegFs >SegGs @SegSs BEFlags DDr0 dHDr1 dPDr2 dXDr3 d`Dr6 dhDr7 dpRax dxRcx dRdx dRbx dRsp dRbp dRsi dRdi dR8 dR9 dR10 dR11 dR12 dR13 dR14 dR15 dRip d VectorRegister  VectorControl dDebugControl dLastBranchToRip dLastBranchFromRip dLastExceptionToRip dLastExceptionFromRip dWINBOOL BYTEWORDkDWORDfloatLPBYTE __globallocalestatus Tsigned charshort intULONG_PTR1.DWORD64.PVOIDCHARLONGLPSTRPHANDLELONGLONG%3ULONGLONG.EXCEPTION_ROUTINE)"ttPEXCEPTION_ROUTINE >_M128Ak(tLowlHighmM128AnDtt__onexit_t2doublelong doublef _XMM_SAVE_AREA32x ControlWord StatusWord TagWord Reserved1 ErrorOpcode ErrorOffset ErrorSelector  Reserved2 DataOffset DataSelector Reserved3 MxCsr MxCsr_Mask FloatRegisters  XmmRegisters Reserved4 XMM_SAVE_AREA32 Header Legacy Xmm0tXmm1tXmm2tXmm3tXmm4tXmm5tXmm6tXmm7tXmm8t Xmm9t0Xmm10t@Xmm11tPXmm12t`Xmm13tpXmm14tXmm15tt  FltSavex FloatSavex  t. PCONTEXTRP EXCEPTION_RECORD PEXCEPTION_RECORD  P _EXCEPTION_POINTERS  ] j ContextRecord .  ! "Next03 "prev 03 _EXCEPTION_REGISTRATION_RECORD3 # #9  ! f "Handler ""handler "! "FiberDatat"Version _NT_TIB8#4 ExceptionList.3 StackBase tStackLimit tSubSystemTib t#f ArbitraryUserPointer" t(Self#4 0 NT_TIB$ PNT_TIB%[ : _IMAGE_DOS_HEADER@e_magic e_cblp e_cp e_crlc e_cparhdr e_minalloc  e_maxalloc  e_ss e_sp e_csum e_ip e_cs e_lfarlc e_ovno e_res e_oemid $e_oeminfo &e_res2 (e_lfanew < IMAGE_DOS_HEADERa PIMAGE_DOS_HEADERa _IMAGE_FILE_HEADER+Machine, NumberOfSections- TimeDateStamp. PointerToSymbolTable/ NumberOfSymbols0  SizeOfOptionalHeader1 Characteristics2 IMAGE_FILE_HEADER3%_IMAGE_DATA_DIRECTORYh^VirtualAddressi Sizej IMAGE_DATA_DIRECTORYk_IMAGE_OPTIONAL_HEADERoYMagicq r s t u v  w 8x BaseOfDatay z {  | $} (~ * , . 0 2 4, 8 <  @ Dm Fh H L P{ T XI \Y`^iPIMAGE_OPTIONAL_HEADER32 |_IMAGE_OPTIONAL_HEADER64[Magic        8    $ ( * , . 0 2 4, 8 <  @ Dm FhHPX{` hI lYpIMAGE_OPTIONAL_HEADER64PIMAGE_OPTIONAL_HEADER64 $_IMAGE_NT_HEADERS64Signature FileHeaderOptionalHeader[PIMAGE_NT_HEADERS64#PIMAGE_NT_HEADERS!PIMAGE_TLS_CALLBACKfDl%tt &HINSTANCE__'unusedHINSTANCEPTOP_LEVEL_EXCEPTION_FILTER LPTOP_LEVEL_EXCEPTION_FILTER %&_STARTUPINFOAh 3'cb 4 'lpReserved 5 'lpDesktop 6 'lpTitle 7 'dwX 8  'dwY 9 $'dwXSize : ('dwYSize ; ,'dwXCountChars < 0'dwYCountChars = 4'dwFillAttribute > 8'dwFlags ? <'wShowWindow @ @'cbReserved2 A B'lpReserved2 B H'hStdInput C P'hStdOutput D X'hStdError E `STARTUPINFOA FSTARTUPINFO ](tagCOINITBASE )COINITBASE_MULTITHREADED*VARENUM s)VT_EMPTY)VT_NULL)VT_I2)VT_I4)VT_R4)VT_R8)VT_CY)VT_DATE)VT_BSTR)VT_DISPATCH )VT_ERROR )VT_BOOL )VT_VARIANT )VT_UNKNOWN )VT_DECIMAL)VT_I1)VT_UI1)VT_UI2)VT_UI4)VT_I8)VT_UI8)VT_INT)VT_UINT)VT_VOID)VT_HRESULT)VT_PTR)VT_SAFEARRAY)VT_CARRAY)VT_USERDEFINED)VT_LPSTR)VT_LPWSTR)VT_RECORD$)VT_INT_PTR%)VT_UINT_PTR&)VT_FILETIME@)VT_BLOBA)VT_STREAMB)VT_STORAGEC)VT_STREAMED_OBJECTD)VT_STORED_OBJECTE)VT_BLOB_OBJECTF)VT_CFG)VT_CLSIDH)VT_VERSIONED_STREAMI+VT_BSTR_BLOB+VT_VECTOR+VT_ARRAY +VT_BYREF@+VT_RESERVED+VT_ILLEGAL+VT_ILLEGALMASKED+VT_TYPEMASK_dowildcard`_newmodea__imp___initenvi,y 'newmodez _startupinfo{-&)__uninitialized)__initializing)__initialized. &__native_startup_state+2__native_startup_locktz/_PVFV_PIFV_TCHAR__image_base__/_fmode8 _commode9 0__xi_a@$__xi_zA${0__xc_aB$__xc_zC$__dyn_tls_init_callbackM"amingw_app_typeO 1__mingw_winmain_hInstanceQ  @1__mingw_winmain_lpCmdLineR  @1__mingw_winmain_nShowCmdS @2argcU  8@2argv[ 0@2envp\ (@3argret_ 2mainret`  $@2managedappa   @2has_cctorb  @2startinfoc @__mingw_oldexcpt_handlerd%1mingw_pcinitp  @1mingw_pcppinitq{ @_MINGW_INSTALL_DEBUG_MATHERRs 4mingw_initltsdrot_forceX 4mingw_initltsdyn_forceY 4mingw_initltssuo_forceZ 4mingw_initcharmax[ 5__mingw_module_is_dll @6atexit@07func{8 @=(9RR:duplicate_ppstrings ;ac&;av2check_managed_app^ X86_TUNE_AVOID_256FMA_CHAINS?X86_TUNE_AVX256_UNALIGNED_LOAD_OPTIMAL@X86_TUNE_AVX256_UNALIGNED_STORE_OPTIMALAX86_TUNE_AVX256_SPLIT_REGSBX86_TUNE_AVX128_OPTIMALCX86_TUNE_AVX256_OPTIMALDX86_TUNE_DOUBLE_WITH_ADDEX86_TUNE_ALWAYS_FANCY_MATH_387FX86_TUNE_UNROLL_STRLENGX86_TUNE_SHIFT1HX86_TUNE_ZERO_EXTEND_WITH_ANDIX86_TUNE_PROMOTE_HIMODE_IMULJX86_TUNE_FAST_PREFIXKX86_TUNE_READ_MODIFY_WRITELX86_TUNE_MOVE_M1_VIA_ORMX86_TUNE_NOT_UNPAIRABLENX86_TUNE_PARTIAL_REG_STALLOX86_TUNE_PROMOTE_QIMODEPX86_TUNE_PROMOTE_HI_REGSQX86_TUNE_HIMODE_MATHRX86_TUNE_SPLIT_LONG_MOVESSX86_TUNE_USE_XCHGBTX86_TUNE_USE_MOV0UX86_TUNE_NOT_VECTORMODEVX86_TUNE_AVOID_VECTOR_DECODEWX86_TUNE_BRANCH_PREDICTION_HINTSXX86_TUNE_QIMODE_MATHYX86_TUNE_PROMOTE_QI_REGSZX86_TUNE_EMIT_VZEROUPPER[X86_TUNE_LAST\ix86_arch_indicese[ X86_ARCH_CMOVX86_ARCH_CMPXCHGX86_ARCH_CMPXCHG8BX86_ARCH_XADDX86_ARCH_BSWAPX86_ARCH_LASTsigned char__int128__int128 unsignedcomplex floatcomplex double complex long double_Float128 complex _Float128func_ptr*t __CTOR_LIST__/ __DTOR_LIST__0 t  6 @ 7 p@% $ > : ; 9 I&I I : ;9  : ;9 I8  : ;9 I8  7I 5I   : ;9  I 8 : ;9 I 8 : ;9 I8&4: ; 9 I?<: ;9 I'II  : ;9 : ;9 I I !I/ I'I' : ;9 I 8   : ;9   : ;9  : ;9 I I ! : ;9 " : ;9 I# I8 $ : ;9 %'& : ; 9 ' : ; 9 I8 (> I: ; 9 )( *> I: ;9 +(, : ; 9 -> I: ; 9 .: ; 9 I/50!14: ; 9 I?24: ; 9 I34: ; 9 I44: ;9 I?<54: ;9 I?6.?: ;9 'I@B7: ;9 IB819B:.: ;9 ' ;: ;9 I<4: ;9 I= >.: ;9 'I ?.: ; 9 'I@B@4: ; 9 IBA UB1RB X Y W C1RB X YW D1BE41BF1RB UX Y W G1H1RB X YW I 1UJ1RB UX YW K1L1MNO.?: ; 9 'I@BP.: ; 9 '@BQ UR41S: ; 9 IT<U.?: ;9 'I V.?: ; 9 'I 4W: ; 9 IX.?: ;9 'I Y.?<n: ;9 Z.?<n: ; [.?<n: ; 9 \.?<n: ; 9 ].?<n: ;9 %% $ >  I'> I: ;9 ( : ; 9 II ! 4: ; 9 I?< !I/ 4G: ;9 I ../crt/usr/x86_64-w64-mingw32/sys-root/mingw/include/usr/x86_64-w64-mingw32/sys-root/mingw/include/psdk_inc../includecrtexe.cstring.hwinnt.hintrin-impl.hcorecrt.hminwindef.hbasetsd.hstdlib.herrhandlingapi.hprocessthreadsapi.hcombaseapi.hwtypes.hctype.hinternal.hcorecrt_startup.htchar.hsynchapi.hprocess.hwinbase.hmath.h @K {y.gtwB J=~sggXXZ$t]mJ ~ ~XK yE <a  t3@ {tK  u. xtw x   u  X ut . . % . .!YY xp@ZZ  GX9.?;t tuJ <Z  KIw!Xi t5tr>  K ~<K ~X~< ~JX ^Xut`dh dh!jJ  o] .  ./h  u ZfJg~ K Z6 K Z6K )Xc; ../../../libgcc/config/i386cygwin.S p%@""gY0uKgg0=L""rl ../../../libgcc/../gcc/config/i386../../../libgcci386.hgbl-ctors.hlibgcc2.cx @,@.D0 E Z F @@ID@D|@&BBA A(A0A8GK 8A0A(A ABBF  8A0A(A ABBF @D0X@D0X@D0Tx ,`p%@2AAnA__p__acmdlnCheckSum__mingw_setusermatherrSizeOfImageBaseOfCodeSetUnhandledExceptionFilter_pei386_runtime_relocator_setargvSectionAlignmentMinorSubsystemVersion_fpresetDataDirectorySizeOfStackCommitImageBase__set_app_typeSizeOfCodeMajorLinkerVersion__p__fmodeSizeOfHeapReserve_set_invalid_parameter_handler__getmainargs_amsg_exit_inittermSizeOfStackReserveSizeOfHeapCommitMinorLinkerVersion__enative_startup_stateSizeOfUninitializedDataAddressOfEntryPointMajorSubsystemVersionSizeOfInitializedDataSizeOfHeadersMajorOperatingSystemVersionGetStartupInfoANumberOfRvaAndSizesExceptionRecordDllCharacteristicsSubsystemMinorImageVersionFileAlignmentMinorOperatingSystemVersion__p__commodeLoaderFlagsWin32VersionValueMajorImageVersion../../../libgcc/config/i386/cygwin.S/builddir/build/BUILD/gcc-10.3.1-20210422/build_win64/x86_64-w64-mingw32/libgccGNU AS 2.34RR0 Pn000RRx1'n000PPP TT0%VV0_VV0P0T% 0@%VB]BH0HySBHPHU^Tu~Tuys3$}"y}s3$}"u}PU_0h0~PP_gPP>Pp>ppg >`puPuy~fimruuy~.fileagcrtexe.cj  0@P )Ge p@ envp(argv0argc8 &@KPq{0mainret$p+A S.l_endw] .l_start.l_endatexit l.textI.data.bss<.xdatap .pdataT  ) h 0P  `8"`.filergcygming-crtbegin.c/  D0 .text .data.bss@.xdatap.pdataT8.filegmyapp.cprintf@ main .text@q.data.bss@.xdatax.pdatal.rdata 8[ p.0m __mainp @.text.data.bss@.xdata.pdata$  8.text.data .bssP ` 8.text.data0.bss` 8 .text.data0.bssp.xdata.pdata .CRT$XIC( 8_setargv .text.data@.bss.xdata.pdata  8.text.data@.bss` 8  __xd_aX__xd_z`p .text.data@.bss.xdata.pdata$ .CRT$XLDH.CRT$XLC@.rdata H.CRT$XDZ`.CRT$XDAX.CRT$XLZP.CRT$XLA8.tls$ZZZ .tls  8.text.data@.bss 8.text.data@.bss.CRT$XCZ.CRT$XCA.CRT$XIZ0.CRT$XIA 8_matherr .text .data@.bss.rdata@.xdata.pdata ` 8_fpreset fpreset .text.data@.bss.xdata.pdata  8.text.data@.bss 8   the_secs(p  BM~.textn%.data@.bss.rdata.xdata0.pdata$  8  P  .text \.data@.bss.xdata .pdata ` 8.text` .data@.bss 8`  .text`  .data@.bss.xdata .rdata( .pdata8  8   +9 Vi  .text b%.data@.bssH.xdata(,.pdataD0  8.text.data@.bss`` 8.text.dataP.bss` 8    0  p  ,  I .text .dataP.bssp.xdataT,.pdatatl 8.filegfake) .  