From 7ca0d6eeda3be23506678eb7747b4bf0b7c62b41 Mon Sep 17 00:00:00 2001
From: Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com>
Date: Tue, 19 Jan 2021 13:04:48 +0100
Subject: [PATCH] Add handling of individual artifact signature in manifest
 file.

Signed-off-by: Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com>
Issue-ID: SDC-3397
Change-Id: I0082571a874721998a07aef3ea845de76483d9c7
---
 .../pmdictionary/CsarValidationTest.java           |  44 ++++-
 ...WithIndividualSignatureCompliantWithSOL004.csar | Bin 0 -> 103593 bytes
 ...WithIndividualSignatureCompliantWithSOL004.csar | Bin 0 -> 103607 bytes
 .../org/openecomp/sdc/common/errors/Messages.java  |   3 +
 .../sdc/tosca/csar/AbstractOnboardingManifest.java |   2 +
 .../sdc/tosca/csar/ManifestTokenType.java          |   5 +-
 .../sdc/tosca/csar/SOL004ManifestOnboarding.java   |  52 +++++-
 .../openecomp/sdc/tosca/csar/SignatureData.java    |  35 ++++
 .../tosca/csar/SOL004ManifestOnboardingTest.java   | 206 +++++++++++++++------
 .../signedWithEmptyIndividualCertificate.mf        |  29 +++
 .../signedWithEmptyIndividualSignature.mf          |  28 +++
 .../signedWithIndividualCertificateNoSignature.mf  |  28 +++
 .../signedWithIndividualSignature.mf               |  29 +++
 .../signedWithIndividualSignatureAndHash.mf        |  31 ++++
 .../signedWithIndividualSignatureCommonCert.mf     |  28 +++
 .../unsignedWithIndividualSignature.mf             |  15 ++
 16 files changed, 470 insertions(+), 65 deletions(-)
 create mode 100644 integration-tests/src/test/resources/Files/PNFs/validation/individualSignature/invalidPnfWithIndividualSignatureCompliantWithSOL004.csar
 create mode 100644 integration-tests/src/test/resources/Files/PNFs/validation/individualSignature/validPnfWithIndividualSignatureCompliantWithSOL004.csar
 create mode 100644 openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SignatureData.java
 create mode 100644 openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualCertificate.mf
 create mode 100644 openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualSignature.mf
 create mode 100644 openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithIndividualCertificateNoSignature.mf
 create mode 100644 openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignature.mf
 create mode 100644 openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureAndHash.mf
 create mode 100644 openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureCommonCert.mf
 create mode 100644 openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/unsignedWithIndividualSignature.mf

diff --git a/integration-tests/src/test/java/org/onap/sdc/backend/ci/tests/validation/pmdictionary/CsarValidationTest.java b/integration-tests/src/test/java/org/onap/sdc/backend/ci/tests/validation/pmdictionary/CsarValidationTest.java
index e12e058d6c..2390de4780 100644
--- a/integration-tests/src/test/java/org/onap/sdc/backend/ci/tests/validation/pmdictionary/CsarValidationTest.java
+++ b/integration-tests/src/test/java/org/onap/sdc/backend/ci/tests/validation/pmdictionary/CsarValidationTest.java
@@ -3,6 +3,7 @@
  * SDC
  * ================================================================================
  * Copyright (C) 2020 Nokia. All rights reserved.
+ * Modification Copyright (C) 2021 Nokia.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,6 +30,7 @@ import org.openecomp.sdc.vendorsoftwareproduct.impl.orchestration.csar.validatio
 import java.io.IOException;
 import java.util.List;
 import java.util.Map;
+import java.util.stream.Collectors;
 
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.*;
@@ -59,12 +61,48 @@ class CsarValidationTest {
 
         //then
         assertThat(errorList, is(not(empty())));
-        assertThat(getActualErrorMessage(errorList), is(equalTo(expectedErrorMessage)));
+        assertThat(getActualErrorMessages(errorList).get(0), is(equalTo(expectedErrorMessage)));
         assertThat(getActualErrorLevel(errorList), is(ErrorLevel.ERROR));
     }
 
-    private String getActualErrorMessage(List<ErrorMessage> errorList) {
-        return errorList.get(0).getMessage();
+    @Test
+    void shouldNotReturnErrors_whenPnfCsarContainsIndividualSignatureInManifest() throws OnboardPackageException, IOException {
+        //given
+        FileContentHandler pnfFileContent = CsarLoader.load(
+            "validPnfWithIndividualSignatureCompliantWithSOL004.csar",
+            "/Files/PNFs/validation/individualSignature/validPnfWithIndividualSignatureCompliantWithSOL004.csar"
+        );
+
+        //when
+        Map<String, List<ErrorMessage>> errorsMap = ValidatorFactory.getValidator(pnfFileContent).validateContent(pnfFileContent);
+
+        //then
+        assertThat(errorsMap, is(anEmptyMap()));
+    }
+
+    @Test
+    void shouldReturnErrors_whenPnfCsarContainsIndividualCertificateWithNoSignatureInManifest() throws OnboardPackageException, IOException {
+        //given
+        List<String> expectedErrorMessage = List.of("Expected 'Signature' entry before 'Certificate' entry;\nAt line 9: 'Certificate: Definitions/pnf_main_descriptor.cert'.");
+        FileContentHandler pnfFileContent = CsarLoader.load(
+            "invalidPnfWithIndividualSignatureCompliantWithSOL004.csar",
+            "/Files/PNFs/validation/individualSignature/invalidPnfWithIndividualSignatureCompliantWithSOL004.csar"
+        );
+
+        //when
+        Map<String, List<ErrorMessage>> errorsMap = ValidatorFactory.getValidator(pnfFileContent).validateContent(pnfFileContent);
+        List<ErrorMessage> errorList = errorsMap.get("uploadFile");
+
+        //then
+        assertThat(getActualErrorMessages(errorList), containsInAnyOrder(expectedErrorMessage.toArray()));
+        assertThat(getActualErrorLevel(errorList), is(ErrorLevel.ERROR));
+    }
+
+
+    private List<String> getActualErrorMessages(List<ErrorMessage> errorList) {
+        return errorList.stream()
+            .map((ErrorMessage::getMessage))
+            .collect(Collectors.toUnmodifiableList());
     }
 