g.textp2.dataP.bssp0 0 "`H.fileglibgcc2.c.text.dataP.bssp )   `  [ v 8.text.dataP.bss`8k .textG.data`.bss.xdata .pdata 8| fpi.0`     `  0  # /@% D) Z) k* {+ , @2 .text%/.data`.bss.xdata.pdata0.rdata[8; 0< < < .text;V.data.bss.xdata0.pdata0  8__gdtoaP> `.textP>Q.data.bss.rdata.xdata.pdata `8 U  V .textUC.data.bss.xdata.pdata8 `V $  1 > @W P W freelist ] g s X  Y  Y  pZ  [ p5sp05.0  ]  ^  0_  a  b  0c .text`V ;.data.bss .xdata.pdata*.rdata H8strnlen`c .text`c(.data.bss .xdata.pdata  8wcsnlenc .textc'.data.bss .xdata.pdata `8.textc.data.bss .idata$7$.idata$5l.idata$4.idata$6F.textc.data.bss .idata$7 .idata$5d.idata$4.idata$6:.textc.data.bss .idata$7.idata$5\.idata$4.idata$60.textc.data.bss .idata$7.idata$5T.idata$4.idata$6&.textc.data.bss .idata$7.idata$5L.idata$4.idata$6.textc.data.bss .idata$7.idata$5D.idata$4.idata$6.textc.data.bss .idata$7 .idata$5<.idata$4.idata$6.textc.data.bss .idata$7.idata$54.idata$4.idata$6.textd.data.bss .idata$7.idata$5,.idata$4.idata$6.textd.data.bss .idata$7.idata$5$.idata$4.idata$6.textd.data.bss .idata$7.idata$5.idata$4|.idata$6.textd.data.bss .idata$7.idata$5.idata$4t.idata$6.text d.data.bss .idata$7.idata$5 .idata$4l.idata$6.text(d.data.bss .idata$7.idata$5.idata$4d.idata$6.text0d.data.bss .idata$7.idata$5.idata$4\.idata$6.text8d.data.bss .idata$7.idata$5.idata$4T.idata$6.text@d.data.bss .idata$7.idata$5.idata$4L.idata$6.textHd.data.bss .idata$7.idata$5.idata$4<.idata$6.textPd.data.bss .idata$7.idata$5.idata$4,.idata$6~.textXd.data.bss .idata$7.idata$5.idata$4.idata$6j.text`d.data.bss .idata$7.idata$5.idata$4 .idata$6T.texthd.data.bss .idata$7.idata$5.idata$4.idata$6F.textpd.data.bss .idata$7.idata$5.idata$4.idata$6(.textxd.data.bss .idata$7.idata$5.idata$4.idata$6.textd.data.bss .idata$7.idata$5.idata$4.idata$6.textd.data.bss .idata$7.idata$5t.idata$4.idata$6.textd.data.bss .idata$7.idata$5l.idata$4.idata$6.textd.data.bss .idata$7.idata$5T.idata$4.idata$6 d mbrtowc f   f  mbrleng 0 .textdZ .data.bss  .xdata@.pdata0 8< h wcrtombh I h .texth.data.bss .xdata(.pdata$ 8S i .texti.data.bss .xdata.pdata  8c j handler  j  j  j .textj.data.bss .xdata.pdata `8 j  j .text j .data.bss .xdata .pdata88 j  .textj .data.bss .xdata.pdataP 8* k 7 .textk .data.bss .xdata .pdata\  8U k ` .textk .data.bss .xdata$.pdatah `8hnamefthunkT.text k.data.bss .idata$2.idata$4.idata$5T.text k.data.bss .idata$7.idata$5.idata$4D.idata$6.text(k.data.bss .idata$7.idata$5.idata$44.idata$6.text0k.data.bss .idata$7.idata$5.idata$4.idata$6<.text0k.data.bss .idata$7.idata$5|.idata$4.idata$6.text8k.data.bss .idata$7.idata$5d.idata$4.idata$6.text@k.data.bss .idata$7.idata$5\.idata$4.idata$6.textPk.data.bss .idata$4.idata$5t.idata$7( .textPk.data.bss .idata$7.idata$5D.idata$4.idata$6.textXk.data.bss .idata$7.idata$5<.idata$4.idata$6r.text`k.data.bss .idata$7|.idata$54.idata$4.idata$6`.texthk.data.bss .idata$7x.idata$5,.idata$4.idata$6R.textpk.data.bss .idata$7t.idata$5$.idata$4.idata$6J.textxk.data.bss .idata$7p.idata$5.idata$4|.idata$6,.textk.data.bss .idata$7l.idata$5.idata$4t.idata$6.textk.data.bss .idata$7h.idata$5 .idata$4l.idata$6.textk.data.bss .idata$7d.idata$5.idata$4d.idata$6.textk.data.bss .idata$7`.idata$5.idata$4\.idata$6.textk.data.bss .idata$7\.idata$5.idata$4T.idata$6.textk.data.bss .idata$7X.idata$5.idata$4L.idata$6.textk.data.bss .idata$7T.idata$5.idata$4D.idata$6.textk.data.bss .idata$7P.idata$5.idata$4<.idata$6|hname<fthunk.textk.data.bss .idata$2.idata$4<.idata$5.textk.data.bss .idata$4.idata$5L.idata$7 .textk.data.bss .idata$7.idata$5.idata$4$.idata$6t.textk.data.bss .idata$7.idata$5.idata$4.idata$6^.filegcygming-crtend.c| k .textk.data.bss  k ( t  k8__xc_z    & 5 kD Q dj v k xkstrerrorc  _lock(k    P @__xl_a8 k  _cexit`d 3 @wcslenc R j   0k     8 __xl_dH_tls_end ;Q ]Xkj| 8 memcpyc  3LPmallocd k_CRT_MT@~hkT/:8k M@X`kgvX (d 0abort@d +X__dll__;PkeP@$calloc8d @<p|$41fprintf(d OLSleeppk^_commodeo~kl __xi_z00 '7@Upsignalc {Xstrncmpc (kD#D=TJ@X,e~ dd k@k &memsetc 1d@Ult|__xl_zP__end__ k__xi_aPkxd %$1Ck__xc_aXoX_fmodehd ,pd k4fputc d __xl_c@1 ><Qax`|$d  _newmodePd fwrited \"8Pa`tpPkl\_onexitHd exit0d 6Rjx_errnoXd _charmax0pstrlenc k _unlock k />Xvfprintfc freed N.debug_aranges.debug_info.debug_abbrev.debug_line.debug_frame.debug_str.debug_loc.debug_ranges__mingw_invalidParameterHandlerpre_c_init.rdata$.refptr.mingw_initltsdrot_force.rdata$.refptr.mingw_initltsdyn_force.rdata$.refptr.mingw_initltssuo_force.rdata$.refptr.mingw_initcharmax.rdata$.refptr.__image_base__.rdata$.refptr.mingw_app_typemanagedapp.rdata$.refptr._fmode.rdata$.refptr._commode.rdata$.refptr._MINGW_INSTALL_DEBUG_MATHERRpre_cpp_init.rdata$.refptr._newmodestartinfo.rdata$.refptr._dowildcard__tmainCRTStartup.rdata$.refptr.__native_startup_lock.rdata$.refptr.__native_startup_statehas_cctor.rdata$.refptr.__dyn_tls_init_callback.rdata$.refptr.__mingw_oldexcpt_handler.rdata$.refptr.__imp___initenv.rdata$.refptr.__xc_z.rdata$.refptr.__xc_a.rdata$.refptr.__xi_z.rdata$.refptr.__xi_aWinMainCRTStartup.l_startwmainCRTStartup.rdata$.refptr._gnu_exception_handler.rdata$.refptr._matherr.CRT$XCAA.CRT$XIAA.debug_info.debug_abbrev.debug_loc.debug_aranges.debug_ranges.debug_line.debug_str.rdata$zzz.debug_frame__gcc_register_frame__gcc_deregister_frame__do_global_dtors__do_global_ctors.rdata$.refptr.__CTOR_LIST__initializedmy_lconv_init__dyn_tls_dtor__dyn_tls_init.rdata$.refptr._CRT_MT__tlregdtor__report_errormark_section_writablemaxSections_pei386_runtime_relocatorwas_init.0.rdata$.refptr.__RUNTIME_PSEUDO_RELOC_LIST_END__.rdata$.refptr.__RUNTIME_PSEUDO_RELOC_LIST____mingw_raise_matherrstUserMathErr__mingw_setusermatherr_gnu_exception_handler__mingwthr_run_key_dtors.part.0__mingwthr_cskey_dtor_list___w64_mingwthr_add_key_dtor__mingwthr_cs_init___w64_mingwthr_remove_key_dtor__mingw_TLScallback_ValidateImageBase_FindPESection_FindPESectionByName__mingw_GetSectionForAddress__mingw_GetSectionCount_FindPESectionExec_GetPEImageBase_IsNonwritableInCurrentImage__mingw_enum_import_library_names__mingw_vfprintf__pformat_cvt__pformat_putc__pformat_wputchars__pformat_putchars__pformat_puts__pformat_emit_inf_or_nan__pformat_xint.isra.0__pformat_int.isra.0__pformat_emit_radix_point__pformat_emit_float__pformat_emit_efloat__pformat_efloat__pformat_float__pformat_gfloat__pformat_xldouble__mingw_pformat__rv_alloc_D2A__nrv_alloc_D2A__freedtoa__quorem_D2A.rdata$.refptr.__tens_D2A__rshift_D2A__trailz_D2Adtoa_lockdtoa_CS_initdtoa_CritSecdtoa_lock_cleanup__Balloc_D2Apmem_nextprivate_mem__Bfree_D2A__multadd_D2A__i2b_D2A__mult_D2A__pow5mult_D2A__lshift_D2A__cmp_D2A__diff_D2A__b2d_D2A__d2b_D2A__strcp_D2A__mbrtowc_cpinternal_mbstate.2mbsrtowcsinternal_mbstate.1s_mbstate.0__wcrtomb_cpwcsrtombs__acrt_iob_funcmingw_get_invalid_parameter_handler_get_invalid_parameter_handlermingw_set_invalid_parameter_handler_set_invalid_parameter_handler_lock_file_unlock_file__p__acmdln.rdata$.refptr.__imp__acmdln__p__commode.rdata$.refptr.__imp__commode__p__fmode.rdata$.refptr.__imp__fmoderegister_frame_ctor.text.startup.xdata.startup.pdata.startup.ctors.65535___RUNTIME_PSEUDO_RELOC_LIST____imp_GetStartupInfoA__imp_abort__lib64_libkernel32_a_iname__data_start_____DTOR_LIST____imp__fmode__imp____mb_cur_max_func__imp__lockIsDBCSLeadByteExSetUnhandledExceptionFilter__imp_calloc__imp___p__fmode___tls_start__.refptr.__native_startup_state__ImageBaseGetLastErrormingw_initltssuo_force__rt_psrelocs_start.refptr.mingw_initltsdyn_force__dll_characteristics____size_of_stack_commit____mingw_module_is_dll__iob_func__imp__acmdln__size_of_stack_reserve____major_subsystem_version_____crt_xl_start____imp_DeleteCriticalSection__imp__set_invalid_parameter_handler.refptr.__CTOR_LIST____imp_fputcVirtualQuery___crt_xi_start__.refptr.__imp__fmode__imp__amsg_exit___crt_xi_end____imp__errno.refptr.__imp___initenv_tls_start__mingw_winmain_lpCmdLine.refptr._matherr.refptr.__RUNTIME_PSEUDO_RELOC_LIST____mingw_oldexcpt_handler.refptr.mingw_initltssuo_force__imp__unlock_fileTlsGetValue__bss_start____imp_MultiByteToWideChar__imp___C_specific_handler___RUNTIME_PSEUDO_RELOC_LIST_END____size_of_heap_commit____imp_GetLastError.refptr._dowildcard__imp_free___mb_cur_max_func__tens_D2AVirtualProtectmingw_app_type___crt_xp_start____imp_LeaveCriticalSection__mingw_pinit__C_specific_handler.refptr.mingw_initcharmax.refptr.__mingw_oldexcpt_handler.refptr.__RUNTIME_PSEUDO_RELOC_LIST_END_____crt_xp_end____minor_os_version__EnterCriticalSection_MINGW_INSTALL_DEBUG_MATHERR.refptr.__xi_a__image_base__.refptr._CRT_MT__section_alignment____native_dllmain_reason_tls_used__imp_memsetmingw_initcharmax__IAT_end____imp__lock_file__imp_memcpy__RUNTIME_PSEUDO_RELOC_LIST____imp_strerror.refptr._newmodemingw_pcppinit__data_end____imp_fwrite__CTOR_LIST____imp___getmainargs_head_lib64_libkernel32_a__bss_end__.refptr.mingw_initltsdrot_force__tinytens_D2A__native_vcclrit_reason___crt_xc_end__.refptr.__native_startup_lock__imp_EnterCriticalSection_tls_index__native_startup_state___crt_xc_start____imp___lconv_init__lib64_libmsvcrt_os_a_iname___CTOR_LIST__.refptr.__dyn_tls_init_callback__imp_signal__rt_psrelocs_size__imp_WideCharToMultiByte__imp_strlen__bigtens_D2A__imp_malloc__mingw_winmain_nShowCmdmingw_pcinit.refptr._gnu_exception_handler__file_alignment____imp_InitializeCriticalSection__lconv_init__getmainargsInitializeCriticalSection___lc_codepage_func__imp_exit__imp_vfprintf__major_os_version____imp_IsDBCSLeadByteEx__imp___initenv__IAT_start____imp__cexit__imp_SetUnhandledExceptionFilter.refptr.mingw_app_type__imp__onexit__DTOR_LIST__.refptr.__imp__acmdlnWideCharToMultiByte__set_app_type__imp_Sleep__imp___p__acmdlnLeaveCriticalSection__imp___setusermatherr__size_of_heap_reserve_____crt_xt_start____subsystem___amsg_exit__imp_TlsGetValue__setusermatherr.refptr._commode__imp_fprintf__imp___p__commodeMultiByteToWideChar__imp_VirtualProtect___tls_end____imp_VirtualQuery__imp__inittermmingw_initltsdyn_force_dowildcard__imp___iob_func__imp_localeconvlocaleconv__dyn_tls_init_callback.refptr.__image_base___initterm__imp_strncmp_head_lib64_libmsvcrt_os_a.refptr._fmode__imp___acrt_iob_func__major_image_version____loader_flags__.refptr.__tens_D2A.refptr.__imp__commode___chkstk_ms__native_startup_lock__mingw_winmain_hInstanceGetStartupInfoA__imp_wcslen__imp____lc_codepage_func__rt_psrelocs_end__imp__get_invalid_parameter_handler__minor_subsystem_version____minor_image_version____imp__unlock__imp___set_app_typemingw_initltsdrot_force.refptr.__xc_a.refptr.__xi_z.refptr._MINGW_INSTALL_DEBUG_MATHERR__imp__commodeDeleteCriticalSection__RUNTIME_PSEUDO_RELOC_LIST_END__.refptr.__xc_z___crt_xt_end__osslsigncode-2.9/tests/files/unsigned.mof000066400000000000000000000015641464004761700206620ustar00rootroot00000000000000[ClassVersion("1.0.0"), FriendlyName("Website")] class Demo_IISWebsite : OMI_BaseResource { [Key] string Name; [Required] string PhysicalPath; [write,ValueMap{"Present", "Absent"},Values{"Present", "Absent"}] string Ensure; [write,ValueMap{"Started","Stopped"},Values{"Started", "Stopped"}] string State; [write] string Protocol[]; [write] string BindingInfo[]; [write] string ApplicationPool; [read] string ID; };osslsigncode-2.9/tests/files/unsigned.msi000066400000000000000000000230001464004761700206560ustar00rootroot00000000000000ࡱ>   ServiceControlNameEventArgumentsWaitComponent_SignatureFileNameMinVersionMaxVersionMinSizeMaxSizeMinDateMaxDateLanguagesErrorMessageRemoveFileFileKeyDirPropertyInstallModeInstallExecuteSequenceActionConditionSequenceValidateProductIDCostInitializeFileCostCostFinalizeInstallValidateInstallInitializeProcessComponentsUnpublishFeaturesRemoveFilesInstallFilesRegisterUserRegisterProductPublishFeaturesPublishProductInstallFinalizeFeatureComponentsFeature_CompleteMainExecutableAdvtExecuteSequencePropertyValueDiskPromptAcme's Foobar 1.0 Installation [1]ManufacturerAcme Ltd.ProductLanguage1033ProductCode{ABCDDCBA-86C7-4D14-AEC0-86416A69ABDE}ProductNameFoobar 1.0ProductVersion1.0.0UpgradeCode{ABCDDCBA-7349-453F-94F6-BCB5110BA4FD}FeatureFeature_ParentTitleDescriptionDisplayLevelDirectory_AttributesAppSearchSignature_InstallUISequenceExecuteActionFileFileSizeVersionLanguageFoobarEXEFoobarAppl10.exeLaunchConditionComponentComponentIdKeyPath{ABCDDCBA-83F1-4F22-985B-FDB3C8ABD471}INSTALLDIRServiceInstallDisplayNameServiceTypeStartTypeErrorControlLoadOrderGroupDependenciesStartNamePasswordCustomActionTypeSourceTargetExtendedTypeUpgradeVersionMinVersionMaxRemoveActionPropertyMediaDiskIdLastSequenceCabinetVolumeLabelCD-ROM #1#Sample.cabMsiFileHashFile_OptionsHashPart1HashPart2HashPart3HashPart4BinaryDataIconAdminExecuteSequenceInstallAdminPackageCreateFolderDirectoryDirectory_ParentDefaultDirAcmeProgramFilesFolderTARGETDIRPFilesSourceDirRegLocatorRootKeyAdminUISequenceRegistryShortcutHotkeyIcon_IconIndexShowCmdWkDirDisplayResourceDLLDisplayResourceIdDescriptionResourceDLLDescriptionResourceId               "   &   &           &                           Oh+'0x$ 8 h tInstallation DatabaseAcme's Foobar 1.0 Installer Acme Ltd. Installer.Foobar is a registered trademark of Acme Ltd. Intel;1033'{4AF73A72-4437-4274-837E-0A1CEF1EB401}@@dmsitools 0.101MSCFF,FDTs FoobarEXEI U9#({ x܅ș<NY Bno,TUNN,OI +02468:<13579;=&'( x܅ș+, !"#$%&'( x܅@pԗș))---..>>>>>>>>FFHHHJJJJJJJJPPQQQQQQVVVVVVVVVVVVV_____dddddddiiiiiippppppwwyyzzz||}}}    *./>?@ABCDE.GJKLMEAQRDESVWXYZ[\]^A`abc<efMEghjk0lmaqrstuvxxD}~G`/DbAHHHHHHH&HHH&&@HHHHHHHH&HHHHHH&H@ HHHHHHHHHHHHHHHHHHH)-.>FHJPQV_dipwyz|}  !"#$%&()*+,-.0>@ABCDEFGHIJKLMNOPRoot Entry  F@H??wElDj;E$H?@H??wElDj>D/HDSummaryInformation('AD/BAdA /F@HA0C??(E8BA(H1@H C5BErE 5.1.19041.3930 osslsigncode-2.9/tests/make_certificates.py000066400000000000000000000536761464004761700212700ustar00rootroot00000000000000#!/usr/bin/python3 """Make test certificates""" import os import datetime import cryptography from cryptography import x509 from cryptography.x509.oid import NameOID from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import rsa RESULT_PATH = os.getcwd() CERTS_PATH = os.path.join(RESULT_PATH, "./Testing/certs/") date_20170101 = datetime.datetime(2017, 1, 1) date_20180101 = datetime.datetime(2018, 1, 1) date_20190101 = datetime.datetime(2019, 1, 1) PASSWORD='passme' class X509Extensions(): """Base class for X509 Extensions""" def __init__(self, unit_name, cdp_port, cdp_name): self.unit_name = unit_name self.port = cdp_port self.name = cdp_name def create_x509_name(self, common_name) -> x509.Name: """Return x509.Name""" return x509.Name( [ x509.NameAttribute(NameOID.COUNTRY_NAME, "PL"), x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "Mazovia Province"), x509.NameAttribute(NameOID.LOCALITY_NAME, "Warsaw"), x509.NameAttribute(NameOID.ORGANIZATION_NAME, "osslsigncode"), x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, self.unit_name), x509.NameAttribute(NameOID.COMMON_NAME, common_name) ] ) def create_x509_crldp(self) -> x509.CRLDistributionPoints: """Return x509.CRLDistributionPoints""" return x509.CRLDistributionPoints( [ x509.DistributionPoint( full_name=[x509.UniformResourceIdentifier( "http://127.0.0.1:" + str(self.port) + "/" + str(self.name)) ], relative_name=None, reasons=None, crl_issuer=None ) ] ) def create_x509_name_constraints(self) -> x509.NameConstraints: """Return x509.NameConstraints""" return x509.NameConstraints( permitted_subtrees = [x509.DNSName('test.com'), x509.DNSName('test.org')], excluded_subtrees = None ) class IntermediateCACertificate(X509Extensions): """Base class for Intermediate CA certificate""" def __init__(self, issuer_cert, issuer_key): self.issuer_cert = issuer_cert self.issuer_key = issuer_key super().