     private ErrorLevel getActualErrorLevel(List<ErrorMessage> errorList) {
diff --git a/integration-tests/src/test/resources/Files/PNFs/validation/individualSignature/invalidPnfWithIndividualSignatureCompliantWithSOL004.csar b/integration-tests/src/test/resources/Files/PNFs/validation/individualSignature/invalidPnfWithIndividualSignatureCompliantWithSOL004.csar
new file mode 100644
index 0000000000000000000000000000000000000000..7b491573d261979d6a7a3f947a88d71bb68a5ee5
GIT binary patch
literal 103593
zcmeHw33y~xm48^p2#CPoFe*H{ak?8i>7-X^95G!<H?ceEkfeKn7K@ixuacr`>v~mL
zKxDuLK~WaLaRdbPFAO4z4#*-3DmbXfAn1U&A)<gNxPlx0f9Krg-S_If+L8vGuleXC
z_3GVw&pr3tbI*Q<*6*_G{%!Q%K2xU-@gMTXp7`DCrZf3WIaA1cONQ`fJAX%S=5O%+
z^P0oj+UQ?*=uNlmWs>>yWYQ~SySloQ#e6!IT$)^w>`s<vimul=W9PEvg6G)Dls`an
z(k*!yX|*N3@-n$%)=kp8Xt=aJ<$6vjQzT$kTYaM={np^x&DO}q4Hm|*Xbg*cw~Rh5
z*{8L%b46!&dpo);l*-=fcFXFp!eCBDf!W@kvdgxBo0>6fo%Bph1=H-@u(T(YD!HE5
zi^uem1sF=1NjH^DmkK#KA*0c7p-`5u8FT98368m*Ri1FIOg>#G<!qX+h5zZ%Ku^N5
z#Yps0!5VWd+w(Hxc^7jpShnR9@_E<cHpN0FU+&~lilsu)EtNAaPn^KZ*-ldSloUPW
z+<aMpPT$kqR$F6*Le{nO+y^}ktiVXobuwx6X=Tz3o$OCSMEzMAF%_Vu2nx!KWwM#_
zj8#Zu{JcHx@;i1uWfe-!gzJ?{Vz%i@UQD4-vhsy;r`4afGTfQxmT8`&rHZ>)J|es{
z)>{w?J*kqrt&%CZDXbE@ZO8M-C0;fsOFUF6OlE+_!0Os#g-Y4lV9&TEYnhdGC*7=C
z=1hLv@_?Hh78-ae+9f;Zma$JPyI9O-9D6M5ij_|c#VmEExMQV>cr7cm(&Aw{TL9JN
z$CHF7klmzR1}$jnXk{a)F0K9{wRqSFx^uOg6aHQuqP>b;K;*86js(|OO$JTBEda$H
z!d&#jz=maB4$@Qmlv;FJqu4*@6U&<@RI({%Em^@?rZVM;zz(ODmRBhfF9qiro8fP>
zM8HY#nsUJ@WIfC0I<(_ypMrdeD{RiE`=-l@q6X8SY1+<uu6_<~Moa;?(Ts~0t;3qM
zvzb&9KPzBq))p&MoLmluP@G(8ohV!9E4eX%Q%Li|3Z@xeR&?x+yCpqd09^w(_;Qt;
zB|4%hU^ykGs<^N2qUouOmt0U>DOsMdajbR4@t-;2KE3*YF%K8PerSE<?B;;!$e#Gv
z3}d}Ejna9jjzFd}NjtJfVs`aUJ*H|<PnpO~Q0s)9&9+L^;Mz>nilq4nBZP&I+Xyn?
zLq)I}i{5XHppEmH=vr}bP2Jh0>QRzJkuZuQPcTzR(SQa>UY|}hH<LtWDSy!Pqc=u&
zS@ZKSPvX|*QDY;E!?b~Q6`Ts=N8vhAR3tN35+R-b5Y!4z2HZkORp76JDw*+u!P;d=
zfQcci;xT_3cd?8mi@A4!|I{t0x9}Xz1!uJ4?U2-{0Z1i-%sxzip)KyOePA~PXm4ZQ
zRmX(j>*|vPW5x;&>8bCf;6pUl@b+TN<lXXO3o3@U*eawdOZoher^sTf=(&|tp<@b?
zq26?gsYUI$Y{v6X?!d%`qC`Hqp=6I$#|cp(?LlL1;AEwlB+G)vc2|;m6cP6LI!WBA
zvZ3Ix$lVWJL#$ydddsj|glr7}J!{-8jF;@<1SHd}Nl;4W$;tt(DUc=(9BXKBEoliU
zx0o%=xT!dO#VJ&H{!Ss~MiZMg-zrZPI<jsVr>WIHve8=By>cZ;f*ay@%9kqw>ywCj
zBa&jB%w)z_o7^nxFJWi`gwXt=C1?z}a(!ZiXdWlO^e{8%v>u(=L@^AbI>;rK>3Jlc
zqxf<hN2`WwP6)=%TN079pP|6gIF=?8+p|2WXQn_;R)62<T5EW1!dkv+)k<qiclU|0
z6eD!@@bU=G1Y$ua)JHUO9eb2ST#OD5SoLZ&ao9p0ZFRuSB+Q0J6mtu%l2B3|yJ!n-
zI&7KH-#|0(B;&;9OsQP4vl}w`t)wl+uUeqxpxQ5iz0v~(B?X0(ki+LqChue`c!g;%
zG?Jw|oWatiz!JpCg<}fZyn~g8Ajeh;sY8%KsI%l|nI(A>nPSxhywL&#3I7F#q`lpI
z6vl`7T~vSZ_z1S_b&GC3<!uz!kN{Q;{)b7aLz3(^W*3-kdCGN#C1*3(9@IVBmH0Jc
z7X|eX!UzIn434n2Kj;}4^)c@;%?cH$Y?pA%%Q-_466b(Md<+fXL~Eyo4C9KP2^=Mg
z@put$MVqi954(~(ZkJMuLlr9}@GE`Ths6+{T(#&CI{d@CEWmXGi_@P16Bc%=DI7}^
zB*P1_iP@#EgEJ)x*$IX>k|o%ZHc1vM3A4a_#D1hl^j~d$ACih<<&`K6w>62S1pD1;
zYyKdNM#Md}(X@YUPgi%hHQCj<s&m<D%P9`yMa>Fnd#|=a(8eK^ut>uwag1yNG?v6}
z*`0=AL#Y2y<<n_!ci2a!U<;swI!~4`!92uPkS2n`5e<#cZCf-BlwfRK46~Y@){>k#
z89h+_X>019sKDgd0nI(d2Dk`SsSzqCiiw_`qS405T!R(?OFb!5kvbR_Z-Ry1BCLv6
zwy|-@8fK9Z8;b-vE#dDMVYBL$M)`toMe(N;koIfujVJ*&s71+jLZA7q$s9OU7&$eq
z)sgrSmJf)cAl4F7A+)EsnHNb;1+k7202TpYEj*%YX=nGb#KKv@TBK<ygabSm6ZAPO
zSbxJT7UU4p#1sJ+O34f?*Yg=_kRxq1_O@hF8WxkT@#eZs{k{6T5S&DjmZj|PaL)MN
z3Ejl(PCtz72Vj%2yA)oi5NC;Ot9(IvgvN(eP!n$QlXfWsI*!IthyK1}Hu%bey|yw(
zQ&~zXkryy4U5wU3Ogn0Kn7W(Bl8;NDS;}YRY|&;^m{5gSn9M>h^nu5jq$Nw`w$e{x
zqzOGZaWh{wQ_an1Q39CJyx=&M5=_L7u<CX#wz`>R&$plvu@@3rr8ylKtEE|weSTn7
z@-!jAN-7SHFF9EYS-mAmM6fiLI0Jif5e|NUK>jKru@p!elgP3NStRR1gw4Ac4Qje%
zp7iICv}=35x^46=zpS_ENo1F%aYe}N@T8s$&n9hjHJ(rtOuVQCg^zQZPFXvfeCe!r
zd$9n|)l69U<fn?nMqE$=B(HU)LZvudsin5)cF_{)DCCo>-h>82P8pnd1dMp#tC}Re
z!1wA*5Us!>4J2l4i{wK31`k0ZXq`_j!6R3EQsPayu!N~=GUK6LwV@5|$lw9Tx}aB<
z%GQmLH@gFZnMIP>mUzY1qzb)vBDtgargaR7EZ96!WHG)|;+ZFLZjBSttrD;vrGWa3
z1rA}D$JkY?2u?Aq5Q{fPTg|q4-H<k{kjn|N5g^d1%f3z+heA!U1s2GqSU_j+0<jPa
zsENOn_Bb3!9^3%vU+HE*d}0WG<xaPAvC&5k&TeU2wVka94<LaaD-RkV!|Gy!6q2qU
zr}}-ef?4Fv1#Hx$9s*-^fCwL#AiBkh+?1n>-12F=k}a=RbSbHVr5fI4&8$wpp{YYX
zSIUxOmr5C+t$>4>QP~H4mS92^X4$!%XSFZSoFcxJ^HZ>GkJ-UPz#3<#HRP6Z8K^2L
zayr7@2qd$~1DhXup+b+bor%u+dj@;_FQNa!I$WB;(sho5h>4Om_2Nf=VgNtgvNMP1
zn<x|uMd&*jCs)MJar!wvPJc39J$zMm@X;B=UoL+^KgP!L$&%whu+A^G@{`46CIcgQ
z1>eBJP=Sfu&Ece5Y)!M(+?lWocveZ_`&?yuv6XW2N$dtZo1g)Ur5wHLLF~dOA+mR?
zKVWGmWh{vY{2QN3^cn;b`so#t<>GPx;g-j;fH9YLlX(x{<ggPV$mQ{8%AqMND>`^T
zRV-mFYMSC+@Hy$^=ySPv_~CdVi+}J8FSfi?2~X+oBsg4|LP+TEbjcpapZsOXo5U;N
z=jhEtzhikDQ>W4G3A~fcXX$TmDpSN8d7Jvn6<~<Nr?U8JYX;A_U%3J_M81&BPh&3p
z9LobdIcWmXv&%_$x@d1*Y;7&g6w8II4J4N)Q}ixPk6z$4!D#|eGDT++ZHsx}+$m0s
zfhBopP$a0wN=f~;SIH;y=wxb4w8n2a4B?kRoMaR+!*!G5!z4~5Kvw2uD3-B=c`uD+
zNM?vaQuL$jq=ApjI8D6Z71R8USEK_nSt59|0w>gkJ>9u<1%XV%<ubHl9w>|u$gGJT
zL)NqLYn*|}q?vZ|c_O_GhKKA9cs!?wpWA54_7Y4M?ohIM;|n4M`qSQ)EV?e1D^r{X
zfr$B)2*%<#y2&mja8fCB0DYDk@(=pHQpQ*wcZL^>^c<%)hD+mQL+4DAPKgQK^PEC4
z=iqUsNQCJTSeP6hcn-BpWBx=yNq4CWoaGDD1(OFP8Qv|Bwu$V>>7?MqsZ4$-SUb_p
zL?#D1onnG36($^QurN3vcCTW9FtsF0c7EJV<}&#(8>|`J;B$Gj<S+-e+sIf4DMWME
zLfXZN%Hj~%pp5p2II1~N%NBf+&S0tk!Esr}8AV}g9py|8^Jh~6vs3gsLuOz)R!W%^
zY<2W9G;Ds;8nZn*a}WSWrwuwGFA+zLnbIzu{a{XDu^cKg3ucOq&%qc_9T62~XDJ|q
zv@r2s2l$oeCH*f~u2`{bg?>RF!>SFTRIQIa-Rk<-(>vBj;eT${$6q#KKIagkD*KGo
z*RTbHfv;b@ap=C|=Izu*|LO(4Mn;tKNOKqXN@KA4B9#gets4$}C7*Rz<DzGzI0&tL
zM-VG(2*PPjngaOMjv&^kIOU<Jh=v_OtaJ>$;Ni-GGpdNw9YL&6-^n?>BZyU`N$dz>
zokirl^qVzpLh03EwsfK}J;EGho-QyJ?+9XrUe<i@=Z+v&6-u|=gIHzo$sod33Z<?6
zWC=~%jyo*!Wej&xD=~xq9tmo4(Eqfz1&T3^42zo_npG`ml_6(n1OB&w0b0v1w#ANo
z-zrW$X)C`0SUr`}>|X1G^=<O;fEXPr^L!KF$kdD^YzvU_3#FN`?pf1S?%M{GXFOfW
zrZZVMzhsP|*0o8?*MnFKM~64{En@t66$ef{4-G9^Es@s+`3UpMlsIN$;o6=JBYlga
zFl&SjND_dtM3O+#K!f&XDz8J%R;CfMm-xPG_8U}DQ^1qhY4u<x9EK%)7t+lKyFwXO
z1yCjBo`H>Tb!R$+>7r<7kcY+2Krxs~TbMw!(-cx&tRlRjl*FgJ5spPx%^*$388zx4
zrm0w?Ji=Bpg_@{~_ArlA9Pc1JkG)V8HDL!(TXNHg<RzD_wGhF!$k;^m2%U8ZrQpzW
zvXf^E+>`Lc_Al8OK)tn){Avm@DHj2tq7PVt$UHP*Pr5iRVH$GSJOe)v1v5%&L?js^
ziI6h_gD#Bo9y%h*vr99UM?uu+ME$NBIN->o0~tAzP6dkwqZ8WEECP^=)I1rvX!w$J
zf|QzsCfDFZqngz65dq^->yj`+(?%&)i&v%<F6`4SWF6&T2g&=9Z-H<k@@YvwGOYj)
zTg{H=B2<r1kDf)KUSLpb9C@{H2{L~nulqtaCIj=ru39IUe^KWs$z+A1@bCD8ND0lD
zp8p*}p`5KU*1*nA*)txAZ-9@&TcleOF>SC=^4xVpVvcOyls=;r1!Qx$8^ylkpAJzl
zxtcuSLD<}zH<z4%)J4No>YoerMYYedDb#9XHO2QOWqhAMLjB{=2-T$ZH^T(gA!yR3
z=0_5Fh=VeH)3Fn+o+eH<vPzd+vdz2R1ZEPm^@bt*aEz`Wkdp8NX69fY(p*Fku(>1k
z5PY~IXhCtRlC`;aQ_McpU6GV6H+ND8^UNfh6`PFZv6-*cgOe5!;MJkuxfWJvR6TXd
zgwTA=$6`Qiq0=WyUa12&94CCDG8SS`+*lM_;5;?3OfymL8QGKC2X!VG1-iL6kgtPN
z8%ggkzzp<Q+9WMm?JVaYL*F4?l89wP0s+ra>G5H<6Dt`S=+?~GmnYyg<gkB^>JV|t
zb)aT-KMMVZP}`vF7Q=$1S~lS3v|!)L(J!~12zOCamvVYKD7J6}A4DP?w(@ucm!#2&
z8uj7Ko>&NBXzLX!B}c@QSBnR-3xo^gl3wPN>c~lmoOY?Bg0dr>^gVMoI-UaCq$fvd
zTLeH5q&lcK2PdDSR~gf4LQ;f+g-NGgD3e45!UlyK)9g}3mytsiaU`6x7=)LQTAY~i
zIAKm<RZyDJ9-^jXZsy5Ug^@{=39q%Gm=o5-u^UVOqu?<$^cApgwbo|$b+jdjXAP=L
zEex&cK>}2D>|?Xm$dn8$C;Z)Z(#?}X+FZ?terOfC{t5GGu^|wRsxlmfjn65J=MlLf
zNL3t7&?4wFb_OXbOPFx{cJ)@<hy)NsP@7F8iWNc7t?-BuQR1OR9+4Q@M41Gw@Cc_^
zN!q9hgJ=n-Tq#xah#F-sFf3$izpdcNR^PNu<%B?**r(G+Ak3m?c%Tj~fjo5FEI<l#
z2Ga6k%SQ}y{Rxvn0kFCWL@}~?2ZbbYWCB!HE)zjp+fuwQN%(R=c}66+6t@j#n&zV`
z@66~~2RN#76)65hc;r4Um~VV89KGulUnM~1fUok{wHPV~(#h?l53K;?XbrkGn5*j3
zTT-5&FxW`FD$G}DJ|^P}lfZ2FDgk8n-8xg1YCKs)h+$L5>O_xV?tw8iEkv(tgQ7|`
zH5M}n<I0bR@fBsx*eo&;62;1pXry5Z&?lW#<_gOZNS#F(T1C~4f-p~XA>YhU{1AnR
znSx0?i^a$dLHI(mRAWZGy3uoQh0{trF$a;owjc*B@NLEfs*I^8#foTA_AA1-<#%L6
zE8APKP$H@pu+M{;1@^aj<VT;Ent^(X4~Qv)-49`4#7Xs2USj{u3~^a3xZM28dZ+h3
z83<FTTL!a@3S`^dKhOyy5+ZX~TO$Lb*1{3QTV;{_<`ycRHGn@e9iz-KK+lT;J9beJ
zIt4$WzyJ<I(&iG{vXBa3y(-9zSW)O9Y8f~He}Uc%aT_%D$N**oMUn(~P-z5ewYes4
z?C{==&#@g+0U<PVdW{x@!1si`LJCD-PjW0Ki}+Pi9J=n@8xr;6Hg!JjBoyy}0EkHh
z{7S6|Oud}dA><{^m#9RWuLconYzz6{37*}2<12;m`G(aZiSRB5@vf4`p)abi6#&#i
zQlFCZBe@rPFw9j(SN@bGrm3R<)9ux+Y}1gUy5Ks4w99EaY->0Ak!ErvN>cW93Ypc?
zVs8!5qZw2I>qn}a?;kSSM$`Iyz{XV-S)>z^9HN>bA`0ac@>mI#T%_hnXz_uriAUk6
z$ROW?q$WKIW$|dBTE;ATXtizY#|)5Lcg@9Q!JWX0-CPlA?i6k-p3<T+vT4mIPEev;
zJm(r+^o@^S{}>LDJGHRcXrE^?>5Mb2ZcbG|kMJ|jwLim8=%tbjJedGcsY+);N(iW&
z#3_VOUxjw(01G<iIGwd8Vc8JkL-j5sgP;hY=Bjg?Kn)E~?P|3}YibQj2p9bjuMp6q
zANoN2mG_zsjOI{kpiWPLeOg#lun3vAf+NSBCZ;TAZQ70p*T&9|L^^*P2CP@HCyr85
z{0M0k3Z1j3XO9~h3H^TuH*u^XJL`=Q$+zomgbh^vB252OsicWLfOQ_rAP}GOL2B5e
zqBtVC6xWEh!$wodfkOw=NYMHsNka~;2$xM^lI%BckXuRCGzf`cv||MKiP8=X@~2(?
zV$4vcX}kb4+*YXKSy9V%Y{9o?1Z0Nb(i~eD2`&fN804SXtVTddH`3U3?a|1Zi1FfU
z5MYpja620(g%VrgDBK!FA0|ZgROTpLZWgnk9e}OR!*j$%9D|5{y>)RxtRKa%6i|jw
zV?cPb1EmL1gE#^|<de^9;hwP6I4j}(jZQ-{tsg7VT&=+XDH`4#nwUI6)eOi?EmxK>
zKikLxO6!(l1GuP6lfqf4gDE(WRLT1@QFLVRnI_!Vt$FDYeW?%;xnH8_bi>jilRQaA
zp#K6m5ALQ7OCt#;u%WCGRmDNp5!7K4M#A<6sxGWX_d|Zb)Kz6M+cF0us@2sY>@ks;
z4f&}w1)ES5?#(@nvZT%9W|@MHx30iUZQLx2z>Ua_6C0fCO>|mwhaY3W7V#6qk%ELV
z7mUbUOM?^7hSP{u$HInK%`5^TNFY~1UmQH@vn`=i@^Tt;sYiLTv!-LtgS$?F#Of@G
z{Z(L$0`LYhFzbQa1eb#Lgb=MsPH>)_=3mekd@B^5Bq2B=)tjq?ht;N<A*=rERmduo
z9_itRtkE-w;2za8ihV?3L}l-2ano0ROwK?XT2@;yALq)=d53&}iGrXVagHYgnad#c
z42mi_z^#P?qnj4Vg^GfD7VD#wHRVx?+t~rOHYYpV;6i`*JKLX2y`@0fdJEw|KA|Aq
zKM({2jb(!|y1${Nl;e-5MGpT!Bo!Ve0g7wU!K;ED$kr_S=|d2wEZZL9r5Pn#nFl+E
z`$nOqH8BUp6P8o%y;0;JhWvWf#cIeViT>VUYhfY_o=u6}@H8MuqocQwqk!*WRES`M
zKO-cBYz`=Ik$oDIr^4<!U;u6x+?o((dyQ%>en0TO(CrJntT6eb8Y3O`s9hSozrg1v
z1`*9>UM4$iMF;9H_GnxTVG5EFkHeIJh+AYfhEWrU<ftiV$vzAO7)QW%n0{))K@o^n
z!b-F-tIo0BV-QEbuvfZljw!&5mk5~OmC%Wjja06PLs{r7OCjn6rdSkj)W`pJm?;-D
zffbm_VMP{YY;2MGhp?$-H(Xk=(;5(w(^VQlfJ<eHo5h_`rb6IZ^9ZbYO!x6Bz}(R~
zF;g7fFzg!JH!7Uk%i1<-gb;a5uIwOxoQn*Z-~;AFvGK>@P15>#>>n%$=A{}U#KFy+
zGTwjH!ZNcI&NGg_Q>E5|(;4LtLD3lqqi35VRA&-|P<4fzhfvkQfvGlI0r^9)7m1-@
zo=^@TS&@|Lou^9H7=^x|Y-Kh}-SccB#5jZTf*WqHDd05OzB7oC)B4%pK*mi7j~nO?
zsn%(uS9|?vQBai|9!!z@Ld?XqQAOGI$nS<lL!JyAx!C_yF_9x~l($E;!1Ccs4hZFM
zvEsfR8tjSADPHVqBQr}KaAPRhLK^<r0ixX^F=T2U`<fPHOjM2FvHDf=cviYcUr8{i
zixGyDwdy*alwmfXQpi?I1or!7T1|*8qojB>%7aT1wFIp0`Di9}g5mBIi^;J0!l2@@
z@*X#``0MCknhV6BC@F5X2mT1r6}f<Gcmy}hj*$JZ6vCn+Ow(P)q$i9Df?kQ@qdZJt
zR)Ruf2u`$V-Sao7;{`Qo6WvF7`w-%#q4AG*vB0${vxd5^)IrmCht8s`fN(BvaB>@A
zMPX*+1q71TxsE~eX4V;|iUXEIyePON?K(3K_z@!h)eVAV&k>Nstc|}Dsv=2a=GU*e
zsjKH1n5M>aVA}>>F>mV=LKsdzzh7XnD)zy2xtiOHIZ9amjRBpv)tmy&JvI$)vRp_q
zO*RAfXn}Y9b^%}Z-7wNo<d90MNw0r{vq*5GwIWhrPNyNj!7}L11+_Iip9vQQ%{1ML
zvoMB+j=`&Q3Ose#3<XiPL?#dUxIutN)%$Y_weGbU&<o6s8U<XyJGV?m_Sp>3lGafz
znqtkg$Erc>3!<kx9gVhgx)K6DjDSf62WfZ{#2;n`Q;r5&prMt3z><G8R^UwIyV}w?
z%S4tr>d>pS5uEuXf*3Fb)-gVODxa>w`CFes+^Jl51~I2bghnYu%;eY%EC?lBN&^;}
zgbtX5eX^L8l4z6pIU^|EhO0!$kqB&-a1_I+P62DumW~WFWNwi9LYFJEx+w)e0vm6R
zU~JDn!IcV9Jt;D~Xc&dp7f&Fz)fbsVo`iS;<xy)MjjgY5%M_|m5q+#yFSA|Z*cGH^
z$;?d_4!k*9U{5R?)ddJfR_mNl#Fs0DV_xi{>Ekh^*u}3+{89NLtV#4STfG*JO?N~J
z0Lf7;gn=5iW_{Q1JZ?JA*coh)^Fx7r#F+wYJ%g~c8pWeoAH^>j4y_>qe`d0&Ml;2V
z;W|WztbEC`6j7jzC#eiB{0rd)AOcmXuk?zh#(<KcVnk&phIden#mS~5K9S;&1BK(w
zrP)PCN1M8aVZ5M7O%(Mn<PbcEEQ##_zw~w*qgcVY2$Kd_GmJ%a&j!py&;r%$vbe25
ziF=``iOCufuIvD>U?Qjx?3TEa59AwB5`aoeSJ;%L9k93yobPK8FHph?csc&Z(sHQ}
z;_qZ0k)L5wpnC97?ob?=aIMt50?U9fIiO$`-Fc61arn>)<KebLdAU8Qf0(zO4bEPU