__init__("Certification Authority", 0, None) def make_cert(self) -> (x509.Certificate, rsa.RSAPrivateKey): """Generate intermediate CA certificate""" key = rsa.generate_private_key(public_exponent=65537, key_size=2048) key_public = key.public_key() authority_key = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier( self.issuer_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value ) key_usage = x509.KeyUsage( digital_signature=True, content_commitment=False, key_encipherment=False, data_encipherment=False, key_agreement=False, key_cert_sign=True, crl_sign=True, encipher_only=False, decipher_only=False ) cert = ( x509.CertificateBuilder() .subject_name(self.create_x509_name("Intermediate CA")) .issuer_name(self.issuer_cert.subject) .public_key(key_public) .serial_number(x509.random_serial_number()) .not_valid_before(date_20180101) .not_valid_after(date_20180101 + datetime.timedelta(days=7300)) .add_extension(x509.BasicConstraints(ca=True, path_length=0), critical=True) .add_extension(x509.SubjectKeyIdentifier.from_public_key(key_public), critical=False) .add_extension(authority_key, critical=False) .add_extension(key_usage, critical=True) .sign(self.issuer_key, hashes.SHA256()) ) file_path=os.path.join(CERTS_PATH, "intermediateCA.pem") with open(file_path, mode="wb") as file: file.write(cert.public_bytes(encoding=serialization.Encoding.PEM)) return cert, key class RootCACertificate(X509Extensions): """Base class for Root CA certificate""" def __init__(self): self.key_usage = x509.KeyUsage( digital_signature=True, content_commitment=False, key_encipherment=False, data_encipherment=False, key_agreement=False, key_cert_sign=True, crl_sign=True, encipher_only=False, decipher_only=False ) super().__init__("Certification Authority", 0, None) def make_cert(self) -> (x509.Certificate, rsa.RSAPrivateKey): """Generate CA certificates""" ca_root, root_key = self.make_ca_cert("Trusted Root CA", "CAroot.pem") ca_cert, ca_key = self.make_ca_cert("Root CA", "CACert.pem") self.make_cross_cert(ca_root, root_key, ca_cert, ca_key) return ca_cert, ca_key def make_ca_cert(self, common_name, file_name) -> None: """Generate self-signed root CA certificate""" ca_key = rsa.generate_private_key(public_exponent=65537, key_size=2048) ca_public = ca_key.public_key() authority_key = x509.AuthorityKeyIdentifier.from_issuer_public_key(ca_public) name = self.create_x509_name(common_name) ca_cert = ( x509.CertificateBuilder() .subject_name(name) .issuer_name(name) .public_key(ca_public) .serial_number(x509.random_serial_number()) .not_valid_before(date_20170101) .not_valid_after(date_20170101 + datetime.timedelta(days=7300)) .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True) .add_extension(x509.SubjectKeyIdentifier.from_public_key(ca_public), critical=False) .add_extension(authority_key, critical=False) .add_extension(self.key_usage, critical=True) .sign(ca_key, hashes.SHA256()) ) file_path=os.path.join(CERTS_PATH, file_name) with open(file_path, mode="wb") as file: file.write(ca_cert.public_bytes(encoding=serialization.Encoding.PEM)) return ca_cert, ca_key def make_cross_cert(self, ca_root, root_key, ca_cert, ca_key) -> None: """Generate cross-signed root CA certificate""" ca_public = ca_key.public_key() authority_key = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier( ca_root.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value ) ca_cross = ( x509.CertificateBuilder() .subject_name(ca_cert.subject) .issuer_name(ca_root.subject) .public_key(ca_public) .serial_number(ca_cert.serial_number) .not_valid_before(date_20180101) .not_valid_after(date_20180101 + datetime.timedelta(days=7300)) .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True) .add_extension(x509.SubjectKeyIdentifier.from_public_key(ca_public), critical=False) .add_extension(authority_key, critical=False) .add_extension(self.key_usage, critical=True) .sign(root_key, hashes.SHA256()) ) file_path=os.path.join(CERTS_PATH, "CAcross.pem") with open(file_path, mode="wb") as file: file.write(ca_cross.public_bytes(encoding=serialization.Encoding.PEM)) def write_key(self, key, file_name) -> None: """Write a private RSA key""" # Write password file_path = os.path.join(CERTS_PATH, "password.txt") with open(file_path, mode="w", encoding="utf-8") as file: file.write("{}".format(PASSWORD)) # Write encrypted key in PEM format file_path = os.path.join(CERTS_PATH, file_name + "p.pem") with open(file_path, mode="wb") as file: file.write(key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.BestAvailableEncryption(PASSWORD.encode()) ) ) # Write decrypted key in PEM format file_path = os.path.join(CERTS_PATH, file_name + ".pem") with open(file_path, mode="wb") as file: file.write(key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption() ) ) # Write the key in DER format file_path = os.path.join(CERTS_PATH, file_name + ".der") with open(file_path, mode="wb") as file: file.write(key.private_bytes( encoding=serialization.Encoding.DER, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption() ) ) class TSARootCACertificate(X509Extensions): """Base class for TSA certificates""" def __init__(self): super().__init__("Timestamp Authority Root CA", 0, None) def make_cert(self) -> (x509.Certificate, rsa.RSAPrivateKey): """Generate a Time Stamp Authority certificate""" ca_key = rsa.generate_private_key(public_exponent=65537, key_size=2048) ca_public = ca_key.public_key() authority_key = x509.AuthorityKeyIdentifier.from_issuer_public_key(ca_public) name = self.create_x509_name("TSA Root CA") key_usage = x509.KeyUsage( digital_signature=False, content_commitment=False, key_encipherment=False, data_encipherment=False, key_agreement=False, key_cert_sign=True, crl_sign=True, encipher_only=False, decipher_only=False ) ca_cert = ( x509.CertificateBuilder() .subject_name(name) .issuer_name(name) .public_key(ca_public) .serial_number(x509.random_serial_number()) .not_valid_before(date_20170101) .not_valid_after(date_20170101 + datetime.timedelta(days=7300)) .add_extension(x509.BasicConstraints(ca=True, path_length=None), critical=True) .add_extension(x509.SubjectKeyIdentifier.from_public_key(ca_public), critical=False) .add_extension(authority_key, critical=False) .add_extension(key_usage, critical=True) .sign(ca_key, hashes.SHA256()) ) file_path=os.path.join(CERTS_PATH, "TSACA.pem") with open(file_path, mode="wb") as file: file.write(ca_cert.public_bytes(encoding=serialization.Encoding.PEM)) return ca_cert, ca_key def write_key(self, key, file_name) -> None: """Write decrypted private RSA key into PEM format""" file_path = os.path.join(CERTS_PATH, file_name + ".key") with open(file_path, mode="wb") as file: file.write(key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption() ) ) class Certificate(X509Extensions): """Base class for a leaf certificate""" def __init__(self, issuer_cert, issuer_key, unit_name, common_name, cdp_port, cdp_name): #pylint: disable=too-many-arguments self.issuer_cert = issuer_cert self.issuer_key = issuer_key self.common_name = common_name super().