zD(u`C8zm*RjTEp;OS2}8@P3QmLSpB{h?*|~vy$)x#G6Jol85Ro+kFSoAak~L<^bZ^
z?-`y^kQ40KE^($u7H-Hk+4{bSwmq^8(xZ&$bc49EofC)PZ`lG8vk~}(XtPSqyn@jP
zJAR;yjIifNa24Zdm>cUMp%!x$IA{vJ)dy??ky}20G-hI+r+Utj-hs&GbVk-+30V5+
zV%{=hV=1!0%oLC8wMq1f07KT1QZDipYm0OKh|P;-n1~LfEye8^ilALn9lhVw0-MVs
zgGyCRJqf>v=!emsBmho{Q33J7z;A}1#B3qD4pKnnOTKdNV4~<6J>tZN#DFUfAS-D4
z2ten%Pw7-gMtPw!K7lM_GuAz#Gvc_^06So-NIIqAC|!cS>FWR%QG<#=3_c&_+En&9
ztn?Jjz_+wHbTg@F)iYSHkYY>3Mc1>usHoygJFy6Ckb>+(VxUGJ*HYuFp&YI#DZf*%
z^Tn+!|8a6J%VvEYgh&ny=(8v+a1733X9DF0>uc-2>}BjU^71#~IYG|ETx<x+si=ya
zLrR68zC%K4wL>*#M<6g01sto2gc64{wGrGS%RZ_`HiU|3lwIp4J{vN)aRanTh8kSP
zVJSVc$oF&M5(UJm;ofar&PMWgm{#Xv1}D?yPjxRhZH73)lgJhjJHrmFF#KHBUE{6>
z|54}`XhG3RM6+>^y0MS=ApegAoT{6V|6?_7mG0{7!c~l&UGa7CgjrV9VL;T;P$<T_
z71OC7*bf+u3J<;%z*|~7bwTlBqZ{R_><X9yQ2_~8oX0{BCg6;~1G(q@{uKH%UXmJ$
z6TYP|E>!m+4V4m#k$lNPS(d1dyF|uiS+f2uvojj4LxHJoUj>Zi8NO17IGztB>7%3*
zDz7~qd<sLD72U3bTpX#T0t_4yvV}HN)}abHe?n7hQEaVDUoMKieD=kgejsgJVU|u9
z3Wp_x;*v^5DwJd%*q0~_g}2C9z(!z|5aj43;-kv%2&-k6^?J<5!Om8XrnBY=khncQ
zU)uL#oP9mIL}Eg1w7?dY(9J6QJ_d~<O0}iL`?^pA>=q|17Plpy^};68$I0U0#-zJ)
zorMe$T#v4h-1^*lbx;_1O9yGNsO#YH1+$1Hhw+Q}YtAj>f>D$U5aPH9tik(CL-T#I
zSNmr^-A~KS%`GJ~v6$71n;D#gvL}B#1-9lq{RYg}dMA?vE%C*Bk?Vs^(S>$|IKQj-
z%_Rv%R!E@oVzr7=&_?wqU4H}6`?JNwe6=hJ?dY^691qCl_0bZ<u=@VRMzEUic0sS2
zWDC1bQ{XJr037D67wm}Mx-HB^A)$4CGI#S(s~tCuL~+Q-T5TO-p98We>3IbQdIt`A
zDWHk8agj95E)2Q>n3OUS1IL9Un$t4GZHC}Mvc5SOCk{xd<icnKbA;(u;N9kPEVYUK
zRKw;nq<u~n(7^&bd83~#E&O}Ra3R4!Nq@@6)d@nnI!R(k^9D?*v9S2o@|R^$cx3K!
zyeAWsAcQm1ZG*#$me3C~htv+&6U7XS(<R;bNZ%WCt6g|1ieE!sp(Kf3^CAU*C4^E2
z)I~MjAZ|}k_b|)_0n3tjRPLM$`4T}_U60@snBb!UgRw5`T}_y>>KbmnP1UXfQnPxZ
zs@+Dtba1QyHVGH<s|mHLqDTZQyvnpcIZB;x@}Q*u#;)?HQJdB<t;jWG!z8lP_;P5{
zHi=;TIAXs59n%_kpE*5TY^xSR3(D+I)KV5G&<-@QD91;XVV5<3A^wxKMN_L<J>>(=
z^8$<OHN<)nh$a~IZD6&@zP1y8WU4=hh+WzMty8dIQe+f1_pdp1tZpG)=IdABTSZz6
zmCA=3Rw!8pu|lqbv3F$ShOVw|YqG2Jh|aFn);#|OLa;hnR?m}MtpSHafR7H+g+ic2
z4#*Dzrun4L1q^=NLaL}rg=%Fu*g&1FUL~i_78MdAmsI!~LOFH`*+v}=!RaBF#}J<*
z=LlLSk35bMXbbS5H#7JsXjiu<Z3FE?E(7ChfTG^Pnomt+;PwxJi!F(@XD@&4m8oH^
z#8DZjxM*+1?b0Y?$v0W!f^O&rNcKXm65Ul@n8bbFg~_zefQMyhYm1nmrfPy%{;EBI
z$<bz)Xkr3E;uVEOWM_z3aeLk_+iUK)b{uzjJB6vGaBtXCC<KrKS|%rOM>&4rX70&c
zYO6*C1<nvmRTN>Eq^UMM_HZqmG!Y59;us5_BDXO(Hesasy-CpFqJcRCZn$SaS#Rhd
zX#y<MnoF~r1E3g5tuPT0^#XcIdNc4#RwJlJ;+1wV3QE;oS)wcL+8{Cx?%W894Io8@
zuBl4i$cv@36_!mn3k!V3uVH%-YH_^$7=ly!8)cs`_4<8EYxD#vN|q);{-s4MzhH3K
z71RNYjoH*}W*J8(%F3*vbjcCi3peZIcyn}z1|t@!nTS21!Au&59HtZ~kp!ruJG`XQ
z1;MMsGUsB;MZzGQvxvMRi3kiqa4!;vJXOw#(t(ks2w_N$%tYd!?P`}0sZ+|9d`msn
zr(cNOXi^KD@gu~DuwOJS_`~YC=$4TOA>H60L8w_Zuco|QLtKqQzmk&ycq?ME5jIR)
zvVp;4Wac>%I)#K%O0{~QgHF7cNstO<(r01~_YU+#ETYM2s!GG){U~)#Zkml_CnFMY
zWDd7sRgcC#EbwS*JIujGWMowDC=QL8i(NG!Bi__$q;}USjqR?Q3bkB;wGa#E691w8
z4D6FEy!~;%UAS3;_%>7*nyi!nw0)?Gv(^v=NNPjb2HZ}?I)st{Kx@KWCcM0ZYeyDa
ziT<@Ciz2oqLsNVEA<{<0D{;V`fUp&(Pp@{2s8Ak5!o(?6EM{@L4;}i_jwDH01Oa9I
zj8M!M6{q!)$5&CJwst-(>6Ji^*>-Z|nx{t;FEX$&T({<`1Vg|bIad;=VVw5oM8*eU
zyTLcA35Tn(j0;6YI_D{lt=Walr$q=c2JyXtL!mpsT3OM4tXiWrv3VZSEJ3PNz{0MR
zPsjqycSb_!0bO(G5+!}{EvAhmH3xiWag>eRxccd*trNO&=9|_RVd}1x%qE}$A<NX&
zP|9jkbAt;dQ8&x*MVlj_!!%6*Tbt`Z0oC6MB@mRR=ho*Glfs9sDLE0}lA^?J$OgiW
z2)%_32Dn*|3}K~=6UEFx??QyDmIazMmW7IMP;+Hl%4vM~nMZN#LWqI}^tc_3pce@A
zgFb87wnA#2(V0XAOgd(!S>NbLzqM|}8eF@%qknCW)wOh0lwfO|l1-SACi!-jiU$n}
zQ$cd%WIhdpiSe}P+FR9AVbM=kzaIF)Y(b`xi1&@h{@Y_SsO$|ZcL7F_aT+oSXEq>#
zb&I}1QqwrxSHW*&uwG;<`CUXiZ47b>S(!7F#5!aORX4TK8Da)1YQhMpY5p-y3X7S1
zBznzoJT0t<!aN9mEeB@PnMnZ#^NU*KpiTfQBnT~{IFt$-1^bktjqz;V*})IsP1(T@
z5O{`gOmpYI^!Nds*D?G+eG|nGLf-}Wf%t9*KXARye0s9e&<1v}g_jIlfT6NVUV;Tc
z+*c&a)fI5P4wC-i^5R=IqJ#!ge#QRSD34NOxjDp6eA_RNVDnogr0JT6g)#Q8aWQ(8
zJ3<;69e_g|L9Yhkp2Z{8GXx#m!`+)A<;DQp$x`;XwW_n5q_d#VLr+kOR0)<sRV)@t
zh=kTA*(fa-&*ZTS(9}FgbDqO8`2ul<h$4*FNyLJ0T`ZAqh&INzJ6MloJ^fT67tVCI
z7lD8oRjsxa72A-Zgl`8F0EwE)@Uj6xjzgi8*foNJNw;R%u3FWolrkt>lS2(cxX-HG
zIZ>96O{GjiH;9%Phg7VP-!rT6l}t7TE6t{ShV&!U>VqSLF1$9f<gA68hWi(ho{w-)
ze`>VxaGD7ma!p<i_NpgE>Ly7Q5E2>n6zd+)6G4O%@(~LtjRHQzD+pcyk(Yv2RoBW&
z#i>)+&U$e2w|fX|hheTBz_W8x1(v3DwKs~y#?;yk_lud+(q<9RFC23HeWPowVccc6
z?8qZlT3e1dQB1U&-aI&$a@EdOwravDEjTduJrnGiI*z6`(ItDqn2MQ|S|Fn+WE+Yk
zl1C<BDJWOvZ^cl3k9t2E4E=QkB)Wy~#WIzhqFtVdR<diNgpsYg4(M#uV+0&g7%>6C
zWt*icbO?37RY<tY7C=eE?@1@<+~P&`+7v)QaXpflo6RP}?Nnkr+dhf&X-bU%o1C|j
z0}0`%YAZ5@RPRKHBBjV$tFv2g-7S0&F4#R7VZAA65{}*-6R6!iw^Tqq&KY<lq|GgO
z)Z-k07elr%v*K7IUsLNuE6w)c{*c~9XKc<l{1?Ka&*9C1P=vt|t9NbC1_)<{N{WG?
z(#s+>{=j>2r-(5Q0#evd61@bPv;y2w8!1bQJOdpn$BUp`0SU`5vgS59YXS{8+0aNW
z<WxdZSZrK^9DG&wjZKT&lwo`mdzN+xPhD#u*hY1Q1q!DUk+Q8<&mEB0<M|P{VrId6
zGx>s3>}Aq`5P8F(GPA-5Xm3&XWr`Oytwo(Y##vm$sH@C<W_?{@sV0~CtmiMi<$quE
zZ&$IoeBBX??c#(|&xOH5Mh?gCbN}^TeOqfMM;r6T32YjF&l9x<gRi6x3Tj9psM;x`
z(iByM0&z>FS^G;kgbc@+3}A&h8KIx2kpE8}6bO%}0Ah3n=^wcSen0xoIU^uI=nqD1
zM}J2BkWX0$=ONhuG=Q61N~)G?l=2nVx*8k$P3C*DV{58V+KSxsDUofTLnShCAC>ZD
zlM1n9x?{%9iCa3@;}1Uo87Ju>^yPNPF4|*M`wI2`5CUf`uKosMw`tH?gN$!-lgF=f
zpe3b4R8PpSy2Bfr)|e6qgs=|}M79C~uyC`IOtfYFOX-(__}Kr28F~|$VikbiXhAs0
z<O`hj=hF@GJ6dt%@4Be#Mf@;TImY%9MQDsN-VH7NOr^k-Le{+|kTHykA=Sv}k#na@
ztp%S`2w=#Bg@Zx>I66Utf`oA$4kemJp{owEsM|<n)t@`*<rP)>H;TSBq(ni{bkM7V
zGH9x11MT0$GRghS@+d~cS2FaFaak>Fnwc%(lR8%W4uY~lB=cAVHpbglk?9+%vV~ce
z&(vw^snk)Ty&Q{%GV+dSP#5tQsibcXNSYXGVP<|$KCZ<*YXPYVT#+$L2Vb<5+{!eE
z)r9;gkc8$way-(-vBEV2WXu(84LYH7$RQ<h!DUM+R$-(@t(P?B4sZjFC~;z;R3HkR
zSUxc++7;cab4NZ!1RmuS@|<-?{+tYvMM3Elt8TEX0b-(9(cRX852;TJy+yNzk3)S`
zlx!H8@$uR{FhSFWEIK?_g_DtY+p`=T+>|p#`EQs<xm1{;PY?%jGAfui51<oy?|`1Q
zkIdQbQn~8ksBAq_DD6hAy9|uyyau+;vt_S7ca;&30)=(CYxKe5Qz3CzVcF-z1(S`K
zjFzt4kOQ~3n+I%II55A9I(*~74z`3Ki29}8#yq1jK%z!C3{1_&sVo3i2m6>?o^q*@
z3P6`9l2GYVl|<1$SOwn}nLo0yv5<El3yBS6;v`DmA!$jOW`dIl$pbh}U-;=u83t3P
zJp!#;k}I9>bAbgde$>PQ3RqA)e-jvpCfp|1UQRx+{!}hp3i(2^B<XfBlS#x*4tx;^
z&?fbOXiGL)>jxt<$+kjKa)%K?X{&vBgXu5i?#idLj?C1FVg|<R(HIpaat)sbojMfd
zNJbTzXgj)bB+=ss!h!7us$N16V?@JNvLP{GzGrwHtDL1>tB6lex$rjPH~K(9Bs)i8
zwnV7#8kNN-NO6vvf+JJgA>C=$!R3z7>6EfoHL}q2ed~xe^#?dfKSgljyr{tM1m@wm
znIaz=U@QH8STETbSlYq)BAGg+o<bZk994m$Lw?w(f6#Fq5Rlqx$yKPz3NsqPQtHIQ
z%5h2Vs#PaQQb4^@CX^{J{YXh4R(5pgfiOiXe?_W?>Xp3U#`lrpMI-YtmIVR<4r+y^
z$i*3RVdx56I>s=Vo#3RX*@c~k%g!)>3B41~V7h|%P_u1-HbzyG9W-G?M$83G=*4K9
zB6JfTUw=YkU?bF^-{;m`uM3xy`nA9tCkikj+u~YHqPTd!-${UNRFBd4T&vs0fZgEi
zWBL=<w1lrrirkigeZeRYQR2KaRGc^o**m!A+;Gj{+B8l&!FEhG!AA{}Ot6vJ4=jgn
z2{8$gR}VEuJcz&Nu9%7fVfez}u!ET9l$at{u4&SW?4>S&G)H#vV~AAqCJu38R(VUL
z9<jeGz@<sR+9BMvE~LukXq<>-1Ev?%xUnPLY)R!un>@0QL6aSF+#JhsTy(Z!p`PC6
zh396Ct-5Z*^?jRM^AV()?AY^jt<dpGG`{2cbzXMSu(5Ryw+dfR+Mu8@qA36-2hJSc
z!Tw<anJe91tf*R>CTT)nIcpGy?y3nY@%w2f6JOYbM$e@6Y;dh$AW^0>@mieK%(cc{
zl)gd*U3-k&`E(N`8A~`-K*YjRAU)ZRbXbvo(>FZ&w|J{f39_WHWCZU-)SUDiir^k$
znL`NOWCroesM%Ab+)wh?=wx3CYLMo+UdC&+TU2cw#I|Hot62boe-T${K~zGDU<yyU
zC7GXSlB;FO5xlu>Q@`kyzEl0Mr)yodFa`|FpiWf=TA+o<<2)+4WnhUxw*iQ#t?!R9
zoLj0x0HzA6ML;LNiUd(VR9!J_I`Rq@E;vAB2aUr86jG(JQZ=rqVgi4q2R0F=9|oWq
zl1+^9*#_D$nlNUn;*^t|uv>*70!e?ZA*c^lR5~xkoGDu`z@~0>kC7{=0(9cnFByJC
zcUT|95mhR%dIfbakzgs5kin-O+VnfR%ld$|jyuyE8GtfCGNhxJTU4(x18cn6I?P5V
zCSk^}x(PYBMlLd{H{j`wT$&IYF}5mr=>V}d_D}@MaIr|IrwTrUTS_?|UzVyQ1`}jm
z@@4i)XHF3n#j?0Bqk<%D!>lh>IsmkRm(_3+5U&=|WcC=c9z{tj*&~YV${r02YB2rT
zo0zK?Kp{dDtob^=dd14+D<wacUCW5iWaQ+Oz#K$J&Hh3w(klZ>&F=L~!5xr~g0MNm
zK96L%G+d2%6h@Y~O%dWpbYJMko<yD!g*Vkf+kC|G>FY~qHy|D~bkT!Y%NVZ(Y)!g3
zNL;qogU%1EdT%f|$!HoXOfOlb-%Z?_H+(q*h~Ed)n5RF4$X996c~cV&^Vw?57ZM~9
zGf>KmAtJ}vEUnd~_aU!=V}E3dR*)k{ZL0aR$FM(^F-srHS>c!X#XuniF^FgyUU4}U
z**#pjNnzEXC<d~p`WNSfH*O3eZ*X!OLA}h9JiVOcE!9(~f#<-8eyI+R!%Nk{A9V8S
zZlf{pSN<?ujp4Zj7;J6!9W(8SOll2S%zS;w%!yW)d&0336*g`%?R3_jL<%8E&wAAQ
zLV`Zpv_$NOKU>O$LIvkhM^WP5m$iLt8}hP(!<=yw0EMI$qZhT+dPM>!ou-ih%*Vk`
zT*=StAbYA*8e*0X?3P}aaN=!aTr*&9`{sD~!}}BSmsmdITxzw%9V+~kGmzC&LXD0X
zno-_<{Uj7Kt)gf2A`xDp!qN6e__AtlJ_|%u$tYc;dBJfi$lOBFAFee)7k_d3^L)#X
zu2gF$Qp0t!hY_uzwz^hbwc=?lWJQ&<N|6;$_iS|vU76#Z2G^2=rjo~4`z%;Uw^4C#
zSqdx`VglU_O_3kqI&^sg{fPi2_<#~c5tijguPF55dmZmWs5TFE|7{ghfmi+5ECWV4
zi0Cw4_ow+JL|L;~np6eYm4iY}1}i9Tf<VPnKL=XjmG2ZI+{mfZ+kCYIJQKPn8Chh}
zBJ&DYi!~Cd$vlGH5cCg`8~!s&@U9ss8(_DAnT=97pi{2EGOpHZus;!`7bW41QFI+5
zg~S~TvLqTzztHkQz|!hq%#TC$HKj)FGFs3UxW9;l9~3C)R~Q%$$7V<GVTEl~Uic-m
znL8jaOTVgGW!gG0IdCBzoCzFKg^E=cDpqxMa}oSioy%5JJ4rf3IlT~8HP&AY-h{yg
z=QlQ>ACp;c4@TSHXi^ZJC?<^TH-ZANnK)ot2mj)>Y^3oBV;t!cwA-LR!Ds<Ola*l=
zp&Hvj9d<^=TM9|jf*Cf)m^)!lW?&3~jfU^!PQ+|bHpyu8*Ov)GN3dBlDLVMxIQ@+&
zD0ZnBq|h2Q9Oj!=Xh`Ebg^0Q%k0E^}StyZ3OphVvN~{JF09YW3Xd-O~nJMnHwU8Q!
zzZXF>EL&jzsKQ{EW){;L!JJx}q0>MRw(imZZ8gd^q*2O%&N-}rIG&{WQ&gHV4Y3wS
zV_H0_yg>u>AcMzs_pPy{0BUh!P$7$ml3_kN^mu{k^lFMWnyb7uZ1R3n1Wy2W#AzKi
z^{OCvaUOGK<gD{F0<-cZ<wj-rn5p?4#f#ixJIM*sQ6jw)*y&iaXj1eAwHA+%d^)N`
zn_Q{-wuL&^u{jB)$U*6gur64!S}V4W6i-;v0jbx$o(@ewLE4yM*a#ZYT+up4Os_qO
zNt8ej$^DA=MD~}e1jYU;sh_GWVY)g{)gTBGmMDDI-x0l=bci=`0=>ih9c{2lZz{=G
zWkl9si2~NR`9}8~B5(n%Y2ad!U5K}~C410!*@%)kW8iU2)Bb75j7$&WgU<wxwUH7a
zUkR(er7AT-K@4)i34~P}2@-%sWs5RjCufzIt$Hjp3k@rdJYvmy7{2vv3bjThe9ZJ|
z9l|_6z&k<<i=99<t%zrf*Tg+Yn}#<KzsHh76XYWRF9Bj-^993jw$dF0Dn-+&cx6<v
zMD2c^k;`>Zl@OqE0bwu_jK7RL*iMTiT!Orp2q<UIsKIbV;1+5MKd00osi4qqgCi{q
zftpJg84`ikjBvCd#t{+$jGO4%C4s_&6if4Aale0{w)w!+4HYVt#3v`C9tXFS+0aZ(
zNrdvoLMmamQVEGys)5ERWi&tD+(0VhR}*aYNSg-NY}_>1+t<rVsJ0r!DAHI_x@W?N
zq8WKr<tNd!#DAvR9Is0IxhZ-cxSgv?jW%b37sb{IinLPdHZ#G*RN__4Xz`YlGQ@5c
z0r;l0t0+%c31~0NEh^M`gYhW2IDCmm?Ic-E5-`edg$JLPq+w<mfdkrV8nq$DX-+H%
zCgM%Ws}2{tS4QdLs6F)e#MGnUf9Y{`lclI#sOX_;bDFjnv!Th0!kaR*{NmgsHfeT1
zG#wh%sI3sW=K`r&FNsZ8bz?_kyG}G~b=w8d(CEICkm`CC&FnmL+5WBw#>m%uNstQ*
zK5~nJp*Kb>)TmWbF%Zxwp)id9*T{rK1@iz^RQ%F3@7Hofo3miui0p-I-|{PE(4#1m
zc%s<aE`SzSeIIYh9k)v)PO<=8tdyt*s4^x&ISt&D%#wlBYv3JG=nvgbtR5=~INpS<
zy=q7<<%=TGx43wQkD1Wuq)rI$rh;n{C2uSVb5v0eL+Geytqv(dvDKw43&a+>d$P4l
zl}iQG-?8QoQmOSC7GkG3j2E>`R^KdXAeFF4!>IM-GI3H*0}jhDsH?AF$4jRXAxX7}
zpjMU1oK2A-LN6LzOS&JlEmD>SM>I4_;aqJ6%{u5D2!&o~=G{i2t_1aNF)Ezd#@(E3
zT@y7p^g#8et*LvWlC$$2NKobqN0@>i$pT{pp`;NiH&_kAEX~;|8f~1+HE0pAz-odM
zMBH0W#jCWFMyjNW)Rl{hf~o@XI=&?_;qR9rzSq20VzN-uc#K=H=3P0#o8ILB*l_u+
zNknBBdZAc4=<!(Pyaps7Tt*^D#Av}_f+Z7?jJV-FZt6u5$7GEX09+EvT6jd)($4N<
ziE!B*vS_jOuVj6Zz5#GNQ1?8Bm>bL!VY;ZkK=x)TY9ls|W0y*NbF1DW=+Sc##z;9S
z8+ryk-0wFAGXkP|Aq=yb2sA=rNwEFMlDF)L<FOD@g8lBXy#|ZR#y?mrK%`8YG<+v)
zAN?GeMSd}G8)>4DI3)gqAl-RPl=EVhm8hcwMG)$r9&xTzv1H`PkuFTK$ME^Ud{`Cn
z2pENdlQEkLb@A2{Mqv(^g|$oh%z#8D3yC!2V2QYDE4=HdlX1|8$OWT&ueiP-76`!k
zq0j+xTa&?3atSJ35{hU6ZK*V&Y^otvlT<rUlW^Q#LW5}L7hji9X;5?J8y*qWF|kwu
zK?76J1~|QlybR=r#=AJ!JS7VxhC-2n2B#T{3T`o(WWD1y%62Qw5p|uzbRT<!`$|%R
zUY@{`kAm%UD|OzHtDI?)OqjwIsr)qJHd(NprBV0Y1!vjHTIVwkr#Xa4IV6Gv;P2Hg
zCpy50rK*WY(urG6E|f@ZX1Sb^6Rj47@)Tm5#f?dD^JZ`jwJ7e`QJk3Za4{cMD>M$)
z7|SBN&h;`jV^$;|dLRIGRv|jRR#9bfZ3d_+%WIQBQF|2QF%Uvl6=fq0T3D1h8825E
zJp<*01no6z>kLw%Db0w(I>6K+GsZG@#Z&3vh};WN{2^hSHlx@98Y6+7;<G-YdYmaj
zp$G@|Y~WLfUNI$J6=@(`2=uL-f<d(q2XT<A(ao_nK-*JVjReSKN{I6<C&m2^VGa|o
ziH)L>x)cIu0TmO)IqZjYD_&W5^m>dx#N?XNv#8clW)c^(=^N_kYPd2z$`%U6F?gLM
zgMqUo+mw$p3lWq|CVC0Ybwwq>Di>!e;M5cXOe~T30KWiE`B<toiKN~#MeRR%J`<B2
z&?_*c?f_-X)iN;>TPNlmCQ31s+0ryhYnI+VUMf_I;ru{;D4d}~<ocr{WgWd3&){T}
zXm3ui6Oz-}he^`8pa>iV!c;=)GA@psA^n2l=sNTR)0L&l_>wN61Y}wud1|ZV6YxWF
zwYnuZGr5MbiWAYoGvd%WhNetm6{vxRQB{A29NkFsz&X$hxdJLBFJ86$ZEga+GwL(9
z`cX=}2D(RIkk*V9l{UwK4XScnb&&ZkcuKqsg|r4{2X4?_EFhYxsxUG?RRO;J9H7IY
zkcB+w8B5bv)cL4eMibB|7B`|lA+mv-5E;z?i3fqqPs%|h+VFK;ik{$7^;{HRTbd<}
z`0wGklCkGD$h4R(%+Nl-$;P4XeA0<}%tX90<tS<x(t=?4$tl^=FL92*dOwgUOl1gO
zFyfJ`s>dPRaZ7jX^)6z5VWxokun3{p>LMzeU+9lf<%oWb;6lU&6e?ac&M4VQR-#sM
z2?hok^OONxkqQvjO5!g{!`6gKJimG4Ni~JY%^(-2)&&K?OHGsz1=d<)VQHv6Jw7Th
zklLA)6_&%z1Q`@a=joDg0Adk~=UW=|=HT%1RHb^Jv)fs)Uqp2IqHeC%whZgiF6wMr
zh{jR@QJqv>vHnhqVb*iGk$`6f)EsZ7T1>ySy#!b{z#1otlZdjg_0A1C7nFt+Bw4>s
zdjy@u%M`kk_(Q>vo+7%Q3lf$xg}4Z?^~0hO5)>@4T40z<8VpQFbWG=xF|n5tM>m#N
znim@*$|`v!k}jzd3eN5xiYHPol@^7QU{{UM9myn+vIqb$D2Bk7is?SIQ%HKv8t*i~
z#NsGO4p2iL5O35I2oNtgoyk>l3>EGKAr2vo>;;0=mu%F`kfL9dp@dRO;PgU>Rvhd|
zk%k$kg8O$Q4(6Vb1y&}GL8U5z*LvM-*`D>88qsB=gkhc(;+{j=q#Vmilmbd10Bg|;
zbokk@96=6YdI^~sOhpFS2q<4nVV|_zVbZ46R@b9KMv}t1AcZ<EW--+;B!(m_NsZU6
z9{mc~Ozg_m3Zp_#R5VIL9l4}t^ez<iOl!eWvH{xN4ifElI)x=KjUdpuI*j8-Xm|?*
zdHDbNT~LR5w#POIV)!M#6MPwRJ4gc9XZ<icW$Y}ok=gBnU|$W>yP+Heh@I?V08DVG
z?a1=wI7z0oFu#qoT$(BZX&JT712qd292Wuv<t>1Z(peExUqD*}=1%>Pq|-lVYh6W^
zX4efbeQ+bjum1Kt@#O+FvHVqY_hs`JiyDH6jMGPZq>*{JqU`21rG9O_X5lnI<YW~x
zdy`v0rRDm@Ym5XdC9Z>qzm}}lDlkRaB_xUS2-OOp=OFMUyd`T1W86S(uM!3)n>)lu
zN~27Ya}(mB{4`V;LV|wTsdN6sx|AZk)szA%27wNPq3CCljnj)Q&JQgXiqfUj*w(IR
zkyhVJCj^<v^rEdJzeTKRq6a<(a{(LR{JQ5DatQSpCW)X^V+UQlH0fdl7p%~g<V-yc
z@`-pWRaI{>Cj*%Qs6ZsNV=xv}RdZ1J1|>2839^9vbWc2lu0=aKwS-g@@kvF}l?zMQ
z5ITvdBg!3CVF4=C3hid28k!7HtLt;&zCv&r<J@ABu!wC%F(uRCDgt5P&}oJ_64TZV
z$=<FsQ)sQ#ATZ}7#*KS`Id{@;3h`xuT#5zcI$R(YVgWVrm(m`G4-#<zw4`vg7aWn%
zoftwmB4QF38-3&u%PCY;%Jp=iN<*K<%9Du*p+<`dQt)y;PWAhocS%+FSVhGcdWDqJ
zAsBYs1Y4Ig#bF`HO#~f@lb$bFrn(#al^l~pOe5n^Y8_qu#?75ZqzT1~(#9x29cNVb
z0iPvA_M!0Jj9Z$^c@`&^FSatp$(8bq3QiH<%K71(<|vqEXs^-P^$*E;Sws3-XPIX!
z?|{YTN0hz_#8Gkt`AtA){XK&{{+Gx`pbK|VTEgud2N4q`ZR*93{=`81;cxD<Cdg!>
zfYTk(=NTtg#Lsd1IX+H*GG0A=Rd(>v8N**Le?dRS#`4LM<4_a|goMdrGLu=1kaB!u
zm&Pk_&AU19vBlOjmK=>I>;j%uQusbsnMOpMlgBlcHl9t;fJG`FJdFZ!8F~YX1mdTW
z^(+2ZDnjGw0fopX@wr5=L7t_bULjd7E(Z{9c`S>ua%nf2_wY>)JF$!cL-;f0&=i&x
z9lW0^mM|7IO>r;yoOE*Zxm-N_aJ+!PJ))+?mX|8wDgB*<P*R3u#DAxe@rytC%aS*V
zSFnrFn}>eK@;0VUquUdBCz;RE-`-TFh&S>!^_MH)mSTJ=i?6n3@QnMFD?r2LQR8(Q
zbK&P$9^lDI6NsK&P9liQ-n!V@TAC@A3n<tLbWEn`U78-fz-xlj1fXP!&Lr9v^T4@N
zoEQU3^3b42P>+?8`faa*E78%()R<_E-*OnjFM&A8C}M`|CdG$Is(65j@G=z3Si-!Q
z#xf)`L?J2qQFhY6M`oNRUhs;D^Tr=ukq*dYiQt7P8Be%xd%AP!3Idsi%VlWAJWv=R
zkXaKwMtr%AU*p^$lV;k<=ZW+(7#@yqz~ebZ{M<%UwwGYCnIa0D(3>8S0{v-kOBP)h
z%atikgFwXmN(4x89NlD>3hF=y;QiE)f6({1#SI_1GrU;jnR_&78n^1Ab0$fr#DwmV
zRG)M37!G4Brbl35a(Li5)H03v69FaNr7m!Ws8M{y<N-;BcMEDe5!oSp9$Q1eiL?&d
zQK+?sZYDB0(CHKtT&XbOL~%guUc~?lrE;=_3a<zr%Tyh~H6w?8KBx==oJAuY2$G9&
z*WhQOo+^t&I03k5MC4J81C<Q3B9NcV%px@lWgp05PG!0}s00G2h>A{#*Qfvj5=7`&
zDP>Zq&`mFcU+|lLls)G<pc5Sh5{v*Zk&p!z%egtTIE%3H5kg-=C7~pe6mX%3)uj(`
zO7wvi=^0<HT(M%=3jKl%Pw?9iO4a(<)8S*P(e;rYpB?K1{Ljt$_{&yX{Y_v?MucMZ
zQF*{vjdr9`q@{9GC=}RF(jz4yG@#Z-YcC@2CMvdyB2{GXywgw#U2IOyRG~da0W*ld
z%R-_>VH1byThY@TsV)4qVGpU+QP2hfMZu={><`LxUu`SVFNmt<dUw><P>d8m6>`l9
z92i4Sj%HQQTuJhx!4CX=7nQ0<<w6mP4zm!-OyE?+N3`{e-f9jkaq0IaCKP3u)yv*1
z@UL-Ts&3Yh;Era6Ar8L{ES8UN9F?j11q^Euw5&N9LDPI8@rmt2>v!3;y^a3cXX@0U
zv!37Y<=@}At&RR2if6qPF3gv9dP|BxQx41))=G+0gWOW;oUwCR#s(hhH~p&n;wz6*
z$J`{no9s?5ZEsf{kPZp;FL;fFbh`F9NG2T`T#HL-bF{bEGu#0o!h=ATo<#lrY*$xz
z5<sPrOOq?mF|Ccq5Vg0LArPZRCW0kpbv9Z;GLPv8($k!q8Oo>C`kJfjXCn|0L|zu1
zZIlaVq;>iBcX^A&Sohdim*cMLaK{|GV|m(M)p6tsH`THHh~-_WRbBSdrOTFS(nweG
zi1{w~7-fX$nTtVrSb6UQeWhFD^z^tvcc*_~Dbx};c`h!LhbV_Y|8D%(u@wJxIF4<1
zjE$xII7BWNXz6iz1R$1qUb4FmcI10CP$V<}PNfW_pISoQqUd(k={VL2((-b>|BzpT
zTuTa^w9|UtYKlB}z$mWn3o|o=iSfjEp=BSY9HC}Md;+2dHXOuL#A=H7X?N_ecL)C=
zf9#ImRLsCz65K&||MP1P?7(;QZ$JG`VuB>L4TbT}@^qQ&>_8YIz6OyKW(v8KMEX9k
zOs}2s5bULU@0+9$fDj;;oxSCsOMrs@9Ta|bfXF^c|0cV6%XD;fw8QJ3m$%}IumYT6
zI&P9t2WbmsEO9Hck2Q$mP*oU$W00t9)?yS}hT;>dI#Q$^(V_Y(RUl@w+B&rw7O-r}
z8(mGAr!d`tje{0W(*&Y=;Q3HedhJdI(MggK(m}{i(y9()Dl^qRLgzt{P#NS=3#viR
z9II~4@bqIZMl`N|8v)f|d$8{G!FpYuX|-MK{HsUw=-yObs|Wx!&buNSq6)d=HVmPt
zGSUQKn$y*SYk6l^XLmJhldi|axdGM~x;kmI;+nPkS{2<F-!Ru#EI1Pb8K;Em5>A6_
znYF!gGwn>eUYl{VDS28c%C6oL0phQ*t6;<dBhpeA?h>knhoOPwKwr;Da&7;HzL9F&
ziq1xH?$+*x(vf0zRP{_7TA-z!5o8E!r9HDTO@x&?#`Y!#Y?(Ww(58OZL7#e!`|~-S
zdaQnTaK+cinOCDqHL@%eNMy*O5$`XZb!uQu{SMS$NGaG%Y;efV#4V%Q8)qQYT5P%v
zg&C>d>Je|BcG_u+UtqY%*h8Kd;_<aW)8CDsk}19ja1xcT<$HN(M>Ga%p)}sPY~9dM
z=dz`p%a^TqQK6O_uQ9+kcXt8UT6BI|duL~7``@Qr0pWL8*zaqJ77ZVG4GJO<$1tiX
ziqwUp*@H##j@bz^A<?9XlYEvUMl&NpD{kt{Rj46r<p~I$*qBaxZn;7B{$figAwrp3
znSnI7>|lk`7#l=K!Om@7-e1JsAH=u=jo=6YBe%2Ftb-b@Y_?J4#9J33V2nW6UsH2c
z7YWuHw0g3*p0d2w&SkQ7bcr=<Hbpm%mAa~5hgz2^lw$XeJ~v7GX@+Z4!a7-SwvbyC
zej56buVmqR^M6WJp0q?#F0FZ5c<9;CGdy4o_6+o`wi2+a4D?h`SsDD+>B~dw&(iyA
zVaaq;zQ7^c^!AM;hWm#``!^1*wtn(&|32cv$qye?&e}NCZ%r>@Q%BF5gw?%tnYDby
z%2i9ctxazJC;#^0a8G?}*Y+hwS6d6hU9h2~x{C#V2Ltf-u0w(0jceYFF090co{^Eh
zk=529HcO)9^0lKVAEKw*x4Ca{)EYg02-96KG`um<H!{*cxUO$_c;hfn%jg?lujyH{
zq0dV6Y#O2W6Q*@?V<{nvQ1ju`S1J`s!Nx-yM*!Jy-%wBgu+@_wL;<p@NiM^G9W^JJ
z*wEKA3@9bsdWCpaVkvzQQ%`lfnFL;JE~}1+MobeNol(6P8x#fB+DK6~C4t&IBxan3
z1(ce{a&_k~n)JYShFC^c4JblWo8o<Hfz|I9OyO4pHYI#8iOua%Z**DfJkv)8j4st!
zXI>1Jm14(1;Ph7kQM!W#wF!Gcb?>}`67blL7fN*w&uBgy)8z;gR};soj5c%N(?N7`
zu7P<9Tcv9a*m=~O=fVb>rCR=}XNhAkZtf$%K&%n6dUBKLk+NN`1f{U5b?D*ZGu5qm
zE&V&(`u!4=G4u7$gBSzGT$?R~HL<4F8mm^%H7xLCj8Uk0!iF2QCP>BxsC%}*VBq`r
zo{XZNY9#zxe2=pO%{5AWn27f3!BkDaFOEPvRG4y08w#H13xE-_>jJnIDQ-1e;7T1u
zYGg=qqJ@@G>E)?RHj9X%N;y@SLfOeQf@P?_E#J(NqDUAwWpofHqb^t@TCG9AYo&OU
z{Im%wiP1P9u=X9hsefny5^P;jm1k~IKty(i85z7qMz0WUW295$vciyQneB~sJ0#Ia
z@5YNDiE7fW-fMg`?+`k72%TJv){ieB>DHGEw4SJh-WOiz)HEC?V>KvWhS*}vj@ZtU
zrO7ch$BhGJhwKR3j26EB-et$=rGMc?vmN5%?ChTi41&WNE^=qWO|69qHG!h-xVUtt
zw)lu<7TTc<2sgB-rKOr0!c$0)j4*cAu>-~lk^sPmFd#5CYvH7zn^{>hm+!D-M!4%W
zr;CYbc@gBtSXz%cvUbRmJLJiix;z<6)3cN>Be`hIKH1JvX6>^k4yGOA=Km#e(?6tl
zm?SxfVKyeoMgqInRWgWn4+VBV@|Oi2hajMv{=G&AcFR{`cP=HzshJsRj%$x?%E6%Q
zo|461^PR^vqRai*^#P>#!iY!i3IPfQ#P8Ae$<5~-dw=3v7hH@;_zMqgYkPg$Yh^%u
zu)#pGH^YGfc4>w~%{Ps{ylt0PJ@inL{#B-5(YDjBkMGjf#y=iAE?3xZ-9FD>mc0JT
zj~@2W#g87k|8MTu_LF@Ut-Lrl?|bc6{Qd`*-1b=h>053cA3NmGw;%K8pFj8dOCP%J
zy-(kB$07S)v3ZZrJUuyn+03cwyM8(O=N~UvdEoWlBL}`}{dFs|Kl_yRlb7``-}x)|
z-u%c_PwldP|B3Ssx@75Yr+;G289y5P-qjB*`_C_*b@1N*xc<sl-+tQAsRv#4il6WE
z{fV1@aptSnz3Le6>u)^$PrumxgKOWmc<+BdzGt`Ye_gxl_m@3)&TGE#&wIUk_|a8Y
z9KY*ZJ~p`T1NKw9fBfLXf0nQgeeTkGKl=Rh4}NcK+r>|xef6F_4}UUy=^cBHzV`Ub
zSG{`K<n?zQm2F>tM(2;q?|5R@H@s?(d*6Qe?dRR`whM26<C9-Yq@P*1tozh2efH~L
zzia7bhhEWk?%I2wxah5SW*-0CdtOs;&%gVmZ_c0i^rh?e`S5w`FFyI151;pkH(6``
zeXMuYo<CY}`I#ScFX*zI$3M|`?&U}S<f9kw^|zrnJ^qW^zOwP8XK$Ds?b>kVZ;rbB
zA9wrmLs#Cr?n4*8{1s#GT6yKhH}(7~eZlTm?0#eCSsy+Bb^meQgSY<jsUwg2;^I?=
zowxr(?+-Hnaqol2e%kx~QTCVL^wl5#{L<eH{^6qkJ@vas9{EJ>v5W5i&I!NDf9y+d
zc;?slooa7>D!uubL%L7-x8&jN?_B<wUGIG72VS<vrJucPXys4uJNd}}z2DiR>m9qD
z^P}_j`p|{TzIns3*X*^WZPD?^oqvFJ;ukOIdD~+nUrc}d`ux*RUOxJXEn6Oc;>d}O
zXTP)EJ@~ypD{lRt%WggDNaxW1eDm0bGoISolYGU6yDeLL%!gK&zxIKifBnD}Kbt=H
ze-3|U_v?Rmr*p^5&F8)EjwAkb)81_-o^{#4ejokFzEk&oc+um_mp}Wi)9(4o{s;f%
zvOAv}IPkz<e_{RyZ+XYi9xpFEaKvM!<BvUX%l*^GZ9eIhKb(Kb^&eXL{jRfTKDDCz
zu+5)&^bohO@4Ncmu;&@yK7V}Ai{5SjVfB7b{XD(=%+p@~u7~d4c=PGYhnAP$+qdQu
zyFc@epDyiu!|xyX!$(ek_owfl*y)-(e|UD+TeDA{`_$2II_Ax19(dSc-#=jeP0#NA
zz8hcv@$&0;KH#+voqy!`({K91TmI6$$IU;?9Cz%?FWc>@3lF-qFf{ay-0wc0+jd0z
zwPSx<f8A^LJRv*zow1+4`u+oM{pl0?K6K>=I?iA6$UXTtKKrZxx_o%}{$1a9{h7tP
z{@>F--Lmwjx4h}3i`V~p`V*f&Vy_?H{nQn^egCH?9eqRYyn~i>U;pj%4!2i6@YmkA
zblkl4x_eIAbnoB3wpZ8fT`QmKIqAYr{{DB*P8{~^X&1ci&M$5~_~I`nt{yq_D>uIK
z^`pHvmd?27@)Hl~f8?tdbdL-kaM`9u-*fmMzA$>l<5wR1jq9#CsXSnRdgiQK-dK6v
z`_Di7{&$WZzQ@_^>+kvf;S0_<<O93jckky9+#`Mb8xOAR{iQ?ybj9cH*!;U~H$3t5
z)89PnhSL^2`@_4E@4x1A(+69By>rbSC){-1FRpye5mULdpLvzt@s%h4eBIr@dFJ{4
z8y>j+mrq^t$G^OP{co<g**@itZ68cs_~g4kylR)vzU8pvPWafTw_UdPmma+EuKPdt
z$7}Dr>;9eI`N)qqJ^#dOk3MnWt|d?W=%L+y^XQ#_x$`@p8NT7P1Ag+up6B29`hB+a
zc5nOH0cWPK*zJ)wPrvp{`@Qy%BVP5zZ!Nvz#{Rt)y)r-Z!3Q6C`27F)*rqp}{ObdL
z{7+9lw&L#1$#Wk)U`z3<`Rnd?E;_IG6%Ty&^gk4zIp_SnpS^OQUuAC{8asRD#H()q
z<$EqT^}%0FJb2QzJx9&F^1}C@aLVhJzkS8vfn#sAu2}#1h39{1(HYkscXaZ@PksBR
zo3GmCPY>VK@rBRiUp@82w>RJP!S~+y`>{vA{=Hw658wLxyB~Yxx1T@j-di{RX!6$E
zesa#{pTF;|pFZ_1Cmy`_(+BRl`#V1I^5^dU!X4cY-Tvh6xBTyI&;Rs;_gwtwvX!6x
z<z1h;{ifI5ddb(mam4fPZ{ND|ckgf8`0&4+dF2~lbJBw+-h21X&Z|%ETK=*P>6MSY
z<&!ht{zBr2^WJ*NykFSmHxJx%Pib`Vf1lmHWv`PbKf3cZZ(ct$xbBC~-gJlC(S6J1
z9anwn*WZ~w;_4f2S@7thofn+{m1~YU>(Bj<zVnRh-}c?pPkrv%Kfhx4-(GD$_nPG1
zo!5Q(BVYS%{?9l4`7fDAKYQM`(|`N%r@nveL*L!@@PA!gx%M9tEABh!@^Ae4Td%tH
zp_PYk_}Zm^c<7Nur=EEF_l|PMpS{o>Tzu}w-v7Gv+aI{#$-lnh^?fr(9ewaump?qV
z?|nbL`oZ@1?sV11-g&|wcHa5Qw|(9H(?f5%_H(HpZF=w3|FX|vUtj<0=T{%radmQ2
z&rYvC<juDq^2QsE9{*1EjE8%#zUOaWy#3veUv=}-Cw~8*UwQ5I$-mA2&hLJA>hgsT
zXZL^bM}v!A^KAaOsl85q_T07wkN@?WC%06tIyvWl_mF)Kdiz;t9=6-F>#n`(RsX%)
zU5}ly+wZqH_dj{`E#F*y>9_8<<LLOKdT)LHj&Mq3_^e+4$=&Zd5%18yf2w*nH<J{Z
zl%3wh{6m)DLXIW4C1ax9btVedy#56!`AeyjGYGA-+-Y%wiw1mpBTtlb$f#}&;tB9K
z<=husFTa3(Q$QY4iSy%!%!{AEz8a|Gkr;xy5h+vv3JDzFKKBQ&yLG3wHu`5pzMq>x
zJp)Ri#Q~om7o8x3PCn#70Q#as25?#3o!v*l4Uk8sh6m_z17M|;U#%Ogri*{(9YuwM
z5&56aOrwHXnLi?4-p;G5M&{`Tc$d?E%Lqxd@R;g|5IB@)OA)C2y^%L)%_DI5u0&Bv
zIoMOlr7}(^-864$SND+}UCTPUy61^>j6f%{e4k3+<55l{s4=#<1VsTt*A<Bl=r8qD
zJhA9<2=%BVlcKrMe|(jwoCqGDYRTu~GFq#Gr0edL>Sd*X1sb8!vz@clC`P+wOM~qg
z=+oLy<7{9d-W|Vj`S7o&MsLkw(XWSib^ydX1lv|+0O!&y&)xmZ%TA(yA$jiHk%7WH
zy7s*7w};=f@m(JudF7*<Z+N&f@yQ3?I{DcvPx{_5hxYWp>CqqEd;6}#eMiqb<2`@<
zOZMp3oZGYiy!R|V=ZObCvH12q&OQFxTi>y0-1%kplkMf>zi`n%jo(`Q&6Ov-^MFhL
z^}DI=jSoImIqr&Q_W0mVhg^Nx)IHBVe9mpx9dY!w%RaU0KxfJO?mOz7_ushf0&D;F
z6Bh2W+bK_szV6!f<s)x?_PE17wzK=&C-(iX{cbsD^6@hdyXfOz{lNS~&v^9{-P5~$
zB74Wf=XCF#7}@$@+gbnfoyWiSmV0||oSJ|1=)2zdgA?C*<f9+@mj#ckddnYwxMler
zSIr##508KJ;w8tvZRPSqKf3au*In}Gr+2&NlC|GH;(=WrIpnO{E;#L;FIU#T?`u7W
ze)P$`*WR}8={KMGm!XF)&)qkAOxHVlP8iwuLq~4B{r+dSeg4G9{`QTF_x|7B`&XRv
zz7@;&aWWT8jIG)InL~eg(+5U34Se#kozD8hI_LDu_8<Sr)hqTN`N-!d4tn{r>nq+@
zR&Bjy{@1_ieC1tl|Hzg-zwx=h>=M7rUx{5ix^X1Y(=mYTbjmmnZSiaK_x|8pc!~Z&
zmJh$oZ98*l>-W+@+F*x{5~C#K#7NJu`J}rYk+6u=N_DJ3q!xu2xA)~y6RE>UD_<?H
zq^gr+-cDDsbcn`?p30=bAXZz^^k}{-@@_j|yjX1!yxx*PChpMsopwIDEjqz>Pfmab
zF5337=w~n)zMVN?TiZ@;|Je4sP2=-c?fTuF)bC$E@A7BSyPsU2zrp*@YYuB`qkrAH
zcgt#P!-GJoePdbf1_+(o(mbU4z0Z2_ISj%VZydVsxOqFZ(Z3)F^AE2L0*WL=B-$Gw
z+`B|zLH*9&77aqM!~hi;p#KO9Umw^hfQ6{#r6K|*?%UrcMpeJn8q`|Z-8JrMWgj2f
zN$Ra;zu*1x$&66-d)<GFal!}<rhA*S+4ES{Z-C^?K|Zkm1P`Kqmwsgq5>1wS1%N+U
z57H-cz|HP=Jxg@2e&2JF_#B=?FjL%|!$slltMbOp@%H(Y=wJO-<JMY>;B*qFE1XGl
zhS~ikeHq4<`n~aw(bEaqN6hKu!`%n1CFWrFZxw^7-)hiWbJ;JjH2<v!3)n-<LH7Bf
z7)1TP|9tV8203V#I5W#X(tZKsX>0qhGyWJo2=aETj4rzgqf6+3t~H;%1M~USyVcq#
zQP-Txk0-@`QNK4ICO(V)eI6JTh|R_Mr?bNSo8qxK){U2lzSVCvX05sG8<@+d^;o9V
zYmV{U<6;c;Tk(PLe1fvEIiDXzj-drjmXysAm#o;z<gI?Ik!eIl4AnxJNemC3y;H1+
zhSiS{&uU@pl>v-h^xmDqLV*eVyUq~6tKS>9h|ghk1?3DAU0<#qz?VAAq0YZbbgh1?
bA&1uQMm0H5bYs7^Z@#Rp?Q8F&E%N^X+nU&+