__init__(unit_name, cdp_port, cdp_name) def make_cert(self, public_key, not_before, days) -> x509.Certificate: """Generate a leaf certificate""" authority_key = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier( self.issuer_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value ) extended_key_usage = x509.ExtendedKeyUsage( [x509.oid.ExtendedKeyUsageOID.CODE_SIGNING] ) cert = ( x509.CertificateBuilder() .subject_name(self.create_x509_name(self.common_name)) .issuer_name(self.issuer_cert.subject) .public_key(public_key) .serial_number(x509.random_serial_number()) .not_valid_before(not_before) .not_valid_after(not_before + datetime.timedelta(days=days)) .add_extension(x509.BasicConstraints(ca=False, path_length=None), critical=False) .add_extension(x509.SubjectKeyIdentifier.from_public_key(public_key), critical=False) .add_extension(authority_key, critical=False) .add_extension(extended_key_usage, critical=False) .add_extension(self.create_x509_crldp(), critical=False) .sign(self.issuer_key, hashes.SHA256()) ) # Write PEM file and attach intermediate certificate file_path = os.path.join(CERTS_PATH, self.common_name + ".pem") with open(file_path, mode="wb") as file: file.write(cert.public_bytes(encoding=serialization.Encoding.PEM)) file.write(self.issuer_cert.public_bytes(encoding=serialization.Encoding.PEM)) return cert def revoke_cert(self, serial_number, file_name) -> None: """Revoke a certificate""" revoked = ( x509.RevokedCertificateBuilder() .serial_number(serial_number) .revocation_date(date_20190101) .add_extension(x509.CRLReason(x509.ReasonFlags.superseded), critical=False) .build() ) # Generate CRL authority_key = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier( self.issuer_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value ) crl = ( x509.CertificateRevocationListBuilder() .issuer_name(self.issuer_cert.subject) .last_update(date_20190101) .next_update(date_20190101 + datetime.timedelta(days=7300)) .add_extension(authority_key, critical=False) .add_extension(x509.CRLNumber(4097), critical=False) .add_revoked_certificate(revoked) .sign(self.issuer_key, hashes.SHA256()) ) # Write CRL file file_path = os.path.join(CERTS_PATH, file_name + ".pem") with open(file_path, mode="wb") as file: file.write(crl.public_bytes(encoding=serialization.Encoding.PEM)) file_path = os.path.join(CERTS_PATH, file_name + ".der") with open(file_path, mode="wb") as file: file.write(crl.public_bytes(encoding=serialization.Encoding.DER)) class LeafCACertificate(Certificate): """Base class for a leaf certificate""" def __init__(self, issuer_cert, issuer_key, common, cdp_port): super().__init__(issuer_cert, issuer_key, "CSP", common, cdp_port, "intermediateCA") class LeafTSACertificate(Certificate): """Base class for a TSA leaf certificate""" def __init__(self, issuer_cert, issuer_key, common, cdp_port): self.issuer_cert = issuer_cert self.issuer_key = issuer_key self.common_name = common super().__init__(issuer_cert, issuer_key, "Timestamp Root CA", common, cdp_port, "TSACA") def make_cert(self, public_key, not_before, days) -> x509.Certificate: """Generate a TSA leaf certificate""" authority_key = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier( self.issuer_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier).value ) # The TSA signing certificate must have exactly one extended key usage # assigned to it: timeStamping. The extended key usage must also be critical, # otherwise the certificate is going to be refused. extended_key_usage = x509.ExtendedKeyUsage( [x509.oid.ExtendedKeyUsageOID.TIME_STAMPING] ) cert = ( x509.CertificateBuilder() .subject_name(self.create_x509_name(self.common_name)) .issuer_name(self.issuer_cert.subject) .public_key(public_key) .serial_number(x509.random_serial_number()) .not_valid_before(not_before) .not_valid_after(not_before + datetime.timedelta(days=days)) .add_extension(x509.BasicConstraints(ca=False, path_length=None), critical=True) .add_extension(x509.SubjectKeyIdentifier.from_public_key(public_key), critical=False) .add_extension(authority_key, critical=False) .add_extension(extended_key_usage, critical=True) .add_extension(self.create_x509_crldp(), critical=False) .add_extension(self.create_x509_name_constraints(), critical=False) .sign(self.issuer_key, hashes.SHA256()) ) # Write PEM file and attach intermediate certificate file_path = os.path.join(CERTS_PATH, self.common_name + ".pem") with open(file_path, mode="wb") as file: file.write(cert.public_bytes(encoding=serialization.Encoding.PEM)) file.write(self.issuer_cert.public_bytes(encoding=serialization.Encoding.PEM)) return cert class CertificateMaker(): """Base class for test certificates""" def __init__(self, cdp_port, logs): self.cdp_port = cdp_port self.logs = logs def make_certs(self) -> None: """Make test certificates""" try: self.make_ca_certs() self.make_tsa_certs() logs = os.path.join(CERTS_PATH, "./cert.log") with open(logs, mode="w", encoding="utf-8") as file: file.write("Test certificates generation succeeded") except Exception as err: # pylint: disable=broad-except with open(self.logs, mode="a", encoding="utf-8") as file: file.write("Error: {}".format(err)) def make_ca_certs(self): """Make test certificates""" # Generate root CA certificate root = RootCACertificate() ca_cert, ca_key = root.make_cert() # Generate intermediate root CA certificate intermediate = IntermediateCACertificate(ca_cert, ca_key) issuer_cert, issuer_key = intermediate.make_cert() # Generate private RSA key private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048) public_key = private_key.public_key() root.write_key(key=private_key, file_name="key") # Generate expired certificate expired = LeafCACertificate(issuer_cert, issuer_key, "expired", self.cdp_port) expired.make_cert(public_key, date_20180101, 365) # Generate revoked certificate revoked = LeafCACertificate(issuer_cert, issuer_key, "revoked", self.cdp_port) cert = revoked.make_cert(public_key, date_20180101, 5840) revoked.revoke_cert(cert.serial_number, "CACertCRL") # Generate code signing certificate signer = LeafCACertificate(issuer_cert, issuer_key, "cert", self.cdp_port) cert = signer.make_cert(public_key, date_20180101, 5840) # Write a certificate and a key into PKCS#12 container self.write_pkcs12_container( cert=cert, key=private_key, issuer=issuer_cert ) # Write DER file and attach intermediate certificate file_path = os.path.join(CERTS_PATH, "cert.der") with open(file_path, mode="wb") as file: file.write(cert.public_bytes(encoding=serialization.Encoding.DER)) def make_tsa_certs(self): """Make test TSA certificates""" # Time Stamp Authority certificate root = TSARootCACertificate() issuer_cert, issuer_key = root.make_cert() # Generate private RSA key private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048) public_key = private_key.public_key() root.write_key(key=private_key, file_name="TSA") # Generate revoked TSA certificate revoked = LeafTSACertificate(issuer_cert, issuer_key, "TSA_revoked", self.cdp_port) cert = revoked.make_cert(public_key, date_20180101, 7300) revoked.revoke_cert(cert.serial_number, "TSACertCRL") # Generate TSA certificate signer = LeafTSACertificate(issuer_cert, issuer_key, "TSA", self.cdp_port) cert = signer.make_cert(public_key, date_20180101, 7300) # Save the chain to be included in the TSA response file_path = os.path.join(CERTS_PATH, "tsa-chain.pem") with open(file_path, mode="wb") as file: file.write(cert.public_bytes(encoding=serialization.Encoding.PEM)) file.write(issuer_cert.public_bytes(encoding=serialization.Encoding.PEM)) def write_pkcs12_container(self, cert, key, issuer) -> None: """Write a certificate and a key into a PKCS#12 container""" # Set an encryption algorithm if cryptography.__version__ >= "38.0.0": # For OpenSSL legacy mode use the default algorithm for certificate # and private key encryption: DES-EDE3-CBC (vel 3DES_CBC) # pylint: disable=no-member encryption = ( serialization.PrivateFormat.PKCS12.encryption_builder() .key_cert_algorithm(serialization.pkcs12.PBES.PBESv1SHA1And3KeyTripleDESCBC) .kdf_rounds(5000) .build(PASSWORD.encode()) ) else: encryption = serialization.BestAvailableEncryption(PASSWORD.encode()) # Generate PKCS#12 struct pkcs12 = serialization.pkcs12.serialize_key_and_certificates( name=b'certificate', key=key, cert=cert, cas=(issuer,), encryption_algorithm=encryption ) # Write into a PKCS#12 container file_path = os.path.join(CERTS_PATH, "cert.p12") with open(file_path, mode="wb") as file: file.write(pkcs12) # pylint: disable=pointless-string-statement """Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: """ osslsigncode-2.9/tests/server_http.py000066400000000000000000000136251464004761700201610ustar00rootroot00000000000000#!