literal 0
HcmV?d00001

diff --git a/integration-tests/src/test/resources/Files/PNFs/validation/individualSignature/validPnfWithIndividualSignatureCompliantWithSOL004.csar b/integration-tests/src/test/resources/Files/PNFs/validation/individualSignature/validPnfWithIndividualSignatureCompliantWithSOL004.csar
new file mode 100644
index 0000000000000000000000000000000000000000..6d3ed91aaf81c8281769d18b1ab9a4b5b055e082
GIT binary patch
literal 103607
zcmeHw34B~ty?;PJ42vlKK^_X17HvzLG)Whr_<(ehme?i@Nm`eR!_CZ{Waw<YcP0yn
zh#L<T1yNj{AmDqVh#>mF1w~LnQ4tmOQ9%&_1w?TNH~fEpzq8zP@7z0EQo#2qADU$D
z+;h(F{Lb(E&Tl`%8=ket3)<+v1E$Xy=0D_*eet``$z%)Ja<*9TmJj32cK(juEL`V(
z{K})++UQ?*=uM~WWs`->RMIQvy1KfPr9vj1>`AUlb|=fTCCBTWwez`h(M#FMv_C*{
z%5go6w8j!&dD(m^=OpP}H0)_lJ6_7omI#<NR{z-OfHkyki#57wqlGan8pGn=Eu&9M
z_G$HWuIlV=Z%3C!x9qKHx2z5;4CYi6nC<OpyKD=%sTsr8NzcSoFwM@5J-z9)>v&!t
z9@9$}U~scjPCA)!i+MRAqtQsQSeCCDbL!&>jys-Jo^-5iAyahoHci*U|MY0EH(}Xg
zBzmc6jXRd@dD)4AgSi(i+e#G+1t-OAO2urU+{vSq++xXb%UOpfPT=M3R8sbo6g}jf
zLRo-L-_zXISmVWF&an&J2R#j}z-Y-yWi#m0%4Qfk*`I`n`m?fPDnLyM6qFs$=Cb8k
ztC+#~1$)BbckDviD!Qpj$1A&HwwX#nOrhvng<`qW8pv2#?#y$_G|w@&;w+Po2rrHG
z7KB1i%5}C^vaXZHDxuqUJda%B74x#h!)|dZ3p55+*B&oc%GO4E)^V*BR?eAna%!2g
zg$c_8Zt_@Y;HhN0cHSvtpICOOl*^{<@th-8J~14#)Y;Oml_uh~tk6n}hnZXvR9Bct
z5}rVIQ+64&psAykji9=;28Pw*VI%0y)oxDsdv%!hDs};pyB<0cTw^sEH2t;!6nhAB
z(GLR~mU%fyPwi7`(P@og|CmoKZ?ag)rJ1$l1ZSDfmL~%{oLX95r9`|GoM(KNzs(T=
zC&6pV#Z)opSw7dH9Z&ld<V##(OCi%gQ%;mLnEp&NcFuG3b8s_a3c!tKT(oE%)|8#g
zrjz(t0ZX&CTG`UnN-%`d)N1P#*}724j{}@yh8I>a&G53KV`su~^>_hv4dUR-SMrwV
zh^Bz$l$fgGzPgL1r!wI>pg1>Kp0shSb;a?YdEq{N`hYPH7r}mLedO%sf$7Me_}C0%
zy*7=~d8m#+rZY)9vPWWe^-n#fYEVy^$W2h|q@ByPO4Q)mOw)>_`3NI~g^$|^GT=i+
zuo{crZ;YUg^O@*cad1uDxgPZ>Nuo#?#gQkNDWqsX10=6cCz_i{B6E~KX!_9`Be$aY
zd6*}0YxAhFk;P%!z`6=fh4G_sohT`inJ<ZuPJak$#Z(sDLP%BMuYxL>@q)qHWk`UD
zVXNXXf0}TxjIPDpyU2g)7SvmKj^=_hTJd&BYSaLvlR;)5roYe@_t!qK8v?Yqso<z%
zLhyC<NrEwJ1&8$1_fqg78f$oaF=h%*d6@+j!&_z*)0G}RKjbO0%qn?KC0*>8hGeKW
zonmTHJ1&>?{F6H{vEe9@Pi`pLW7Tm&R7iW!m>W2mJDX%#(Ae%uQja3SUSB7PJ5@Fo
zQ!H{1K-Um!*oxjV;*=m;13=H3aEcSIU7CbsnllMX$vinZpfwHB#DQZC53M6DA?=iM
z#aSmEr>~@n6`p^pn0BIx&01)cr;8mqr;O9o8W`PVt>|988YICD@jLCy6@m3hM7<G7
zv8n7-)>oUH9P2M(Xaa=L{Gugj47qasVuWZOC%^PCGw8G)o!LY&45K>8C6?)VB%Y)A
zavVpihHG93#x7VAk+h$oz|uIDCKKDUJgH}<K~L5||JXWfWL?5qdGyh%t*zbNr^Hf>
z(AmSwBRCU?1)WeI(a25NV<h5Yba23`SEGr;7V>DT18yN<HZ-D`TX2<xlA5whw$P@-
zmI?h0H1kd}PHf4#<%*r#m@RB0Z83h;0xgHsehKWAUMMJOD4c{GK5w#xRIY+onD#;=
zS-QhnEL|EbL7ZGTrl8HIu<{V(*h(RF2r>wDx=xN+k~f(xRZYMfD?*U)Utmbu+s#K|
ze3;)w^%swiV9P$I<P_50CSeT;V8!5nn3Oss$!=qIf!UU)9Y<Jlwt($H-J@NJU!!(O
zQ2!8&AV9{@C~Nyeo`F#x^B&WzP=U&}i(_8S8H$iN2Q=biXaFZ#J1t}wSM*HaC{c>X
zi+C&AgcW(%xz2>`rWJ=ORb22Zeb|S^5T0DM=n*>n!@DfNbpwktkOmVLcB*L{OOqtS
z3$cmWrLTiCB?{RIhBuNW*pfCy7Apy}z<k7hq(}5$ZGIn;ielxJC=ItYiN%HeZjH5Y
z2u35~p4w<Su&%eOyW5)T>O8u0#TqMB8o`U271H)zV}+oNLn>jBhEd`e*#u}TiQTd@
z1H*<;|DnofGT`p8k4(cBKnHb!EMbCqh^-(^1Vf`58lT&?XdG~1Y+VMknw`;-oH-di
zQ2l9Z>Yl8?<k$htJ<SHV2vw;ODkqAGo}Hr6#>rfR76D5=DN~U;7#44W#oiLEidVL=
zamX5Gkr5k<1UW6??-yaS>XSzKqHjg<rxcL(YwwLH0XC>b$#p`Xg>A_^I8_)qHLcZ=
z_z{*5h@v1?m#GliQ{2o;B&UK{#|Qw60I(Jx)78`2eKN6dR<M?6S_<I+&&33N4hz=b
zFpC8_gfuZlz(qHih2?r7Lk)7It;XJ#Y+A!&(ly>(zj>ffe;0z2DAKZ&{T<F3-#ek3
znBD1zk^KN{GIqP+g$i+&$hOKCq(^9cSOqoVrZ8o@S<rDbmOAwJ9dp4~0qnJvIhx8+
zQi;5PS?OZ57Gl~_yTjDoG?si^`pi;3BWH^?qr!wL#KL3_a-k1A&Lk~aDz}w>5+hCM
z!HJvsvYBdbK8q5-jON8us^Y>#oDx>uu4Ps?v+RWyG$QswLaQ{V17o!`>#@%dtV*6H
zBv?tsA>~U>)?!v~NfHq(jU~>&o?L>1A0UvwN=Ph4lEx&mEJ7B^x)5Ot4n~8TE}19&
zIV|nkp092jeakQFZF&;frD<FdGCMq}C&RNz8(obj)C3bRYC+-SoS{?J&Ly8Y>)l=|
z!gDnn7C!l@BC$~ilmN+Vy<4o5Mk=+`7TqpdA{~Q#Qq`N#V8|(h6OVuq4}4XVq!;*J
zQ<Fq1ut)=mS=%DHkiNk~kO*2A(#!G45ucQJQ!XxN>YB=WXjg4$Lpw5fz_Bjqm8G)v
zqvXx*fM8~kWVSV4u{Ehe@102QXufHkL?R0|j}%#q@057vNt{~~gmlXV)}s_qpRvFp
z4D%SfY8AmLh81G*#%OEUHm@7fh81!-AvOX8I(6CC3FA<xDYn2OxfF}&3|=G_Vi7g*
zm(req1IdFM0R1c742Vw*!>`=wbS^Xc$ivw!ZL4-_8^QxfpvTIC2FS3wj39-itH-H+
zpR8aOd2<09HK~WdSREk3$0dkvnIbpk=pwg##;)YbYZP5ds$i*xcUd#5Ghk@yP|uaJ
zl(Jnn3$zt+Ff%Iqfln7ERAH8#&v{n+^2{mXTRA@k+s>FBJOr$9c3Q)Zo6ka3Nt4qN
z?nWS)O&-|%&<hoMjO|QxHqblN>wgLT7uI2S7E9MT0U{<!+T4d91BpTWbjqoDMBikw
zR4hT?$)@rp{G6bl6BG0&<JH4g<rF@q#_^ZKU(k>7@j}u~r65=rmRW_VQZk!`5xjzL
zU}31hMDFBq(k-)Q*lM1dw2OFFN#px`WoDU`P8E{a4R|(51D4!8z3M^i!Y3iJcdI{O
zX(weYi3j`}pIv$l0tx-}ipg?mC4g|s<2k^X&p63~hi~%Oi4f!p_%ofNDXb`^@P4}F
zVk~N!=3ekQnab1Wa%t&OypY2`c!rl*UfRV|`a1~@SEdjW`a9#=6Zn(AbiFCO0)CF(
zJoGzWurYNS-JZld$wH3)_NKEXyiu^JzkCsfID9ILueN3JjQf=<KtmLY$-)fg!q2fh
zz*8ziAbNH=>CBYuZOg1}?rf=C%-KM)JC&w)X?pYmuL({QfRZhxrqH%j0M1jT$#JkG
z4-HBL^|+hVZ+n$OvVcye$3<)WmctN!3B)Nz5i?vTDLzc$L;_@GUWQT`OIYwSScYVl
zC?rik%Bc+Sk)5E47rj!3zwt_RKqg&+Hz#mHUDz|7J*x<08ZMuu74tx0gg|CZ^cb?9
zjb9TCOg6)`Qz#JWWidQtcfjMNO8B{*rfe_AWZ@1an>W57QlLNW?a7kkV7aoT84!q=
zpGz>7CeTf;hrmgv(E;>XYREt6`$`#OdE6OZEYWkE+88c_lMS6SNv2#Tbk9o_OZgNY
zXG=tw9)X3);enT;mKn^S2q@|FIKWw<NL?^_K$79z0%@Dbj+{;kPMpf*hk~^e-Arcl
zpwnq4IJY>N(gq8I17i0o1_)D2(zOc{PBNb@gxO%t;0B+|qa}wqu-!(+I!Ga!yB5+e
zPE;0$zy@WsN5oOhfm*iUlXM14{SS`IGR`OpQ|l;a^O!%I5}2K$*I6<H)3M@a)3DXi
z%h0g-O>5lt=*&R?9Gy1kguFx?HD*e?boPTefyHvD$Q+m{Ha-VqKy^e^n4P154AR2H
ze;wdgo|p8$T)k@5idFgreGIEMgi^IW_DrkmW6$hbABF$<Ss#Ddg!!C9h^p)}QeVRs
z3<kd5c>VDAUb$emHu_gD@HH}`lt-Gsz*icB)fcH$h-lq#;4As8!x|SoBgH{z<-3Ad
zSwj#`bJ7&RuXY8oM#U))M@2O33Sy;W=qV3Z7MxK<obC!@h5Am;>0LprB28jf5bGQw
z=cV7QX%kAH4zr~bh3OIIAoFyAv3OSyEA+DFgFkl#v8qtIogTz0gHMJKwo-Jr4Ui=?
zW2c-EkuPJolUj)x^!G?mlY{=Jy)96TX=GU3<j|~YL8}ZoLmTkF1q{$yez7ff<oi}}
z>PcJq4Z!NDlxFu@AFOYaj|ar)P?_hO07s@~Bw<^Cj9+wT!@6fpSGjK+P@eHjC6~$O
z;QW#?hFaGqEng2}Egl=$+`okJ=T%a0;(2Ij(Q1jjF33liSJvg2iN))BH;(o%iNdTA
zHXum=#u7;aNdpbqo2k4Gd0UxA$X??6uGw!;MNI)uVyD%MnQ$1E@LfnZAM6TcSQS8(
zlzRp?zRj8K5T=WgokboNI|IdFDs5pB(N5Dyb+JnDhEfur@<yaAvT6otI?kw32Qf{>
z8Wj+>nl08uU9^XJg5r3G;CbwWs;CJ&fLhndAd;6{w$@?<+ahBV(Ia%$A(Vnc&&f`n
zD{@c56FabcQvmhWV)Cmg#H1YrfQmj~2_o~*q&?-}xP)ma#pW6Kfhd?!QX?YC5J`lb
z5g2q~ocGWXQJ(G2S{?;aqZ9SJYT$q)mkwm)NTw=SG#H)Gj%E>nT%_j7$VJ1Kq!Xmn
zBs94OCmPkHmX8P+k6M?65t=qev0A(`t#DzVZXxR^2RlgKk9-S+6Om6#`jKe`c-U%o
zJRhNYgnINW0`&reS`)~tg-ek63whlavoRT%7k1S;!Td`)$4DkCmV|%DA4E!M#`OH}
z5DJyrCSwik+_XLGk@yDqD7;0wB@xpG3nkB8HzelB=1u7{N>e~Khr3biJO1eq1(U1E
z10ICUy?OJ=2}oTuOr`$0Kwnh*9GgO|Hda%7UsA^R`6JXn4vkPvT7NT4P#uCMZEAib
zk%u@a(>EPE(dud9WFxDz>yT~U@g^~on5{Pg;fG^%{eYB&A22fy`;g`$f`H8(sfXah
z6+sJ%Q@PfbzRfZFP<KUAw%puF9n3SEY*uVCmd9qkRu4{EM1WU^e&<_Qp;7hJDHB5T
zH6M!sv4u{bD0!t0+;E)miON`rL2+YIY=QICz%tE5xo2cgY9G{@U=--)-ax(%PHiN;
zKLs<;V`-DLWVLgggA9F#bV(wX4G9E1N2SMy*-orvXrNm&V_%+t*O0^hIjTd%Dc6CT
z)%_^+8$xY^vRe!bl4{wYlh=ZMD@VWFb|TzGO<l_AnV{Ih5quDdaM;S@5nPf+Cu-D(
zGkanogrTihthgx=PhKq^$Sx2rkWYHq)2kyVA#&PoM+Id^I_Z1nZge~awn=ZE(zXbI
zAV_skZw^jAN3Sxj)r6!71q+i-y-+5J3WN;`H>TO8iY_CED&j~uXE6vbA+<C)>v6)I
z!m6M&r9DJV$=u9S=?Wv0C=*_5Lop|;iDNgG{>Q*$YUnFq-)gPR?(1kv5YHM^ms%KF
z(}M)4>e$C-t&u4iSWfu6?W9v6g|xYv4+GFDbo~?N(_%v)8dYUD3L9UlI8i|4h9FgO
zG(n4?&)6BHs4Qo~@!Qo~Z6gvu5J7D=ktkIJLASyqMn#E-7I{Qscr#@Zw8A4&rApF9
zO&CN=q{<bynn%<qbAe$YTl;MVN4ENBY$_)N(!@TUIR;@Cy(5ElXbI$@<7NR;m@|-;
z7h67Ji0e<73<`kNO(2Sq%{wS0i6axBvT~US+S-=leM!Ps3Y2F=a!YaBV5S*9x(caT
zJ?j8RRjvZXp9qiKrv>wk&xNCRo#Lwm$UN{>9=jGp<v=>Qo%Ep<fE=wsw+3@neR|8w
zlN1IUsaJ*hD$U1ad|?up3tuIG%)VP^s#1+7iwH4n>R6rV5zIX>rly7Hb!|{osiwwK
z7GYe4i7>vR%o$rmCPJcA85WH+Oac0&lgeCSIRdG(2t%u=+EEbZi7w=uS&AQ`5HV9Q
ziD$7GxgiLjYL;ruh*vjy?yYcIi6`bDvey>mphdpTm_U^=^`ux4Ey{jH__q9xjA&(h
z8x~4L)dKbfFtfn^wt)QT3(~VtPw@dUWw84p42(Fbe#%SipP3;piv^dPUs><;-X{ZL
z8g<KHwo!p>TLuO@VMIb??iy=!aLigfig>FWlHZ(S#j^(SXSQREIR@x?Nnpn=2|}mf
zClnaKVMy9sLR%J60jyU=nGq`rJwz=72jDN#n;~w4#vU2KY@kSz01qmSK&>{{#El)^
zyYV@;!zv(zW=^lsf)MzguvbW-2<%CY#bgn`N{U0*oqI!~UfiZGWKs#mJ0JjJ5&^$b
zD*{s=XLSg9N%JKt(dMf`gc{pI{&#|Bx6t@XA$*}>wMZhoD}{Jh$>Y!$RoDsuY9Xml
z$@!7o3q2U-Dx)iZ$`aGmQGn_8X;-#sNKsvIok7~=G#$3J8~sQ#IT9r)`#O!xYH6{z
z2I<i(s(=k3)y?-08EvC!eIa1us){Vq2}ur7%@7fVate9OMI{%hc@kQDpljk$I4ZKp
z_aLcBk3v~I8mN{riym5S+xjsB<knqtF<EdYuwo})LYg~;+lr^OsElk{Gl~<GC>PJU
zMi+hK<JUiiL*z~^Y&O~#m`pn3OsiYc70@I6jPvc!@DqBeBm++-093ltnUE3!DkpIY
zA=Fo)-KBs99dn$?*;BA=2=SqM7m`6x1W<F;IZmL4hNpJ5+M+eJ1|@`xeu!5H=+O^-
zApXjGO$SDEC^b;0r@%ffEGk%p%v-^c<IE6K7PB^O$3yF4=SL!)zYPP{tJo7qDJg!0
zv<ijJ+cR^=jf{l;zk{1N){vX?Mu_Cw^)|vrs(ulsf2vf{#2&ypk7p5xPx&A<>`_r1
zkz9&vMcWahspP<+gK0EqeUYRghgO8krZ7qNTQ<tABx@RkL@?Shg8M{i2L}1mE`K^^
zDAP2af*EcvR`IN;<vO|OTQdSOLvU$ME{+D518fZP&s<g`prjjV?7H@7WKG0)@ihoA
z$UwNAjgvx&t#A}>i=qz`qIxQG6fU=jS<nu^*5~0l;v$YgM8Dp;xFFV#;#Z0&!>2JI
zyxD=$gQ!6qfgke87qoCsSZbV=@cu@pA(_^Xm1wTkV1N`2?+#5&o}g+5WTuuYOPHT)
zWC5jhOR)i5RHjMctkl6297w9<{n;owGWbjr?(5dP^oYJxh=|-TQFOYoXV@f9k`d^?
z0M3KEX=6_$!2~vxHL9vO$U1^LOu|Um-bmGj)#!f6516{DEM{BgU_`aLI)ptg60;#c
zxzn%-Md9Au!zfGIJZ@Gf=y>Z2%+$usiU{0@+&Hnpx!y#lHGlXq25b>OF&rsK81uo1
z%(XN)@mx5KSamFHh}Fy?5P}4974*fyqdwabN+mC+F_(IjCp&98<~+FT6iBSjlGtAb
z#uxx^AOo`=xJ_^=Xio^yn&JfKsTuwSeZjXv;YkvLBT~J&N_bdpsu{BC&t8SBLg|qn
zZpa$FLkR9sJ)_u16h>6`jutn4<;Ua<w4r6S1@m#f+?;pF2bd@b+7ah?GLZQ!QqQ2M
zk^|gYJUF&_iCm~CsOPXgN?B7LrMR6PU~BWTvkflvFTb<>xzt+<q^-9Q4&)OG;{5|b
zK+sq=8l(FgT1q+ocv|G}4@6SoVG^LY79G4Q*nw=#qMtqlamupoAzqqMvXyzTbGUC5
zT3QoxP&{EJ<=z`b{$a?kS6!@zY?2u08?hEAa^TsN*bPquf;2k%ig^n79zlf&Huy6_
zLdfQT@)p^rF?lNNt^)?(cEPO)VYb((*5daA?+e|&z{?7gKdLd(QIFcC!TSq*ZekG8
zT;^r6!&Y>lfl{x=#W1EI8Sw;635d8wW@8vNfk=*;f|l&VK!9-s?1bs3CsQZ_(Mni}
z7G~8s)^`%(=oj}%m(58<nDG(;^Scr{QL>TB6>%sFon>i6oxl`};*I+F-w8A2f+ny6
zQ#q{2qKu6#(!ek_wd{sVD|T9gB67M)BM5M*Y-x+QGs;v5JZk}gwSeh9UImyxS|?_T
zqZ@`@WBW#hQ+qkvMvV|6kEzui<d1WZArpMSoG3Q_IJ`+(Kac%`1;M;jLxecEnN!C5
zuUc4Umcn_)(RZrUT5vj}{2?eh17Y-RbA;+lf)J{%kn<3#Iyf-ZW-B6p2=*c|6wDLK
z0VFGuQoZxEYmHOr3(8jJa@0M~CPIue7%#Zt&YA*Flbt(*7&&c#{S9Q?gz&hL?vQGo
zHu|*Jj}`@0x#7VSxi7>_92-@XZIAqJSTy9xz>$mnPZbk6;zoIUL<=k*zT|*V{uV3l
z+o8dp=$zukt~N5W)B!h!k}ag+pB*6DEfPbf=CQA7LB>SY2p+3nC68yNd-RnAgSr@D
zNLj0{<4GB23n_(cjYQypU#8WB*fL6rSED?*BvDJi>Yk5gQYRShPO+E_n=cG19xLy0
zBa6R|4yL(442qKC=6c|d5?zrCxQ0h?<J<_@4@)5|D#A3~WlVa)s37Q-C_c)=1ZE{D
zG=|_ro7O#lLpokilQz+Pl(!EdUK$$zcoz#?n=)&t>q;FoeRt?A$_fbQ^2Stt6RarA
zY`lO#(mK~MXx_{^!&Gs=a)=iNmt>sOYzq7c5&!B2L9*uvNMhE;-w9Qbq%rdw(A?C~
z^9)Q=<2kTx1Fx93^$8&ir=Q<1uviuQV7gq*?Zq4=EdR!U&f98Uf#x2Y1~*wQCYdIi
zfqSgTJAS8tFZ*s7=_qnYrPZX@zrk4~xY0ThDKM|o5a3`LbmxNF8lKOjgMwz7ZpB#`
zLqjLw)p-S;I&6l5C|e?1fPCB_z+>wDd4*c{+6?GL=0=SIF5sPCCL{Z7253p^s1{AJ
zX4+%bAoc~()18h++j(6H0Ut)dq=JJqyb0nDGlMBd11-?dN<g6NUyT(w)A+8o49+r<
zWsW-ZDs2R3K8YX(Oo4Tb51%SzYH<G6XApNP*PTJksS%-33K26oJ_`$ii%V(1LX*$|
zldw;gl2Q_FGCyY&#oKU|C^-^=O&3QojOrAyCT;1+Fhk}BsV{W7GOL?X@FTGC<|xMY
z{1aTMAk~v1vx|mNczy8%Vq1NYIpj%*Cr}=>=F!;t`nF7=3Kh}EYV|VPF2}AQHA`l0
zvT)$d(*k>9*{Ci+FtS?bgd)CNDI5!87fm0JA;m6!ZQ_s0r(sQ^kJ;+ANZE8pqyUf{
z)j}AkVQbcR{Vw393yht?201?z$VZ$hz}7PeORG^ln)OlqjN#B4BJgJ>n`$&utQf9C
zOp%o@S(YLSl<_2$!G(VzyZ}U?D)p6K(bO1FGE|JH?8NX6s<AlPl*A`e{BfXgyty>H
z=;&xu*D#D16sd`#{>40k=a40_GvJrrPGb}+I2U2k0BeS^i0;{dnFv~-nq3aJH7Ic}
zG&M0<Bf^y(;1x^+6@nd?EBQda5hVerv~-0{S=s@MyTJLr2Jr$Vtbmu}e=IGR`XK&J
z<`MZBCIzYo59JQUkqOsI%`37D2$KT}X3?GZ_!fr`oiHA5JCv8(llq5w+qvNE<*35W
zjj>TuQrk!YyR<ZG(g^Rj_$?%MPK>DeG%za(Pe8nBWFvW~-m=qo5DhYKTW201p8KBR
z83j4PuI&<MdSu~-Y?H0;i)h;;%OJhVcuqHnE89772>zBWATb+(Ux+rV)XXawi?HJd
z%E$<Negs!Bj)wWM9ujIXSAm13&|7`LHW0bx^G9PQ=6R~;9O)g1Y))rn{gr^FpDyMt
zBQ};I3(QRM$X=U7uLv+?9VzV~U$M40=a1ODScZw{Kw39$$4~_A+Un^2rWV*-78z8k
zYU)Y&MMOW0_9OvtN{kAK7Y2Sa{3K=z(RGjlDqr%Idj}Im*XR)^J|qTQaR6CC(?<Y0
z-+fA_Ix@<Om5E7Y8Jn^05uFjor3Tmm+eFeS4M*t`^i6*Uu!tH|1Y+>{7}ut<Ct#(g
zU<SUWEk!qzidMZt^$IDrL|k+|%hQS~zO)mIzy>MEJ|qTe^l>dUz8WgU6(!|&>UF-j
zmE}K9?q%7mzk?9TfdTy%g$0hoS)7_gxxxC{x-WYfJB_^jO?Xa_Gcg|<f^sUVBIl4&
z;ivDAkXr3fjoA?h%tQglsv@Dp;Y@7=_sFu3s*w$$A{u4ax{1$*3~t;2ZIYn|mvLB1
z&n)r%T)0F5aca1C8<(?@{2iv%`Iy0Jboo==%T1dhj_@RMMa0gq11k(amvz^;tHFO1
zx&>NLv=Y&5+@o&nBR<IgV*#h?X5{}^gIlG$I=gTcV`o=<T|8ly6?GU8bu=7`v2Mk5
z>Ie1%Mx(-mF9q<H)=pheyx8bQxhlH?ra)9c!WHMS(1S@hBk(}(dA~n}{;ZdzhT?>8
zDU1u%eMm#4gkmILa!{5fs^cz~aaoqEf6MHQM(a>us@qoqV|kXZ)FF=NLrMB5>4eH_
zPY0jE5N1WU>mV0LYN-GNhlFgQ&6IVhLe8Ji)LIl<E7O;YqA#C)`lcU98&{a66NbWJ
z38A>8QjrQJnFsbI3Pa&7G8V8ASS19d^b+w=<#&YDvdels7UE!Mt4GsW^8`rT9$zT!
zdoj+wUR@$Fp*C7z3rpzclzktAMiHgjQsRAGr~!716Bdix63=>Slj-ARad2bOUAfLe
zmI$s_S4eJsZhbl^47{a-G+5MiNbv=;h$V;di}-8aDdU1slnW5zxCpGl`%FU%eX>{k
zXCd8B%gxO#B{Z>^)r*@MoP)9_e>(-X<^uf&%-4D+lLRgC#e0$KgH6+gc7!;;tN6_&
z2}M>&pz>n1ic-)<^(S3_1JL_(#l%9jEDG)Dv?Ux5%H{RZ62!3j{^>@rn(t0QubN~F
zyH8W#9Mk|D=B*d(h~By_%tRrfb$&8`^H8fDH;qJT*vMLK9b%sYvMA|!#T4`o9Q0B^
z6KUfjX_{RabOSIcWh4ep2uC!hWr*7h!GmOdb1+UEkW$Ho(Fo=U)2+a}&F5HZ6Z@%#
z&1FdYoGhS&1$Oc#KU-S(_mts6f`O9$l#i<ugmiV1#IWWKm{Mb5@vY@A%b@Vc+~s&r
zCMZD&XQtZ*hZilOA7&1z9j+&e8JM6;y77^|H|AEm@KhAPhP*;a5`E@H3jRt6r3|Qx
zYPwO}o}lhwm=6M$CGn`-IT!LJg08wA!6z`mM*{|9UD&&tFlE&>+<Kd?T?M3O^+Z*>
zje6<eSOIJjF637eYE?y%2v&HNX@7E*I^X0$N&k&q<x!(HtzlY`YsiL4WT)}v(4=h=
z!T52+egQhBHSj)jdbrqDErb@7*`KJTEKr~wXkt;0k0`?~YyLv~Cu@tQR<(M{2VCF<
z7T0Tt^&}8YFzVaDYLk6!C;sU4Kpqjhv;kVDV8NuwC~WRubLv>#Vy4X3ufVs8v=%Cr
z4>zn(vJ7H{Tm@tA=%$TbUES7HSLZREU2Cib{tJX)b+W8kAh}ut4u=3A9ij_`K#3fX
z9|TPENuLWC{J4cwQI!hS%5boOrnY&NygFM{NQhig;cE!x*d=5ebu<L0hg=>*e2$zW
zXq`OrI7Xl?z=Ph*;A5a&-JY}!v=6xqjIRNTdIxJhJ(-2uKLjqeB-Wn2{Iyr6hP4t$
zWuW4sy$!cZql_irWQ_~Dp&KCC3%N>kS9Ng;_jwnmGCBhumZ5DeVuG5g31a!H_5dbF
zn_Z%b2?U8(6c&-2C1%C#dAsbax#QY#+~J)nPWQmQVNatFKpJS7n#3LD_<@_br}F7-
z8Wj{cLoiiQgkh4V+VI%JwQSNvB<PA`EO?6C#^Bh5k>>X%L5GV5<`KA&-a%!(p@XCe
zuuN+%&2AomVkEV~L`2jJ=qc&V!Y^5kpc;u++QBF&Rd;2HuC!}|$T+xjBPce26cxIr
zDtRL>md;jKHsLHR@)f^^?Lnx;@$zE`PU&xyeZti1_bIK>lc*@^PJ#U0B`m*SaM%^p
z0gR2=)NJM$M<>e4tfh3xQQQkR=i_)wbcY5b7O9ztJ)yx&8iyRF6ey7dsH8i*q|yb!
ztHUzqGRr~2Ae^&^ydsGR3_)-&5{Eoh&WX~2k);S>NRG@z;-Bqmmk_B_%9eafJ=UjR
zh}~#X3!L$z#E7t8G%fhU>bdBakq05&;2=S$Sv9Ywyj(+EjY7YYlL2@uVzLo7Ok1*n
z!DD3Rc@jE>gyN=Kz0W}>-peFNg)-?gu}1m^dm|Rn<TO>KVeo#GIwv>Hrt#Ad2{<~B
z+pwxfV;>fIG_@V(VIwj!s&^EJ#>~gA8k7-l>NHZj>-5HUS51XluE08oh4YF3P=5yY
zNfzGuxZf$<tU-JmstZk4N&wnERK;0qhyo<Fp=<+gr(zvKNdTZVVJ;J1-l27)%dEt}
zy3r*O+mfNFz5NhrqvDk~;7&l;iqof0J4RF}k0D{=lq!{SxZQ^ieQ8IMq%4AfvVKM=
z=8KBc`pDy}C{bIxkdgFCAjfPwIdaX@BZ?OpSQx2Wb5(*N;EtRtiPJDn`*R}WgRtG;
z8`Xrv)mX-bq9UF16vx)=LKZS2gcyVP-oW9|9bm1j=m1u&(VEyi4{4SlRVrX%*U2Yj
z0p>d+A@qQ*IdqAVzW5f?Mv|HXzOy*WMs8gF^wZV}-8l12>x(dT*Ggs+P=SzT>S`!u
zwW+zmg_5Y7W%#ts5zt|pCV;KYb+Cx)Z$%dbrRll#ImM*#VQWfG#J8j<u^Y01up>fm
zVS@o~)+0lhn@vSAGtj#b;i_eUW{qW`;v3Xl*_QGeAAaUh9J>&rpaDH@M<eJ30{x)R
zTDGl_nrCz-Q2~>VnQ7KPHacLfAGL<oZRr?T*K2k4933Ut8mD9vW~3>;ou%SIgThph
z9643Uz+hrLEjji!^;B5&lhv;WzA#&mX(Zx(<FWtt_$(@W!^&NR5oCgfOv0HBNMPNf
zZ;;e90ryq#8yTz@*-CyF(M}tKQpKFinMq<Dvc;;K+UN{10~Ix41k^PDm?nkAOg<95
zW;vb~RzzVQ1izL8v+2yF0E78OEpkvNfE5yi7Ev5Zg^hxJ%FxDmww~I>58zGN#Saj8
zhHy-C=RfoK0i4${{6KvZ#ScQ?1^9vZZWljryv{;qs?*R0cCm$L3|oMqvPxcp1wh<a
zB+JzmalH<b{^9cCTQ;JE22y^-{@5gsQe(L}#7=xWAdg`4TP39Fnuo=4_OEd<dX+mu
z8W|mc!yG}c2H~E?Bh@nm9oxg*n<C}L06UeV>~ZVp&Tf*<f<g~HK`BxtSPE6KRCEyu
ztxd8~S}>l;V;7*Qd64Ejk7e=&;tUZ*7_XCv1>d$zBHa*ejBj_b9?5zJs6sBB=}sR4
z0kf)FZ7V9aAwvn@4k!Q;HI?CI1A-ifLMgFp1O=0B&9Ys!s!?&XC|r|A4MMojs@yqI
zmXFPDHlZ6tON_%RR><#})%Z#_mxh&Qb0JIm5o-0pkwF(;8(DJJ;>{xiOGwX0IH*50
z+ITq41P-|-F9&<olOlDKqzVX$jCzW759o;?!U_3^MU+MXAL11RFM!BPL9423Wu@ZO
zDQsswIQiQ>1h&I4R}bL1xv2t6)4JLlMPlP>?M4Q~%xP(J2<R6Mxq<$%b=C;(vRiTN
zF{`bu$DAT2T1{^roJ;v?XDeGZ;gl8}nERd$_Dmf|Q=90Ly<kkm%t|egQ53QbMH0y)
zldu$&tMa#EsJ>Ud9}R~7Isy{i!uMjC%1+5HPev=*HBrLI)?Ej5HtI0~jwp<nfZ(!C
zw+bCX-ES2V?y?0?GVpuS2|B-cQN1<=5Kvr?B<5$c$#6TB*v__3;(VG?Bfuu-t>i#L
zII7x;Od-`f5u%72S!;D}>#e(m55fVv2P3RE1x>=yyJHfyyXTh*sK<E&kA$@O1&?~1
z2k>IZ7G_o)YvgNcooJ=m9^4<&yXcI~`G)^OSoAr(IS`64G-~y&3)%qT%uq=&5LEhD
zq{bh3FYXjE#z8;|`$?jgK$BL0J8C1PtH?9Zp>n(k$`z2X{32^^ld~q!fRhc4)Iv@r
zB!$JsCCI^7W#8DexJ?<xH?e1Fhw#+327+x=S6HBMDiJB$diC5vc|D#VaVusPyf>3C
zIK^Hj4G57p3@S4#e1P^Abzi1<QPWz~$zz<wHH^B-+-KI;6_#ppna_Ft(p&zoHUD-M
zo6FZ7vDhw7DD_+zJY?i>{66<z@6)%nc5<{aZ=ArU@%KDYYcTjq>Y$*8G=i#AWmKA?
ziclbKsWfYU35Ss37?T04FefAQ^K|n6$%6vn@f1Let|0v*m%#5w-#KRl1PJ}XsO{*_
zXaMpl>)<>j8-NCJbBn8Lxkf2pajmPdq2FY_Cp)&Li|#h$o==Nx`#dU<iTkLOFPl_|
z<ue_#c3#}l!5)A30mwK>51}u&r|gnFPPMO4?++nx#^UO4Aa<Jut+mMbCO3KfItN-(
zIz;t^{Hi;=v1yGdfj|iR@Id4$AOH(DE6GG#*1wc~DTt5#UznjcnJrZT=#3SHgG|1_
zS${s=5Wk}pNB*vZx?aQ&)0LBKFHwTVDC6DG($7>1OetjDYXTV~s2Ea>j9xi+y3|_m
zIfVd*OjtN51c0LxG$=?I*Wpm2SroeJAd9+<L{|N|lU`m?rGKO7TSH0|6io+xIw*st
zYBtdRO)Qh#&n%B(M0_Pf4;h!$!ls$o5<aP8weKJ(8$~jYMPOsR?G>56p(<OLW%*2<
zrk+Y2CECleXecA^hz4~KZ;?*==76M$p%!N5_vGVR+_M&tn!ptqvvlx9OUbQFb3{$Z
zj{-?(?jy$|T^uW1GeE{%!PcM?I)@xm5*J*ylwuV|YSem3W9}d~(1;Qz7D@%8z=`D(
zlcHVGy*hW~Q$*lVP9e`(cjV8>5LpzIsZ!Mqb~Qjulq$O0I`AR&X|cCt&hT-luZofl
zBQri;yB8*Cx{yVO=c;fr@@{)p3I{jkOi}(D=23Qwv-An#AWlXF^Oiw$BJUm0v-XiW
z*Ig=CJsg#-M+&9gsCAct@toJd)_Jz<)#t7<;!&WmE_aPSSbQoZ?kX(%oVZ}J5tGr<
zl^b&4_IC4t4GRb6cTtCLJlMgO5Cl=b)Z0{GGzLi22#0~G**KL2!0KQhcgoWaRZ;=y
z@<b9UUAmGe`3I}u+amKv7B&|04rC#*flQo4$vY%1Dbq}F5+Qj2$LUi)eJR6W%CtwI
zbxU%k^L;+Bpv8}xSU>>_isx?v1JQ)r<l4*02iBj;g-an{NR}ksE@Lu@*vWw}0s-2j
z9uRHGM(g}wWG2~GC`#@yA}DRO4{tF2h1^|*OfDreb)uMo@p?2yMTuO)r$MI<MLCjD
zMJC#gZ5mDV`hjp@yMd~g5X2bKu$62~44Us5UdJkDY1h%jr>7lw8}S=`pdgZ+r!ZS0
zRCtZb;uEB}l#_-dQ`;e(87GCy9ih`HWvyytq38S75pC)ZaFPLv;KX@Rf!_(tBjsdE
zd}x5J4ESNaWM^P$2j`1q>Xdp4al~*`1&R*&VWa**$8|tJYHK7{p(-oPXaq~C6ALTH
zCAq6soghg8^-7sgro8kcC4E@g(V+*z6si0bsUE6V@`4-RM~WAX%)?j~2n0B&6_z3w
zXWW6ID{$!;!(euTlcHu9b_Omx!vH4qPCSF@3gSb}wgK80Q%!c!gb^7rA2gvCqj8GR
zO?Z6$35kJ?P=kJ-TXVfGTvF=S0&kosz=UjzYc+}D;sbss0k%;+M&om>ZW{x3gR_t6
zPh8UyzA`CtTL$(8qd-K7^UhFl;v{76;+pfrHG^x@IOzo2G1&wkHAphSMrJ>-96Byy
z5+bi2YL0jif6rYp6$QfZg~4GLG0iJ6MXp@aq!rmqT>@#2?Bd4|spd@_;>4^9mPkEf
ze^-D@lYq5LxNBWVmCMmM5y=KjFRF24N4VLN%8xdAWS@j4yX3femgBhSY{No5z0C{H
z%^F*E-G=M?Ho4}bNHy8D=jU6Y<CSQ9$MfsF?4n^~>mF_uzMix}L1R=?089>?IlPPg
z!vr#4y1iIYwKh%CguZgtAP(JC6I9~&(@rM7unCQxN$c6rI>A7qOlRV?IIEdsO*klh
zg$la%IJxubCP*@taH@cag{MGzvK{HLBK@Xsc=T`aR+|!JNnyzd-ifF=={FR?J;E}F
z5W1->;+Ijgr$o7*<gd}mz7*6T&2xQ>*J`(@+B%4B$)?w^00jRcuF`_2gcQLvo^nev
zKhY%D$dV&?bN%K4(JOtY`e9Gk`do1w7??$!sw}iX3z5eKRC3G05`%675K&v-A7ePT
zREGde6;z9WPJR^$qJF5lV%T)#6)aqEfXEIShYKjAN@H#{uBc)Hf29XD5vCsopc$4;
zjPcn9+Ax|hX1bCpCplra3PA*t{#rv&AFQZ!UWz$WwqAfu-Rd4AS5O7$#IIj6{EF_d
zK8T~LRABWA>RuwjQYayVPd&8hcXXHa0c#z1rZ+MGWq@QzM=`gkUSkH<c(rwyjZRF$
zj9+yVa&V1&WK?g!(;K-oAvR)cRq)b5Vr}f92$bPskxow)d<M6aay-5)RY?pc$hzdq
z?3K=*E-H%Ua9>6RN!o^4U#xThXag^6;3gnmEuzWnab!J;l2)=u6xo$M8W_}I`m;AN
zS1*7<geX`Gb$s=z)hky^ek{9|5ueG($ti(3h>n{5g;u0b29%oJ>zRT(ARh%`bB28$
z$#NOE8u2KMEODD6#E<B{(2YHXJS7Tms)M$Lh~?AQm(XrNJZR{m2eFnhUJKZobaRln
zY^?`f7+CebU~rPrG*p;gvP!?3xHWJ1at08;52!Iue+ZGU(xUUGCK?v9)tE0NNFrvy
z&5k1?$Ji{b)ui_!uYqHKWQtahBS&qjg>%QSKbA2|AIdr5m-xkCF%2<@Xc}H|IThJG
zT)9bM)u1Q_vZwkN=Y%(I3?Xk!<u`$PnI(C8Imuh9r%(gWff4;u9Uh05s)Il1<kj6q
zW8Sa)VYnK@a|tlm+Uz@K+7X%58nBr8`jD9utuFV3V<#$X++^CBoIQmULXw{KsP%;e
zeY9zb*bjfUlnaFl&ZCZ^#Jw+T``9+*Wd(;h<0b$KNi9Y%YOD2$1Wr0lBLP^5gP*vP
zpVvY5RH-z?EFIV_y)NOz+s3$Nz}(Kw@$iTDC+07)e8#!dYKc2k_$g-~tEYq-9WgYk
zy#4w~C}vtk&*()Wyh4Se?T_$f)!cj*h^mrNx<>P2Dpf(|7K;9GtqHpLi_@PMT7Gn;
zT04;%u9H2CXbrX1wd$%BPirwNs-#tlta!R-t5fL89Pc!=jwCddJjU8*(L%b7ihIjZ
zV6hMr=x%6=`~cUX%M<8N1Sr7=lqiX?EI)chp%>rlco#yod8qqutC$MB>c?goFv>wh
zr}4T!%_kwsn#IzjD!{HB6lyY9L2(lVDxUf|&<d}7rx@WzPMzN7t0mx>&^^h>B8wK8
zSGZcNkw{Gz5bTDae~8@hpHYH$%|O`zyA8~2jKTp^<q9n0YQ2UA5<z-V65cpP*CA3!
z+_4}_qQUeFEgu9dtq#WgI8<L#YSb>H1#N-*i#Yfpfr0^rfst@*cJv-r*jD9*pD~-c
z1M;%;tEyF|tpk$-7t+C*z#&zrSY@GNRaZ9`!9Til#TsfSNrxz>55lU(`qROiFu36S
z#s>6bGVATZX!{#Y3ZfImgpvJ5PyjX)2TbeWU)+|BG#+7$BVB@a8}ug_EkJ0pGOQw0
zV;iW$&Zu}xA!%AL!{!)wChe&#j3Kbm@SWU=m<`G%8IAt>GC}AFHfttD2j3f~zcB^H
zE)|0mTBC-;eA5aIX?&*;QFr8Vq^~54E?LC%7-Fu(Y9IlC1)_*1(sq!U;>=i!se$-=
z2{gm91@@0B47NMFjMfO|RCkt613}ojO9QkuDBF-hDFZs^uma+ElIBlQY05OjS{#jO
z@u>0!4bX!O9@pKs#*zZ4#fd?MEFwyV`RLH&1*X%dDcWeR^474)2TTz>0o)O%O|hw0
z1;LB+m@^~ioTm|(l`knbD#OQ2&F?5)<QCgWPLPfg>7Bq%$C^cxqA#emc!U%(Q6<{s
zO4YY5)VYo=l~9Ttl)eb-f)%T^V(Uopge4u2dfn^k&;%5ujTwfGpb^a#tz*RW+LM?<
z3G|TMuXs;nf9Xn4?5~pgsmc<js{>UHf*@gu!e{**(YINLcoQekJIvqF2AlMzlYCW1
zWDS-mV2zt^bk89I7toppE*9B^cxzj-2Yr`~D48=39>+B8pN7oH^dLU?OyF1>DFO18
zu<Bc?QX>?^AQzlOShbNL0a#SFDD!o4R*BiF$3nBvu;R!g)~tu&ThFFZYgEF=OrO>v
z%<}`hBebyC2~^XHc(!;=+=H}vWFzr=EGaZWJ_7I(Aoew1FpShTx`RNaXr?M&8C5J%
zyI*JIavfA91gKm<7>oqtFC!1O(;^9%Anzjr%G<MQFdPxMg_^?8DRoFHD74$)NXtQ>
z<`PDRM4&Yz94&}(ghT-2Cc1V=pzt8Y(tKFl9~i7{J}`Adg-Rvy$;qh4!7XJrG!s)2
zp}et>O4zMbLgJNbpm9nWEle~wkjnVg1Y14Q=ApHlHV^gn_puVHtp+iQG**=Ened@#
zMqX9<Ni;3-pQ$#-tI~dMik=5<=c-bp&6(guv2}tXt(3aWOfWH(coj2Ryyc_}v71Ez
zzA5c0$`e)s+RJi_3U%IKJW4JOU*b_aNmi2tjPl#y!RIAum{~^PfVP@OZHRH26AOZg
zcvJGK!^Q5EQMx#45B)1K^(gqCd0gFODQXugdZ^l*rtQUSX!4@)rVK5=I5&w+njH{L
zhekDOD@5+OKx)=AV$)UK*wNUo6U|!Pb^$ary6+^Ux}HTdJI`FUe<^}7^7Wn(<idiF
z++twpjS&kqYL!$B1T;!04CDVbG9gjHJU|r{KQqnywH(prELb-pdm-Dm{7M=0D9R+B
zD7Cf=pv6_+$Ll&1woBq93&5p{OEo~1F$v0P;HG4j45VHI?}$Qw=ze1LSV_R~CT#6h
zLvkr!6p6mY#WQ@&ghnTILU=b7TvI4{V@a5!ih3AAM?GtGND+#yE@fFDw$R;^tzD|@
z7Eyo4S~x_d)@xXZQ>78SsAaPHW=R97ghd)gttXd>lX@C(ScXAeeFZySCW8n`szn5~
zs!Zl=iVP8Y(a<{5{h)1;vNSZRp-~Fw8Y^hlLFYgy^g=W5HVSnv)VpP<aAq5KbFy_!
z)Zowq)t|Pe?#W8tE_5J4nJXM&3VtLDj1h#AMyT9iH3+jbXQybiaWdDSMZf~92~H4k
zZ#fmO(oPzwk}6VHE-DJD3dHO9mc)d=UxxW!^FE2mqO0*3w_we?a)LL#%K@<A3fq#1
z$}sdov2@VmvC0JvNI<xZM39Klg24n!CL$Se!+YG+OCpZR8Y2L>B$T!In694A?vsgd
z*&MQDne_^?zDVByI3B2b0Yl6U7KkuiR9_%_GZnQF8z*JEF5ld$w+MRl9E34aPRhpK
zArJTajl+z9s9p%eY$gJYP*@UdKeFU4JK}gOgp^>vdu*@4;<E7%77Gw5(<Tky3ERg2
zM`n><4BSSVC?pPv{~$<r0TbndSY;*Z=s*#K`lm;nD^)BRIdY^6lk72kJ}@6vMLYsV
zVc=xkrb1o3^@LHF17>0EQa&>vk;y_L%{W*huG$LkI_hKs^dWM==-w-?FNg&KaDFIs
zfZWz*v6NhbN|%HpT0mPWO(>gch}9(34%8$Zx0lc$n)$`oB~%*JeEEh)MRiOpRY1_d
z6tn?OFCs4k`JwSH4mMB80*T>JWT3%mhNFU8OeR_HxQ(*iN^?YA=P=#J9^t-{l%SU<
zu;gQ4``k*McjPK(nj{mZa78LVjkrw~Y^NvczPsQoTUqNuHpOWUVNwo>AOZOMw9APO
zFk-1{B9e6CmXix5Qkyw0XXHeyMWF(P*yeC!65PC5Tth92J9d;NXFXiZN7V|AgEhvo
z$gXp}jLn!8$%h^YK%G;Fj;~czSzMa|s><@(Bv8~I#dr*akX1$5NP`v@WlqM+RYuQ1
zIUzxN&DuJHRA@>w;;;@db;yjdj9u|mIyfTtLKJ^U7^lq`c7Vo6V5j)3kEkAJicl!R
zfjt}f6rxv5iC0A$2p0l<E2m&kEyO__<Z5(tYz@%PlvX1FGMN(Me9K93zeAYA#A{+>
zXrwNMz*#`WL~#!LA>E2s)*Zbb;}0>prt~bTb(EdL#ccY9I=ULJOpkKKVrd*+C&^&o
zEXg(H<IF(>C6kF>LUUbF39!n=nGQHLg#Z&vBtF1Tfm1$~YE2@kw@gv{PoB@jWC!&M
z468dp8FRHvjKtQ7Ifsc-3}v=7jnbN>w@<jmN-3Nl$Pa}xbeLR!bfm1O7vmY6Y!dCw