/usr/bin/python3 """Implementation of a HTTP server""" import argparse import os import subprocess import sys import threading from urllib.parse import urlparse from http.server import SimpleHTTPRequestHandler, HTTPServer from socketserver import ThreadingMixIn from make_certificates import CertificateMaker RESULT_PATH = os.getcwd() FILES_PATH = os.path.join(RESULT_PATH, "./Testing/files/") CERTS_PATH = os.path.join(RESULT_PATH, "./Testing/certs/") CONF_PATH = os.path.join(RESULT_PATH, "./Testing/conf/") LOGS_PATH = os.path.join(RESULT_PATH, "./Testing/logs/") REQUEST = os.path.join(FILES_PATH, "./jreq.tsq") RESPONS = os.path.join(FILES_PATH, "./jresp.tsr") OPENSSL_CONF = os.path.join(CONF_PATH, "./openssl_tsa.cnf") SERVER_LOG = os.path.join(LOGS_PATH, "./server.log") URL_LOG = os.path.join(LOGS_PATH, "./url.log") OPENSSL_TS = ["openssl", "ts", "-reply", "-config", OPENSSL_CONF, "-passin", "pass:passme", "-queryfile", REQUEST, "-out", RESPONS] class ThreadingHTTPServer(ThreadingMixIn, HTTPServer): """This variant of HTTPServer creates a new thread for every connection""" daemon_threads = True class RequestHandler(SimpleHTTPRequestHandler): """Handle the HTTP POST request that arrive at the server""" def __init__(self, request, client_address, server): # Save the server handle self.server = server SimpleHTTPRequestHandler.__init__(self, request, client_address, server) def do_GET(self): # pylint: disable=invalid-name """"Serves the GET request type""" try: url = urlparse(self.path) self.send_response(200) self.send_header("Content-type", "application/pkix-crl") self.end_headers() resp_data = b'' # Read the file and send the contents if url.path == "/intermediateCA": file_path = os.path.join(CERTS_PATH, "./CACertCRL.der") with open(file_path, 'rb') as file: resp_data = file.read() if url.path == "/TSACA": file_path = os.path.join(CERTS_PATH, "./TSACertCRL.der") with open(file_path, 'rb') as file: resp_data = file.read() self.wfile.write(resp_data) except Exception as err: # pylint: disable=broad-except print("HTTP GET request error: {}".format(err)) def do_POST(self): # pylint: disable=invalid-name """"Serves the POST request type""" try: url = urlparse(self.path) self.send_response(200) if url.path == "/kill_server": self.log_message(f"Deleting file: {URL_LOG}") os.remove(f"{URL_LOG}") self.send_header('Content-type', 'text/plain') self.end_headers() self.wfile.write(bytes('Shutting down HTTP server', 'utf-8')) self.server.shutdown() else: content_length = int(self.headers['Content-Length']) post_data = self.rfile.read(content_length) with open(REQUEST, mode="wb") as file: file.write(post_data) openssl = subprocess.run(OPENSSL_TS, check=True, universal_newlines=True) openssl.check_returncode() self.send_header("Content-type", "application/timestamp-reply") self.end_headers() resp_data = b'' with open(RESPONS, mode="rb") as file: resp_data = file.read() self.wfile.write(resp_data) except Exception as err: # pylint: disable=broad-except print("HTTP POST request error: {}".format(err)) class HttpServerThread(): """TSA server thread handler""" # pylint: disable=too-few-public-methods def __init__(self): self.server = None self.server_thread = None def start_server(self, port) -> (int): """Starting HTTP server on 127.0.0.1 and a random available port for binding""" self.server = ThreadingHTTPServer(('127.0.0.1', port), RequestHandler) self.server_thread = threading.Thread(target=self.server.serve_forever) self.server_thread.start() hostname, port = self.server.server_address[:2] print("HTTP server started, URL http://{}:{}".format(hostname, port)) return port def main() -> None: """Start HTTP server, make test certificates.""" ret = 0 parser = argparse.ArgumentParser() parser.add_argument( "--port", type=int, default=0, help="port number" ) args = parser.parse_args() try: server = HttpServerThread() port = server.start_server(args.port) with open(URL_LOG, mode="w", encoding="utf-8") as file: file.write("127.0.0.1:{}".format(port)) tests = CertificateMaker(port, SERVER_LOG) tests.make_certs() except OSError as err: print("OSError: {}".format(err)) ret = err.errno except Exception as err: # pylint: disable=broad-except print("Error: {}".format(err)) ret = 1 finally: sys.exit(ret) if __name__ == '__main__': try: fpid = os.fork() if fpid > 0: sys.exit(0) with open(SERVER_LOG, mode='w', encoding='utf-8') as log: os.dup2(log.fileno(), sys.stdout.fileno()) os.dup2(log.fileno(), sys.stderr.fileno()) except OSError as ferr: print("Fork #1 failed: {} {}".format(ferr.errno, ferr.strerror)) sys.exit(1) try: fpid = os.fork() if fpid > 0: sys.exit(0) except OSError as ferr: print("Fork #2 failed: {} {}".format(ferr.errno, ferr.strerror)) sys.exit(1) # Start the daemon main loop main() # pylint: disable=pointless-string-statement """Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: """ osslsigncode-2.9/tests/server_http.pyw000066400000000000000000000121061464004761700203410ustar00rootroot00000000000000#!/usr/bin/python3 """Windows: Implementation of a HTTP server""" import argparse import os import subprocess import sys import threading from urllib.parse import urlparse from http.server import SimpleHTTPRequestHandler, ThreadingHTTPServer from make_certificates import CertificateMaker RESULT_PATH = os.getcwd() FILES_PATH = os.path.join(RESULT_PATH, "./Testing/files/") CERTS_PATH = os.path.join(RESULT_PATH, "./Testing/certs/") CONF_PATH = os.path.join(RESULT_PATH, "./Testing/conf/") LOGS_PATH = os.path.join(RESULT_PATH, "./Testing/logs/") REQUEST = os.path.join(FILES_PATH, "./jreq.tsq") RESPONS = os.path.join(FILES_PATH, "./jresp.tsr") OPENSSL_CONF = os.path.join(CONF_PATH, "./openssl_tsa.cnf") SERVER_LOG = os.path.join(LOGS_PATH, "./server.log") URL_LOG = os.path.join(LOGS_PATH, "./url.log") OPENSSL_TS = ["openssl", "ts", "-reply", "-config", OPENSSL_CONF, "-passin", "pass:passme", "-queryfile", REQUEST, "-out", RESPONS] class RequestHandler(SimpleHTTPRequestHandler): """Handle the HTTP POST request that arrive at the server""" def __init__(self, request, client_address, server): # Save the server handle self.server = server SimpleHTTPRequestHandler.__init__(self, request, client_address, server) def do_GET(self): # pylint: disable=invalid-name """"Serves the GET request type""" try: url = urlparse(self.path) self.send_response(200) self.send_header("Content-type", "application/pkix-crl") self.end_headers() resp_data = b'' # Read the file and send the contents if url.path == "/intermediateCA": file_path = os.path.join(CERTS_PATH, "./CACertCRL.der") with open(file_path, 'rb') as file: resp_data = file.read() if url.path == "/TSACA": file_path = os.path.join(CERTS_PATH, "./TSACertCRL.der") with open(file_path, 'rb') as file: resp_data = file.read() self.wfile.write(resp_data) except Exception as err: # pylint: disable=broad-except print("HTTP GET request error: {}".format(err)) def do_POST(self): # pylint: disable=invalid-name """"Serves the POST request type""" try: url = urlparse(self.path) self.send_response(200) if url.path == "/kill_server": self.log_message(f"Deleting file: {URL_LOG}") os.remove(f"{URL_LOG}") self.send_header('Content-type', 'text/plain') self.end_headers() self.wfile.write(bytes('Shutting down HTTP server', 'utf-8')) self.server.shutdown() else: content_length = int(self.headers['Content-Length']) post_data = self.rfile.read(content_length) with open(REQUEST, mode="wb") as file: file.write(post_data) openssl = subprocess.run(OPENSSL_TS, check=True, universal_newlines=True) openssl.check_returncode() self.send_header("Content-type", "application/timestamp-reply") self.end_headers() resp_data = b'' with open(RESPONS, mode="rb") as file: resp_data = file.read() self.wfile.write(resp_data) except Exception as err: # pylint: disable=broad-except print("HTTP POST request error: {}".format(err)) class HttpServerThread(): """TSA server thread handler""" # pylint: disable=too-few-public-methods def __init__(self): self.server = None self.server_thread = None def start_server(self, port) -> (int): """Starting HTTP server on 127.0.0.1 and a random available port for binding""" self.server = ThreadingHTTPServer(('127.0.0.1', port), RequestHandler) self.server_thread = threading.Thread(target=self.server.serve_forever) self.server_thread.start() hostname, port = self.server.server_address[:2] print("HTTP server started, URL http://{}:{}".format(hostname, port)) return port def main() -> None: """Start HTTP server""" ret = 0 parser = argparse.ArgumentParser() parser.add_argument( "--port", type=int, default=0, help="port number" ) args = parser.parse_args() try: sys.stdout = open(SERVER_LOG, "w") sys.stderr = open(SERVER_LOG, "a") server = HttpServerThread() port = server.start_server(args.port) with open(URL_LOG, mode="w") as file: file.write("127.0.0.1:{}".format(port)) tests = CertificateMaker(port, SERVER_LOG) tests.make_certs() except OSError as err: print("OSError: {}".format(err)) ret = err.errno finally: sys.exit(ret) if __name__ == '__main__': main() # pylint: disable=pointless-string-statement """Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: """ osslsigncode-2.9/tests/sources/000077500000000000000000000000001464004761700167165ustar00rootroot00000000000000osslsigncode-2.9/tests/sources/CatalogDefinitionFileName.cdf000066400000000000000000000034661464004761700243710ustar00rootroot00000000000000# https://learn.microsoft.com/en-us/windows/win32/seccrypto/makecat # makecat -v CatalogDefinitionFileName.cdf # Define information about the entire catalog file. [CatalogHeader] # Name of the catalog file, including its extension. Name=unsigned.cat # Directory where the created unsigned.cat file will be placed. ResultDir=..\files # This option is not supported. Default value 1 is used. PublicVersion=0x0000001 # Catalog version. # If the version is set to 2, the HashAlgorithms option must contain SHA256. CatalogVersion=2 # Name of the hashing algorithm used. HashAlgorithms=SHA256 # Specifies whether to hash the files listed in the option in the [CatalogFiles] section PageHashes=true # Type of message encoding used. # The default EncodingType is PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, 0x00010001 EncodingType=0x00010001 # Specify an attribute of the catalog file. # Set 1.3.6.1.4.1.311.12.2.1 CAT_NAMEVALUE_OBJID # CATATTR1={type}:{oid}:{value} (optional) # The OSAttr attribute specifies the target Windows version CATATTR1=0x11010001:OSAttr:2:6.0 # Define each member of the catalog file. [CatalogFiles] PEfile=..\files\unsigned.exe # 0x00010000 Attribute is represented in plaintext. No conversion will be done. PEfileATTR1=0x11010001:File:unsigned.exe MSIfile=..\files\unsigned.msi # 0x00020000 Attribute is represented in base-64 encoding. MSIfileATTR1=0x11020001:File:dW5zaWduZWQubXNp CABfile=..\files\unsigned.ex_ CABfileATTR1=0x11010001:File:unsigned.ex_ PS1file=..\files\unsigned.ps1 PS1fileATTR1=0x11010001:File:unsigned.ps1 PSC1file=..\files\unsigned.psc1 PSC1fileATTR1=0x11010001:File:unsigned.psc1 MOFfile=..\files\unsigned.mof MOFfileATTR1=0x11010001:File:unsigned.mof osslsigncode-2.9/tests/sources/a000066400000000000000000000000041464004761700170530ustar00rootroot00000000000000aaa osslsigncode-2.9/tests/sources/b000066400000000000000000000000041464004761700170540ustar00rootroot00000000000000bbb osslsigncode-2.9/tests/sources/c000066400000000000000000000000041464004761700170550ustar00rootroot00000000000000ccc osslsigncode-2.9/tests/sources/myapp.c000066400000000000000000000001041464004761700202030ustar00rootroot00000000000000#include void main(void) { printf("Hello world!"); } osslsigncode-2.9/tests/sources/sample.wxs000066400000000000000000000025721464004761700207500ustar00rootroot00000000000000 osslsigncode-2.9/tests/start_server.py000066400000000000000000000063741464004761700203420ustar00rootroot00000000000000#!/usr/bin/python3 """Wait for all tests certificate, compute leafhash""" import argparse import binascii import hashlib import os import pathlib import platform import subprocess import sys import time RESULT_PATH = os.getcwd() CERTS_PATH = os.path.join(RESULT_PATH, "./Testing/certs/") LOGS_PATH = os.path.join(RESULT_PATH, "./Testing/logs/") SERVER_LOG = os.path.join(LOGS_PATH, "./server.log") if platform.system() == 'Windows': DEFAULT_PYTHON = "C:/Program Files/Python/Python311/pythonw.exe" DEFAULT_PROG = os.path.join(RESULT_PATH, "./Testing/server_http.pyw") else: DEFAULT_PYTHON = "/usr/bin/python3" DEFAULT_PROG = os.path.join(RESULT_PATH, "./Testing/server_http.py") def compute_sha256(file_name) -> str: """Compute a SHA256 hash of the leaf certificate (in DER form)""" sha256_hash = hashlib.sha256() file_path = os.path.join(CERTS_PATH, file_name) with open(file_path, mode="rb") as file: for bajt in iter(lambda: file.read(4096),b""): sha256_hash.update(bajt) return sha256_hash.hexdigest() def clear_catalog(certs_path) -> None: """"Clear a test certificates catalog.""" if os.path.exists(certs_path): #Remove old test certificates for root, _, files in os.walk(certs_path): for file in files: os.remove(os.path.join(root, file)) else: os.mkdir(certs_path) # Generate 16 random bytes and convert to hex random_hex = binascii.b2a_hex(os.urandom(16)).decode() serial = os.path.join(certs_path, "./tsa-serial") with open(serial, mode="w", encoding="utf-8") as file: file.write(random_hex) def main() -> None: """Wait for all tests certificate, compute leafhash""" parser = argparse.ArgumentParser() parser.add_argument( "--exe", type=pathlib.Path, default=DEFAULT_PYTHON, help=f"the path to the python3 executable to use" f"(default: {DEFAULT_PYTHON})", ) parser.add_argument( "--script", type=pathlib.Path, default=DEFAULT_PROG, help=f"the path to the python script to run" f"(default: {DEFAULT_PROG})", ) args = parser.parse_args() try: clear_catalog(CERTS_PATH) #pylint: disable=consider-using-with subprocess.Popen([str(args.exe), str(args.script)]) cert_log = os.path.join(CERTS_PATH, "./cert.log") while not (os.path.exists(cert_log) and os.path.getsize(cert_log) > 0): time.sleep(1) leafhash = compute_sha256("cert.der") file_path = os.path.join(CERTS_PATH, "./leafhash.txt") with open(file_path, mode="w", encoding="utf-8") as file: file.write("SHA256:{}".format(leafhash)) except OSError as err: with open(SERVER_LOG, mode="w", encoding="utf-8") as file: file.write("OSError: {}".format(err)) sys.exit(1) except Exception as err: # pylint: disable=broad-except with open(SERVER_LOG, mode="w", encoding="utf-8") as file: file.write("Error: {}".format(err)) sys.exit(1) if __name__ == "__main__": main() # pylint: disable=pointless-string-statement """Local Variables: c-basic-offset: 4 tab-width: 4 indent-tabs-mode: nil End: vim: set ts=4 expandtab: """ osslsigncode-2.9/utf.c000066400000000000000000000150331464004761700150350ustar00rootroot00000000000000// utf by pietro gagliardi (andlabs) — https://github.com/andlabs/utf/ // 10 november 2016 #include "utf.h" // this code imitates Go's unicode/utf8 and unicode/utf16 // the biggest difference is that a rune is unsigned instead of signed (because Go guarantees what a right shift on a signed number will do, whereas C does not) // it is also an imitation so we can license it under looser terms than the Go source #define badrune 0xFFFD // encoded must be at most 4 bytes // TODO clean this code up somehow size_t utf8EncodeRune(uint32_t rune, char *encoded) { uint8_t b, c, d, e; size_t n; // not in the valid range for Unicode if (rune > 0x10FFFF) rune = badrune; // surrogate runes cannot be encoded if (rune >= 0xD800 && rune < 0xE000) rune = badrune; if (rune < 0x80) { // ASCII bytes represent themselves b = (uint8_t) (rune & 0xFF); n = 1; goto done; } if (rune < 0x800) { // two-byte encoding c = (uint8_t) (rune & 0x3F); c |= 0x80; rune >>= 6; b = (uint8_t) (rune & 0x1F); b |= 0xC0; n = 2; goto done; } if (rune < 0x10000) { // three-byte encoding d = (uint8_t) (rune & 0x3F); d |= 0x80; rune >>= 6; c = (uint8_t) (rune & 0x3F); c |= 0x80; rune >>= 6; b = (uint8_t) (rune & 0x0F); b |= 0xE0; n = 3; goto done; } // otherwise use a four-byte encoding e = (uint8_t) (rune & 0x3F); e |= 0x80; rune >>= 6; d = (uint8_t) (rune & 0x3F); d |= 0x80; rune >>= 6; c = (uint8_t) (rune & 0x3F); c |= 0x80; rune >>= 6; b = (uint8_t) (rune & 0x07); b |= 0xF0; n = 4; done: encoded[0] = (char)b; if (n > 1) encoded[1] = (char)c; if (n > 2) encoded[2] = (char)d; if (n > 3) encoded[3] = (char)e; return n; } const char *utf8DecodeRune(const char *s, size_t nElem, uint32_t *rune) { uint8_t b, c; uint8_t lowestAllowed, highestAllowed; size_t i, expected; int bad; b = (uint8_t) (*s); if (b < 0x80) { // ASCII bytes represent themselves *rune = b; s++; return s; } // 0xC0 and 0xC1 cover 2-byte overlong equivalents // 0xF5 to 0xFD cover values > 0x10FFFF // 0xFE and 0xFF were never defined (always illegal) if (b < 0xC2 || b > 0xF4) { // invalid *rune = badrune; s++; return s; } // this determines the range of allowed first continuation bytes lowestAllowed = 0x80; highestAllowed = 0xBF; switch (b) { case 0xE0: // disallow 3-byte overlong equivalents lowestAllowed = 0xA0; break; case 0xED: // disallow surrogate characters highestAllowed = 0x9F; break; case 0xF0: // disallow 4-byte overlong equivalents lowestAllowed = 0x90; break; case 0xF4: // disallow values > 0x10FFFF highestAllowed = 0x8F; break; } // and this determines how many continuation bytes are expected expected = 1; if (b >= 0xE0) expected++; if (b >= 0xF0) expected++; if (nElem != 0) { // are there enough bytes? nElem--; if (nElem < expected) { // nope *rune = badrune; s++; return s; } } // ensure that everything is correct // if not, **only** consume the initial byte bad = 0; for (i = 0; i < expected; i++) { c = (uint8_t) (s[1 + i]); if (c < lowestAllowed || c > highestAllowed) { bad = 1; break; } // the old lowestAllowed and highestAllowed is only for the first continuation byte lowestAllowed = 0x80; highestAllowed = 0xBF; } if (bad) { *rune = badrune; s++; return s; } // now do the topmost bits if (b < 0xE0) *rune = b & 0x1F; else if (b < 0xF0) *rune = b & 0x0F; else *rune = b & 0x07; s++; // we can finally move on // now do the continuation bytes for (; expected; expected--) { c = (uint8_t) (*s); s++; c &= 0x3F; // strip continuation bits *rune <<= 6; *rune |= c; } return s; } // encoded must have at most 2 elements size_t utf16EncodeRune(uint32_t rune, uint16_t *encoded) { uint16_t low, high; // not in the valid range for Unicode if (rune > 0x10FFFF) rune = badrune; // surrogate runes cannot be encoded if (rune >= 0xD800 && rune < 0xE000) rune = badrune; if (rune < 0x10000) { encoded[0] = (uint16_t) rune; return 1; } rune -= 0x10000; low = (uint16_t) (rune & 0x3FF); rune >>= 10; high = (uint16_t) (rune & 0x3FF); encoded[0] = high | 0xD800; encoded[1] = low | 0xDC00; return 2; } // TODO see if this can be cleaned up somehow const uint16_t *utf16DecodeRune(const uint16_t *s, size_t nElem, uint32_t *rune) { uint16_t high, low; if (*s < 0xD800 || *s >= 0xE000) { // self-representing character *rune = *s; s++; return s; } if (*s >= 0xDC00) { // out-of-order surrogates *rune = badrune; s++; return s; } if (nElem == 1) { // not enough elements *rune = badrune; s++; return s; } high = *s; high &= 0x3FF; if (s[1] < 0xDC00 || s[1] >= 0xE000) { // bad surrogate pair *rune = badrune; s++; return s; } s++; low = *s; s++; low &= 0x3FF; *rune = high; *rune <<= 10; *rune |= low; *rune += 0x10000; return s; } // TODO find a way to reduce the code in all of these somehow // TODO find a way to remove u as well size_t utf8RuneCount(const char *s, size_t nElem) { size_t len; uint32_t rune; if (nElem != 0) { const char *t, *u; len = 0; t = s; while (nElem != 0) { u = utf8DecodeRune(t, nElem, &rune); len++; nElem -= (size_t)(u - t); t = u; } return len; } len = 0; while (*s) { s = utf8DecodeRune(s, nElem, &rune); len++; } return len; } size_t utf8UTF16Count(const char *s, size_t nElem) { size_t len; uint32_t rune; uint16_t encoded[2]; if (nElem != 0) { const char *t, *u; len = 0; t = s; while (nElem != 0) { u = utf8DecodeRune(t, nElem, &rune); len += utf16EncodeRune(rune, encoded); nElem -= (size_t)(u - t); t = u; } return len; } len = 0; while (*s) { s = utf8DecodeRune(s, nElem, &rune); len += utf16EncodeRune(rune, encoded); } return len; } size_t utf16RuneCount(const uint16_t *s, size_t nElem) { size_t len; uint32_t rune; if (nElem != 0) { const uint16_t *t, *u; len = 0; t = s; while (nElem != 0) { u = utf16DecodeRune(t, nElem, &rune); len++; nElem -= (size_t)(u - t); t = u; } return len; } len = 0; while (*s) { s = utf16DecodeRune(s, nElem, &rune); len++; } return len; } size_t utf16UTF8Count(const uint16_t *s, size_t nElem) { size_t len; uint32_t rune; char encoded[4]; if (nElem != 0) { const uint16_t *t, *u; len = 0; t = s; while (nElem != 0) { u = utf16DecodeRune(t, nElem, &rune); len += utf8EncodeRune(rune, encoded); nElem -= (size_t)(u - t); t = u; } return len; } len = 0; while (*s) { s = utf16DecodeRune(s, nElem, &rune); len += utf8EncodeRune(rune, encoded); } return len; } osslsigncode-2.9/utf.h000066400000000000000000000043111464004761700150370ustar00rootroot00000000000000// utf by pietro gagliardi (andlabs) — https://github.com/andlabs/utf/ // 10 november 2016 #ifdef __cplusplus extern "C" { #endif #include #include // if nElem == 0, assume the buffer has no upper limit and is '\0' terminated // otherwise, assume buffer is NOT '\0' terminated but is bounded by nElem *elements* extern size_t utf8EncodeRune(uint32_t rune, char *encoded); extern const char *utf8DecodeRune(const char *s, size_t nElem, uint32_t *rune); extern size_t utf16EncodeRune(uint32_t rune, uint16_t *encoded); extern const uint16_t *utf16DecodeRune(const uint16_t *s, size_t nElem, uint32_t *rune); extern size_t utf8RuneCount(const char *s, size_t nElem); extern size_t utf8UTF16Count(const char *s, size_t nElem); extern size_t utf16RuneCount(const uint16_t *s, size_t nElem); extern size_t utf16UTF8Count(const uint16_t *s, size_t nElem); #ifdef __cplusplus } // Provide overloads on Windows for using these functions with wchar_t and WCHAR when wchar_t is a keyword in C++ mode (the default). // Otherwise, you'd need to cast to pass a wchar_t pointer, WCHAR pointer, or equivalent to these functions. // We use __wchar_t to be independent of the setting; see https://blogs.msdn.microsoft.com/oldnewthing/20161201-00/?p=94836 (ironically posted one day after I initially wrote this code!). // TODO check this on MinGW-w64 // TODO check this under /Wall // TODO C-style casts enough? or will that fail in /Wall? // TODO same for UniChar/unichar on Mac? if both are unsigned then we have nothing to worry about #if defined(_MSC_VER) inline size_t utf16EncodeRune(uint32_t rune, __wchar_t *encoded) { return utf16EncodeRune(rune, reinterpret_cast(encoded)); } inline const __wchar_t *utf16DecodeRune(const __wchar_t *s, size_t nElem, uint32_t *rune) { const uint16_t *ret; ret = utf16DecodeRune(reinterpret_cast(s), nElem, rune); return reinterpret_cast(ret); } inline size_t utf16RuneCount(const __wchar_t *s, size_t nElem) { return utf16RuneCount(reinterpret_cast(s), nElem); } inline size_t utf16UTF8Count(const __wchar_t *s, size_t nElem) { return utf16UTF8Count(reinterpret_cast(s), nElem); } #endif #endif osslsigncode-2.9/vcpkg.json000066400000000000000000000002771464004761700161040ustar00rootroot00000000000000{ "name": "osslsigncode", "version-string": "2.4", "dependencies": [ "openssl", "zlib" ], "builtin-baseline": "9edb1b8e590cc086563301d735cae4b6e732d2d2" }