z33ftqI{Pq5Iu{gyqd=HSNL|Lok+Y;<P#j%{eqg$?R2g5=C6s_n3nWi%m3#tzNUm1L
zg)@_D7^^rDEj%L*onvUq6jp&6Xc$%XXUNfwG!L8ueUK}lQu5+e%ircE&^x0(bE_Yv
z#A~2?^aW|nSW#(n9N3^L$5jWJ?}Deq%TP#bV0PdJ?WH23nW_pS^HUYzJHP=t912-1
zaGtR=ZAG1rx@9y0jbU*k`V%4>$O)0r43Kyb$o!-nRH6-E$ED~AE>+J(@wKH{(un^a
zjw=~^Zi7rqx#BGC1DtFe>dq&fsK-piD^rf5h9NBohM&BWE&USb2(0%5nZi_t-~}Td
zxvF{`!X3AE$6oIu<`-rPs1J(}ifs;}viXI97*&qw*9a~|TtKnnMdOT;on$3y6_;RO
zkTFjgz!j+gVXY+oqBLwxsKoP|H=a~eh};ZvacW&q0KC*h2~l9JH5QhJ+SB8s0t2a?
zNm*fe+)R)~fpnfO2?rn+v3S0vL2nKYFHcvh=Q+2X1^Y!rmrv{FYHiD~F72SsriExM
z6%f@))fMaSq!?yBpBo8yRzS`3W~#;XTiZ*3bt9~CqBw~t3tR8ppmRZKNI{bI>$FGE
zS-ec4JBdFO4CyJN>-ivIDN~4x09!vS8X-Z!5~~G<`J}<XbVSE=E*TShCUJCQd8K)=
zF`}%JS0d?>Dxu))?xlDl<x*);I0<&u2;GrP0x63C0E1!(e5si3Lpz<M*PQWA157NA
zg5&@-<N@(UJ%Ir6f-~8CCC^adP7vY{!pL4ESbfPx%?v5}B^gR6r36kdglNUVjudH_
zO;vFJj>N(IGqS+S#4)IJCGc9GlPlYEK2syQY?Ls}lS15cNSl;nS&33W2?Ss*dVvl<
z7nUQ)AxtkJGlQwfAR7VYiz)1rmOD(^wA$)=RLDqDSQn&F$HgqB8ivG>WF@Kbn$@FU
z0h@_k*;-*#=!uF(NvI>2)U4ixf}UwDI7&7^yE{Rm-ASjg<fRb=I$wuz{0I$ifglh6
zKfep=P|wcT20;uz!*_x&L+%7g0Q+nJW~Z#3V>U9kT@dW6VR|=|g8;FUJq&;e4z&|m
zz8ojXlosZ<k(NtSMIbGs)_I_2fr8^gfS|ku@KHJ|V(JTMYry=eAChzi=54L3sM74Z
z;iV65#Q4?UnJ2znpeB~TYVN*l{&Z185Rq~EXs<Lfk5rW1yr$Hzt=BA^28f)jLS}Dr
z3#hbQ-*}CYV5P)$@bK4?)mjCnD7%CtaUP*s0rXM`d<k#KTEZANP}|GJ;AC@$_(*A#
zNpfyNJd~e?i^E9JFQ@99Kd~;Q2yZo|fQmt&!(b@-nPlViGK=#=OU06ODK)mW>sh4L
z_tFVLW-`5K>&b5sYnteVkHK8P1~|X&IffiUJ%&jl=+xLn7tc((7{vuEbR{`cPlJ3S
z-bz)~Tg=HoW&kP>3GEn+1y$8jsC<JG8Gr;?Kz_O>9zxfm9i3iIDvJ1|BI(M-<!lI@
zLevrE4y&*L6>5ccb5RXV2B_8b`EXw$xQuabF-cg&wxXDl>2MW+FmUKJ!yJie>xN`+
zSDGob)@l%#a}wjmJ;0nh={JS=vPdq)B61xr5(}}2n)pj;PrwI>H~?BwxY~;;k<pzP
zMmQp35|<f$<Ppm$R8-3Kbf8K@pT^3Qi3p)a%Lr2Nay?G<`<!=4Rrpv%#Ta^pl+z&?
zcH0D7movp-A;?Vx9f^~kFIc9!8~l|VlS51+<4|fHT?59=okpYy#f#F$C_)`)RQ3a(
zE+YF-cyHEm=X0K=sg=vDY-wt>JfnhB#J6&OIHx%ZrWx96ban&7a$eT3zSddh*~&X$
zvH20DuL5zD96^2)(AhxmP_O?bvJvRQU6ht^IwwHHL`j?b@M9n`7=QSi`>Y8vnJnUT
zNA!6%l`rAv1pS<tpg$R}9=<B4@G&)xza0L8evFS7l5Q$RQ78}+rb@|db{Rs-@r~_H
zRN$I-^5A33tQjmh8c*6qJgcPfeZDe-h`3Y%*HqegHc11PsC@7Y3dm*Y4JZ<bpGMZN
z_@hUJ#?u1|kx$~YORqtmrJr6gSuU*v5KehKhq3Y*Ct2|DO&&Y3i~>XWGo7L-tSF`M
ze!AphENYtOUhp}Y%G2j^Y3WkDfWSSXre&6wcJY+{PC_UtLo(vOGsyVGpZulkP2m;n
zBJ}2=-|>Qtsnh88B;H9Da`d-1oh{*wf=&J9i@2p2pUUE^ZCO0ye&q_#a0S$OoxxoA
zIhF@_N@WN{&n_ns#AR<=W^Hq4OXVU8b^;w!X?mBYM=$W2;4}d!*-~l>ZA%5<JXM+;
z2TStMphQrQyGi}FSHYF&=wy0aw8n2a4B?kRoMIF)!*!D4!xU9Kz(jZ%N@Xlz!OLJ7
zl3AjVH2o;2GQdZ6f+k+{N{I8uA6|(L$fQf~!jz0B+_yc`*|Um3rs48gS}_k4MhIlq
zM2`_)ZsXSkH^^p~b_xX|y)1@@;~VgJsS<u}rzzXZG1+Vh1y1Nqk4S<3w6`Zqj)UdO
zmS#X8Vty_GQkp<FxgJ3s=m5N*8uAbN9=EvRBX@=uOFVOr2F>7BU3AVQnR1!XJ(BA4
zDLjV57>nr<SeP6hcqwX`!TgDUl1`5UoFQryUom+=lHuKg+D=4v2%pE+5O5-`gLV{Z
zt)ZLAY#wwv%>?HbCsR=z5W80~z@l4Dx~TAq;IVAg5nMBJ*yn@FAi!BP(t#kk7<UbR
zChDoOID`{`i$+8q)i_YeFe?K2$;>QLvrzVdEap_EtAk1)fQqQ-gm{e#ARs}6jukhX
zMul#A8T^9Z^rP%K*8!dAD3D+TxJyD7SS;t}%;7A;#zzRfi%LRCBq`uR535Tb;FRbC
zEz&c-T)k@5idFgr8J^&`A(X21v1h`^RHN%7JwChE2l$_#_3@Xjw)&gEmW&9+>ZkI6
zu^R1Yr9?~Rq){kvfTTxCLTEs(jn-a7-c3|&6-BDZ-g&2?61v!&oT);4i~?p5f0u(q
zi^3);s&7S4^Q5-$*M>c$T1P<}1QZ3E;<G;}(|xtAM86=an(N(BUqdlc{8Y#_Cvad4
zJvo|HJ#!_=iv~OJ_gz$~9+eA4C_2nSC^Lam5g*akFM6vvu*9X`o0w3PVOB4DpTNJy
zfvLJ#!-6}S6^1zcHn3PezHwBh>lZMrMbNV5WCTs~g~X?{4{vzZ9_?-P-vQHS44?Dl
zfzP>T_qI0rcO;(mQMfQ)+UYGX0Zn-@TUaY8QVnv8+c|6JbBql<)NlG#_r+HprH(mC
zdN<jf>}hXT9gq$Q^)Gmhgmk+0rjSfJJhTp%(&lMzv1hmgLWBo_EHj1r{kg8L?j(Rp
zCwr2s&@ruz#}Ku*mmv_NMkazKWpy@MLNbr(2h!7=pB*k_)cTsM>t`bn5JX-Uoo$p0
zXQXxc_IG)U#d!Dlcvs3fy2BYy*&Qo0_R$^3u5!{HE00;(l|H)5?&(>vLX$?OQb5di
z(Z?twM9*9d%EQWgALuLH8mFhn4Z1u1152Tnz$tKXp#nrX1p0U5zm6XK*O5xucE|X5
z+K)rza)Fi}mq!3%ndc?D>tIK|R|7>t1K?E3K>DdA)Gdl`XPu5?oggi*)cX(lCCIg;
zz)3r!=dGs5a|ev#>b@{DGng1pj2Bw=VagF|cEl$jYGA`bJVmUgc%OF13-s>bKje?S
z@SBPmc*}!3=(d->=#UP4NB<7g?<6KkV%u1p=q%5axy}xRA>wNgIbo)dOG%{f1IzT<
z84tmJy7&Gm3IPZKa>=<{U+Mx1`gd6P)j=ZrB>kJ}<}K6F(a{dCdqLicE5ZtJhUvIT
zMjfOrl(EFE$UfE}ibGXl2u?zxvRR8!Y#EAAsOm_Oc0`Bjt8|f=%^K^BYFNOsDQ|QQ
zWuC%x2R05`I8zgd>VfA&N$Isa8A2yXMo0%CKS`@Pf~m|__XwQ_K|*DaM=hv^ICHGJ
zHN!K2y%^EB`fUVMgYCh((+}%)dA8MdvGcDU(W84)d95M<)Hv^oXoxE0DW_owMU{~z
z0MneV7F;VkyE?n8VViP1CeDqp#?aMCTNKx<)z{I{een%*{iR}Raxj~6QC%X{;9BNv
zuiQ*Kldjigom^U;R*JH#w?u&WYwRi*alnYQ)P=i*YT;pcFge)YJDOZKu(5x%8n>de
zF`T=#yP<TXm>pF;(}otPr!#^KVXd@hH)V*h(kI#8<e)8cXB67h?>gvHuW^4qr&EvB
z?+&i`8aeZ7RH;Umg#w8TSv2DPrL)cmtf}9D`U@!qTZjz~+u68fG<)L=gj$PDx1lg2
z)muH{?K96jbJ<f27a4oV^Flnn7HImriPN*CrvXl)@^ySK5ABG?KrOlxoh#N44|lHU
z>0G&D)zb>K+<1)vzNNbhz}BMkGut~mJKO&?<q8PDBf@@POSEYCz-v$tfjEXyO;MyS
z9L*jqig(OSkO_$<O`PO&6fv3^30iSeXRbmGSu0<S;E7F{jOUaaWbaS6gc2f@`IQ++
zbIT1?D2=f}bQJCUmX!k~-2Fj}JJ1M@5HNB(SIs)8(duR!MNYhR5dy{tg#9%&S9OtK
ztwF0Ni|Z-N>+F0sS4WpvyLNMQ<5;Py`gN#v>7pCEcl5bQ+D|iFn-bQ^g0q#}qVUtu
zk3uB}*PH)Ss`8{Il5%M+(85FS#@>-ZYp8dye~p!ZRb{ZZg38L^x2gUDwEi5uzYdm6
zC+!OyqD^1_Xkuhwcx+(P&>HLKZ+QQx11CRxP<d<9@PIY5oJ}3QYZF#?&kAehs?|p?
z@3uBOg`dCS1L2<f*RAVMjIFU2g}Y!wNp%;C{0;`;?Ol%o!<*K=99>w6jlH9z{iAEF
zA#9d}>+rRsC?BGy+rOoMXv`XW)i9>JXn15(qJMOBU}$~+$jGJ<o|e%!zFynAc4NPl
z=-oU@?<Y*_<R&*Ei%|37)bF}QH`sW1(<mSt=^ySL7_oX2geX8(HOUqDucPK96C3+`
zM*yXSTdxq$N-U)>V(O{xG?T#7&1KaQ(THh+qcf`aVuPZ<IvXjfrX)~%hs2E2uz*tY
zSg!8;X_Fq<&JfGUssTl4YE!&VEwK9ilqvjbz@~%`Cb9WF>WwaIooD*UfYGHI>&%P6
zveN802%P>ZAWC<zs5W6Qs_vb4Py!y?iK1KQ@QmiOF<p)_aW!$Q%4o9`d^(6O&Nnbm
zVXJhkLA!u@^IX_KvsBAJ^(=Ah#m#*b7>G4OR!?p!Gg`LGm7o+>wGO>pe5SfJucd#7
z+kjt!GG@O1c@Sg3m~XR%uqM{jT4UAf`Gy6ajByGzPuOsy)&$Ae0Cmsyrwn}m-jgxZ
zQ;mdQi|=uEp!r6r4-?T|J(#Kq_~{X7hl|sWyRqnbz5o~@yDoxjk>XZ!MXuCQqDF=!
zCt7G3m0q6C=5mM_s+7~kX_TGJAXtX#+w#pUX^Mn#(nbeyGU}qWqSaaiyjDub$xoZ1
zk{FEx0&D-tn+JvmA;H!aRe9zX1w`a#nUTR;Wb_KrHby!{E-MU~mf7BDw@VU@^lm&2
zlBg!_>b=HC^Dd!tm(a<@X#MyCl5TyuK<kN0=zZ#iPEEscGFF4~Wr!`t?1-H#S(+SE
zbKE#kcFB&g&1m84UtM;LUiznAG}|RE&dvUbz#urR;UZ5>I_Y&Vp(aqY9T%6*))pVp
z%tAYq0pW%gwX{@ILwE`ak`czvI(EP~K@tG?5C#OsW-Xi)bTcPQ=E_}`%m{bA=5#R;
zEl-2|7)$FhN7gQRa+f^$OqVBPX?l+GWh57k*(W<$%B+3X#KE*n-2A^JZu*DxE|Vk&
zG0epz*+^jb`brkj?xDc$`~JSD;|K(F)4xM?V7Gh~c4s#^LCwrab6k6DQw|1Y_qY~+
z&37Kxh%WbI*9Vc}3nL!6D+DMM5WjcZC$^k_@|}tAy!#?V!e4kuTiZ+8UL*tJgAE3g
zeOV3^u-#b>HQzk;oVI5@Z^w=#{j1FE)3)0l4?U}`jek7&%6##_^#?q8N%GpuKYY}V
zi|#-21;4+2`_B(pvihR@f*-eE_NSkG=t~b49{a)#6XQo5`TCRo_RA+;a`BEYz5TJ<
zZ$9D$mu=bmQ;$teTrzt`=GI?N{q1LqRv&V$ci$n;+i>;j+%G<9{ruSjD|i3u9iPAN
zibtQd;RTcDANHZ1J<s~++OzK+|MACuu;SxiIp^^GU%27&gKs)>_>9A@*yooA+%x(4
zU%m0*_0K!W`{way{q<LSy=UF)mhJ!kSM~1M{fc#a+_U0|w;lS$m+p7)$o)rO_NqNz
z^O2$F|G<89um3uH=`Rx2kxyKF$A_PM@~$6`Z@=iVb3e9k@7<rsU3~MtV=sEurAHsU
zV(QvkkIS`hIJ@&_<u^UN$IG6#_Z_cadeiwgzwW}Dj(_CqiOg>oujoGG%b)({H*f8^
z<jBj~&RciK!|#3VE!l@Y^B;#6oeOR|_1g<4ueo^r0UtPj!$qh4_5<ht`9y2&`^Wo^
z-uK=`m%i~M&bzy;)I%TbKkw2Le*WQ$_WS4Xi4XniOJCh|>f_f<jdg9j{P)LQ`ocZG
zvg7hQ*1zw<=j=27merSUI<faRnRoAX*<ROop7Y@gUi`tU@4DgFj~;v6jmu6SNxlC6
z_5CFK!8`6c`5Nz@<Ls}T__d$?^5WkQ{rSEBd&ZBBJ@(=JgYUibhp+xk;Uiyu*>8XM
zy)*1Bk7l-<bVT>*Z%8g}fAh*u?QzSS-}UUhFaGqc!>b?o-f74F@13c=yWX_t+wMJo
zzxQ3Z;@j7qeC2*y+m^iQl@}ajopR&5dtdk9=#820Ut4(WkxR!ux^?SA4<9?Z>D)KB
zJBPph7o~0Az2t`Dj!hl;@t2QpJp0jYy~%wp+;hdclis(c{PlPBzT#b%{bJ_4?=JoA
zUf2HdmekF&pFjT{Hy`uY&+XrK$~l(|9{Az^eE#(JKCtAWl`9{A%bB--^#zCj{gPXr
z7(C>V-+gi6d%p0d;k}<z{J}8~y01F<kga#lymHH_&;9Ab4_*7do_o5^o&Dsh?xVJR
z>i#2~;`86q|FV70{{96M`@Z+B_Mg`r_~<V)E8lqLOWv~MwoRWuYvu6D^4t5@esr(j
zzUhIU&X@h^2Y>$0v)+2mos+v=dCO1F?RstQ(eoZX;lz_({>DR&I_jQ-Hhk{!{oir@
zOa80;lHCt_(T)p_op|iTFTUpQ-Ftujr`cDY{G3bneDuP@E-nrae=GmT&*rxu(|*<X
zKQ~-`=)SMcP5p5Emj~Z@&<zhf{QMo4zpLYd<@eoQIR5e9{LiH$BX{ocj%(joy7j*w
zdthtN17A4t)QdL!Zswz(J!Ze3-S+5Zd*1WFsV7{QKmV}h-PeBq{H6BlAN-^5H65Sd
zcJ=M2ZocE6U*E6mrmodb^qzX*C;s%u$0v_^{LFX1_?8>D9e&Y`iI0uG@vGNA_a$R}
z*SlxG_tI027`X3i@9rKQI_Q$k_y5PzKYwxTvWG4|{99LFd1`skzGn8EFC1Ta@jEX#
z_s%zuE#3Rv_6@iHY3ZV~k9gM}-@D_phwPns)$xZ{_W$ycf4%H8H*fjl_Uj&g?6Gg3
zbKRMX9{=gB$#-7)nVG|_f84V6=2w62>R(-c=rPmzbAS6hyW^{m{O#)7e*fDi2d?|U
zwZDG!Lx1`EJ2(9Pvd`P6-@N@j=?fou>j#d0)~8={)GJ^8k!!YJvj3Owy71OJKl7KX
zZn^c&-QIlP&o)2#@QY43W$@PJ58u0E&)?sF%inML;ipEfJM*BQ|FrkXcf90)t$p3w
ze{s+oGnego-^*uS^yLFzbi^^wyYV|cmt8-w-;(DRX5VwyeRp5*!H;Zy*=fH!=x6`-
z$b+kH+mbx*{)4ubzE-&U&eVI)@7w1GpFZo)rQg2og8d)A{D9x&ZWtavclMMkZu<3q
zy!(v1elvO3saN$LH~ZWR-}&m(U%c}5tA-94f30=dhR-g(;LA(SzUq}HBtP)z_aE4D
z#k2l;_pKdY{8ZuK>4(3+<#X?O`}KbszyF&*{#AMDwm;qW;C+Ai>^XPbu<72Z8@}}O
zw{7|5J6?Ou8Lv6z@ckb<WRJbx^wH-$aoZPf?%r|JBYS<}f4}tP1Mj*0qWf2@{`9YJ
z{p3xbd+`k)`uewydD8jAYghmAoo$=${`WUte*B@Q-gU|yx9y%f__VH-&)%3>{ordp
zG5h^5CXPA(wI5pWE4%#i!P{?l$CiEL-1e>eoi_F1-LHK4hS{O@KYjdjH#;5OU%0g6
ziZB1}hcm}~?7A;3x_`;;i!S);l_#C^w}JcLeD<}k`_WlvJaN_E_Sx$XAG4o0G`WB0
z)z|#z*Z)xX+vooF_w4<jK7adJfB3IQ?>TwLkG9|aKNnT5`hSU4-#hHmZ~g5%&%0sA
z>ZKdMe(|4o+_&V6Q_lMFan8i!7dk`B&ilwaUz~aU58nOAKlXV^|Lk!m9R9VHcaJ~+
zdk=i<uJ*U@cEv~D{OUjNzWe2``=;~P9VcG(ne@Gz-~O?GKj5fuZus4kYmVypSaNgk
zZU-On@|%u0{<;$;ewaJ^?!J%R{?8k4dh0`1eEzXh?s@5Ruevt*&xJqy;~&phx%lqf
z3+}piXvv|E7hXBN-)WDZ*S6@Pe_Z*<*2)#9<((fLalm1(Kj)1{?fLlntFCz7H}<^s
z!L#@L)7I3TkDTy@Z?C!dJ2&5aLi|y^zdnCQIVCcDR&V&kUbmitcj({0RlS>^O^Qs)
zPH%GI5zBEQ$8y|~G1=~<CX3dBfki0!OR1By2(7c68F7M(27G!WPn2`WsBR773Gg@N
z+!r0Mu!w$BKps+w3lm2yh@ZgoHBhfYVhHL+q)`DVByfEHyq~=IhTYoQ=${q&ets79
z3@C*b2Yg{dbb<^z`H%wv=!*^+z-4uJb{_{fKmnN=9-zk!fEBl}MmJbP7ym3cjtU1O
z@;{TEK?Soie?+{zT~JqzEYJ<`E~o#N5t3-(G1U<va464~B2f8zBX7`JK;ZCQiK3Kp
zuqW4{GEOMnw4kS}``C`I6&+pO3q(3bpc7fXPo?kiC}$GX7+YL|q5z@mibMzWmwGCm
zSadmrdeo6k(_H93zDiV11dq?K<a2QutyMwNb@yuZvQoeTjZo>?&Rc2}quq+0U^@o-
z%=R-m8(4^U2W(n7^6l@R^`$eg=np_VI|$+(f^DlZfb$ua=T7|XvrnaeA$jh+(ZS-I
zy7v9jAC{i};r4+m4!iY}j~w6miPazf(xd7Ao4<R~k-ghby#L-izWcV9|G!`V+jIIJ
z{pI`KH<9YTa&7;67wz-f^Oo*Y`sVnJpZdpVmoC5grB8h41uy*lE$g;^@oSsEyZ+82
z$}jxJ%=?z7kLuj<hE+$c{n>#BTz<&RE7sn)?3O=_eDh83`O9e+@AJDO_xSRK>BsKA
z^pLOo_o?sQK5RXF>IWZ6oc66H|9IPfZ-43Uv+udR_YCJ(>EcmWj30W~O&5NAB)??G
z_<wwK<p-~OGWlPJyzCQuFFd5=Jo|xdM;!T%<F7h(zvqwNYhC={zYp*D$tPcT^s15T
z|NW>}+;_z_-+$uJYuw_Czi`ry!sL<rZd&xq#mB$;H%pxk`wgc(ami&r-hS|o4aYtI
z^^g7RhY$6Bru`o;y8rbn&+WPUtG8YAo_D_D{KGHW??(sc&)e5~;dRq5@jidr?uXs@
z=euurr!To9ch5&J`s~2Zzj*&!kGbQ{ufKS7&F<IEUh%xl=KVG;-0hwJd%~XQ{OQtT
z4_u$R?EP2IzWo;`q+WXclkR>0`N7}3zvp*P%sg<yuMhg_>z4nsEq>2G7khYY(`cf%
zV-UIOlz$%D@K+V?_{n$h68(c@AAXtJcIMI6@1=uu!wwxYMk&dO(cTgBNq0NqViC8M
z?pTYsEebYnM{1)x+hHV`uMrni)yX(-r;AxSL}SEKWiwzGYpiJMG~X3jxE(NMtg#4Q
zZ+RducX-2YyPwb&o$k9Yr^5pmZ3kHNGng9R&U~@0ZMU`;w*7JQ#Db&u_|b0a_wSx`
z__OHUPqi;x=Y9OjquSc&U$^evvfA44Adq<9SkAivLg)4j52=11ut9tdgK*>Z!{2-5
zg5BEaUl4?aOKXFGk_i!M_XY@eEEiZ%zjI%T1|e8*fJzR~e}si^4(=AfLe%n7NdXi0
z?XMG~s^4l2YOU;E8uzra4-M}owOF&?AARLCMyUF|{u^SPFhYaL-{x%gJz4b|AUSi8
zcfDYe2T{M>-<X3$ljVK^;7`+o^oxvev->^H5#6ibx1TCLhvyK?8#m|h-f;I-S>)z;
z2YgcWuYRj>Ypq3aI*GFs&ZKd}?EXXjS;m(7z3DH}(+OHj%;^-u-3M(a=3sYj6N9PW
zYS3D9IWVv^-_U~vtRv<i2mDkFqJH0bf%r^=9QLd@qst3vzku<ywf)c8e~BIhS-e#y
zm_3CFCUjian$P}$`TXXsYHgI@Yfj~7Q)0iU-&>9npGE&Z4-AUO=HmR@IpO|IVc8t(
z`VWb|)o(Rst+_luFqdoeSf&hYj`74pVhr_L@qzGsf|9a1pL-+6&|)Xc&E|;9S8ZeR
zR=?HAG@>GgY7xyOhP%$)EmmN|>PHA`wJ`SF0LDJ@_T9olfeHLu&KAI{-<!6I&tY^0
u<qQ*D->n|NmpaU$F1SK;t$wQ^hd1m=6*^FY<G{9WKfA5%hwq>*^8W#eMB&u{

literal 0
HcmV?d00001

diff --git a/openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/errors/Messages.java b/openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/errors/Messages.java
index 1ec6a28e7d..cf34984fe0 100644
--- a/openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/errors/Messages.java
+++ b/openecomp-be/lib/openecomp-common-lib/src/main/java/org/openecomp/sdc/common/errors/Messages.java
@@ -59,6 +59,9 @@ public enum Messages {
     MANIFEST_EXPECTED_SOURCE_PATH("Expected Source entry path"),
     MANIFEST_EXPECTED_ALGORITHM_VALUE("Expected Algorithm entry value"),
     MANIFEST_EXPECTED_ALGORITHM_BEFORE_HASH("Expected 'Algorithm' entry before 'Hash' entry"),
+    MANIFEST_EXPECTED_SIGNATURE_VALUE("Expected 'Signature' entry value"),
+    MANIFEST_EXPECTED_CERTIFICATE_VALUE("Expected 'Certificate' entry value"),
+    MANIFEST_EXPECTED_SIGNATURE_BEFORE_CERTIFICATE("Expected 'Signature' entry before 'Certificate' entry"),
     MANIFEST_DUPLICATED_CMS_SIGNATURE("Duplicated CMS signature"),
     MANIFEST_SIGNATURE_DUPLICATED("Duplicated manifest signature"),
     MANIFEST_SIGNATURE_LAST_ENTRY("The manifest signature must be the last entry of the manifest."),
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/AbstractOnboardingManifest.java b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/AbstractOnboardingManifest.java
index 326eb6a517..372517c5f9 100644
--- a/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/AbstractOnboardingManifest.java
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/AbstractOnboardingManifest.java
@@ -1,6 +1,7 @@
 /*
  * Copyright © 2016-2017 European Support Limited
  * Modification Copyright (C) 2019 Nordix Foundation.
+ * Modification Copyright (C) 2021 Nokia.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -46,6 +47,7 @@ abstract class AbstractOnboardingManifest implements Manifest {
     protected List<String> sources;
     protected Map<String, List<String>> nonManoSources;
     protected Map<String, AlgorithmDigest> sourceAndChecksumMap = new HashMap<>();
+    protected Map<String, SignatureData> sourceAndSignatureMap = new HashMap<>();
     protected String cmsSignature;
     protected List<String> errors;
     protected boolean continueToProcess;
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/ManifestTokenType.java b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/ManifestTokenType.java
index 68ad91d29a..2e073a431a 100644
--- a/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/ManifestTokenType.java
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/ManifestTokenType.java
@@ -1,6 +1,7 @@
 /*
  * ============LICENSE_START=======================================================
  *  Copyright (C) 2019 Nordix Foundation
+ *  Modification Copyright (C) 2021 Nokia.
  *  ================================================================================
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -38,7 +39,9 @@ public enum ManifestTokenType {
     PNFD_NAME("pnfd_name"),
     PNFD_PROVIDER("pnfd_provider"),
     PNFD_ARCHIVE_VERSION("pnfd_archive_version"),
-    PNFD_RELEASE_DATE_TIME("pnfd_release_date_time");
+    PNFD_RELEASE_DATE_TIME("pnfd_release_date_time"),
+    SIGNATURE("Signature"),
+    CERTIFICATE("Certificate");
 
     private final String token;
 
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboarding.java b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboarding.java
index 8e67d7b5de..99ea9a5a13 100644
--- a/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboarding.java
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboarding.java
@@ -1,6 +1,7 @@
 /*-
  * ============LICENSE_START=======================================================
  *  Copyright (C) 2019 Nordix Foundation.
+ *  Modification Copyright (C) 2021 Nokia.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -275,7 +276,9 @@ public class SOL004ManifestOnboarding extends AbstractOnboardingManifest {
             return;
         }
         sources.add(sourcePath);
+        readNextNonEmptyLine();
         readAlgorithmEntry(sourcePath);
+        readSignatureEntry(sourcePath);
     }
 
     /**
@@ -285,7 +288,7 @@ public class SOL004ManifestOnboarding extends AbstractOnboardingManifest {
      * @param sourcePath the source path related to the algorithm entry.
      */
     private void readAlgorithmEntry(final String sourcePath) {
-        Optional<String> currentLine = readNextNonEmptyLine();
+        Optional<String> currentLine =  getCurrentLine();
         if (!currentLine.isPresent()) {
             return;
         }
@@ -324,4 +327,49 @@ public class SOL004ManifestOnboarding extends AbstractOnboardingManifest {
         readNextNonEmptyLine();
     }
 
-}
\ No newline at end of file
+    /**
+     * Processes entries  {@link ManifestTokenType#SIGNATURE} and {@link ManifestTokenType#CERTIFICATE} of a {@link
+     * ManifestTokenType#SOURCE} entry.
+     *
+     * @param sourcePath the source path related to the algorithm entry.
+     */
+    private void readSignatureEntry(final String sourcePath) {
+        Optional<String> currentLine =  getCurrentLine();
+        if (!currentLine.isPresent()) {
+            return;
+        }
+        final ManifestTokenType manifestTokenType = detectLineEntry().orElse(null);
+        if (manifestTokenType == ManifestTokenType.CERTIFICATE) {
+            reportError(Messages.MANIFEST_EXPECTED_SIGNATURE_BEFORE_CERTIFICATE);
+            continueToProcess = false;
+            return;
+        }
+        if (manifestTokenType != ManifestTokenType.SIGNATURE) {
+            return;
+        }
+        final String signatureLine = currentLine.get();
+        final String signatureFile = readEntryValue(signatureLine).orElse(null);
+        if (signatureFile == null) {
+            reportError(Messages.MANIFEST_EXPECTED_SIGNATURE_VALUE);
+            continueToProcess = false;
+            return;
+        }
+
+        currentLine = readNextNonEmptyLine();
+        if (!currentLine.isPresent() || detectLineEntry().orElse(null) != ManifestTokenType.CERTIFICATE) {
+            sourceAndSignatureMap.put(sourcePath, new SignatureData(signatureFile, null));
+            return;
+        }
+
+        final String certLine = currentLine.get();
+        final String certFile = readEntryValue(certLine).orElse(null);
+        if (certFile == null) {
+            reportError(Messages.MANIFEST_EXPECTED_CERTIFICATE_VALUE);
+            continueToProcess = false;
+            return;
+        }
+        sourceAndSignatureMap.put(sourcePath, new SignatureData(signatureFile, certFile));
+        readNextNonEmptyLine();
+    }
+
+}
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SignatureData.java b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SignatureData.java
new file mode 100644
index 0000000000..74277a627f
--- /dev/null
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/main/java/org/openecomp/sdc/tosca/csar/SignatureData.java
@@ -0,0 +1,35 @@
+/*
+ * ============LICENSE_START=======================================================
+ *  Copyright (C) 2021 Nokia
+ *  ================================================================================
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *  ============LICENSE_END=========================================================
+ */
+
+package org.openecomp.sdc.tosca.csar;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import org.springframework.lang.Nullable;
+
+/**
+ * Represents a manifest individual Signature and Certificate
+ */
+@Getter
+@AllArgsConstructor
+public class SignatureData {
+    private final String signatureFile;
+    @Nullable
+    private final String certificateFile;
+}
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboardingTest.java b/openecomp-be/lib/openecomp-tosca-lib/src/test/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboardingTest.java
index d582163774..288995dfed 100644
--- a/openecomp-be/lib/openecomp-tosca-lib/src/test/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboardingTest.java
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/java/org/openecomp/sdc/tosca/csar/SOL004ManifestOnboardingTest.java
@@ -1,5 +1,6 @@
 /*
  * Copyright © 2016-2018 European Support Limited
+ * Modification Copyright (C) 2021 Nokia.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,16 +17,15 @@
 
 package org.openecomp.sdc.tosca.csar;
 
-import static junit.framework.TestCase.assertSame;
-import static org.hamcrest.Matchers.containsInAnyOrder;
-import static org.hamcrest.Matchers.empty;
-import static org.hamcrest.Matchers.equalTo;
-import static org.hamcrest.Matchers.hasItem;
-import static org.hamcrest.Matchers.hasSize;
-import static org.hamcrest.core.Is.is;
-import static org.junit.Assert.assertThat;
+import static org.junit.jupiter.api.Assertions.assertAll;
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertSame;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import com.google.common.collect.ImmutableMap;
+
 import java.io.IOException;
 import java.io.InputStream;
 import java.lang.reflect.Field;
@@ -38,16 +38,18 @@ import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
 import java.util.Optional;
-import org.junit.Before;
-import org.junit.Test;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
 import org.openecomp.sdc.be.datatypes.enums.ResourceTypeEnum;
 import org.openecomp.sdc.common.errors.Messages;
 
-public class SOL004ManifestOnboardingTest {
+
+class SOL004ManifestOnboardingTest {
 
     private Manifest manifest;
 
-    @Before
+    @BeforeEach
     public void setUp() {
         manifest = new SOL004ManifestOnboarding();
     }
@@ -55,7 +57,7 @@ public class SOL004ManifestOnboardingTest {
     @Test
     public void testSuccessfulParsing() throws IOException {
         try (final InputStream manifestAsStream =
-            getClass().getResourceAsStream("/vspmanager.csar/manifest/ValidTosca.mf")) {
+                 getClass().getResourceAsStream("/vspmanager.csar/manifest/ValidTosca.mf")) {
             manifest.parse(manifestAsStream);
             assertValidManifest(4, 5, Collections.emptyMap(), ResourceTypeEnum.VF, false);
         }
@@ -77,7 +79,7 @@ public class SOL004ManifestOnboardingTest {
     @Test
     public void testBrokenMDParsing() throws IOException {
         try (final InputStream manifestAsStream =
-            getClass().getResourceAsStream("/vspmanager.csar/manifest/InvalidTosca2.mf")) {
+                 getClass().getResourceAsStream("/vspmanager.csar/manifest/InvalidTosca2.mf")) {
             manifest.parse(manifestAsStream);
             final List<String> expectedErrorList = new ArrayList<>();
             expectedErrorList.add(Messages.MANIFEST_INVALID_LINE.formatMessage(9, "vnf_package_version: 1.0"));
@@ -123,7 +125,7 @@ public class SOL004ManifestOnboardingTest {
     }
 
     private String buildErrorMessage(final int lineNumber, final String line, final Messages message,
-                                    final Object... params) {
+                                     final Object... params) {
         return Messages.MANIFEST_ERROR_WITH_LINE.formatMessage(message.formatMessage(params), lineNumber, line);
     }
 
@@ -234,7 +236,7 @@ public class SOL004ManifestOnboardingTest {
     @Test
     public void testMetadataWithDuplicatedEntries() throws IOException {
         try (final InputStream manifestAsStream =
-            getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/metadata-duplicated-entries.mf")) {
+                 getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/metadata-duplicated-entries.mf")) {
             manifest.parse(manifestAsStream);
             final List<String> expectedErrorList = new ArrayList<>();
             expectedErrorList.add(
@@ -248,7 +250,7 @@ public class SOL004ManifestOnboardingTest {
     @Test
     public void testManifestNonManoKeyWithoutSources() throws IOException {
         try (final InputStream manifestAsStream =
-            getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/non-mano-key-with-no-sources.mf")) {
+                 getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/non-mano-key-with-no-sources.mf")) {
             manifest.parse(manifestAsStream);
             final List<String> expectedErrorList = new ArrayList<>();
             expectedErrorList.add(
@@ -262,7 +264,7 @@ public class SOL004ManifestOnboardingTest {
     @Test
     public void testManifestNonManoKeyWithEmptySourceEntry() throws IOException {
         try (final InputStream manifestAsStream =
-            getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/non-mano-key-with-empty-source.mf")) {
+                 getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/non-mano-key-with-empty-source.mf")) {
             manifest.parse(manifestAsStream);
             final List<String> expectedErrorList = new ArrayList<>();
             expectedErrorList.add(
@@ -275,7 +277,7 @@ public class SOL004ManifestOnboardingTest {
     @Test
     public void testManifestWithEmptyMetadata() throws IOException {
         try (final InputStream manifestAsStream =
-            getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/empty-metadata.mf")) {
+                 getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/empty-metadata.mf")) {
             manifest.parse(manifestAsStream);
             final List<String> expectedErrorList = new ArrayList<>();
             expectedErrorList.add(buildErrorMessage(2, "", Messages.MANIFEST_NO_METADATA));
@@ -286,7 +288,7 @@ public class SOL004ManifestOnboardingTest {
     @Test
     public void testManifestSourceAlgorithmWithoutHash() throws IOException {
         try (final InputStream manifestAsStream =
-            getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-algorithm-without-hash.mf")) {
+                 getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-algorithm-without-hash.mf")) {
             manifest.parse(manifestAsStream);
             final List<String> expectedErrorList = new ArrayList<>();
             expectedErrorList.add(buildErrorMessage(9, "", Messages.MANIFEST_EXPECTED_HASH_ENTRY));
@@ -297,7 +299,7 @@ public class SOL004ManifestOnboardingTest {
     @Test
     public void testManifestSourceHashWithoutAlgorithm() throws IOException {
         try (final InputStream manifestAsStream =
-            getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-hash-without-algorithm.mf")) {
+                 getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-hash-without-algorithm.mf")) {
             manifest.parse(manifestAsStream);
             final List<String> expectedErrorList = new ArrayList<>();
             expectedErrorList.add(buildErrorMessage(8, "Hash: 3b119b37da5b76ec7c933168b21cedd8", Messages.MANIFEST_EXPECTED_ALGORITHM_BEFORE_HASH));
@@ -308,7 +310,7 @@ public class SOL004ManifestOnboardingTest {
     @Test
     public void testManifestSourceAlgorithmWithoutValue() throws IOException {
         try (final InputStream manifestAsStream =
-            getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-algorithm-without-value.mf")) {
+                 getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-algorithm-without-value.mf")) {
             manifest.parse(manifestAsStream);
             final List<String> expectedErrorList = new ArrayList<>();
             expectedErrorList.add(buildErrorMessage(8, "Algorithm:", Messages.MANIFEST_EXPECTED_ALGORITHM_VALUE));
@@ -319,7 +321,7 @@ public class SOL004ManifestOnboardingTest {
     @Test
     public void testManifestSourceHashWithoutValue() throws IOException {
         try (final InputStream manifestAsStream =
-            getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-hash-without-value.mf")) {
+                 getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/source-hash-without-value.mf")) {
             manifest.parse(manifestAsStream);
             final List<String> expectedErrorList = new ArrayList<>();
             expectedErrorList.add(buildErrorMessage(9, "Hash:", Messages.MANIFEST_EXPECTED_HASH_VALUE));
@@ -330,7 +332,7 @@ public class SOL004ManifestOnboardingTest {
     @Test
     public void testEmptyManifest() throws IOException {
         try (final InputStream manifestAsStream =
-            getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/empty-manifest.mf")) {
+                 getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/empty-manifest.mf")) {
             manifest.parse(manifestAsStream);
             final List<String> expectedErrorList = new ArrayList<>();
             expectedErrorList.add(Messages.MANIFEST_EMPTY.getErrorMessage());
@@ -342,7 +344,7 @@ public class SOL004ManifestOnboardingTest {
     public void testManifestWithDuplicatedCmsSignature()
         throws IOException, NoSuchFieldException, IllegalAccessException {
         try (final InputStream manifestAsStream =
-                getClass().getResourceAsStream("/vspmanager.csar/manifest/valid/signed.mf")) {
+                 getClass().getResourceAsStream("/vspmanager.csar/manifest/valid/signed.mf")) {
             //forcing an existing signature
             final Field cmsSignatureField = AbstractOnboardingManifest.class.getDeclaredField("cmsSignature");
             cmsSignatureField.setAccessible(true);
@@ -361,27 +363,27 @@ public class SOL004ManifestOnboardingTest {
         final Method getEntryMethod = AbstractOnboardingManifest.class.getDeclaredMethod("readEntryName", String.class);
         getEntryMethod.setAccessible(true);
         final Optional<String> noEntry = (Optional<String>) getEntryMethod.invoke(manifest, ":");
-        assertThat("Entry should not be present", noEntry.isPresent(), is(false));
+        assertFalse(noEntry.isPresent(), "Entry should not be present");
 
         final Optional<String> blankEntry = (Optional<String>) getEntryMethod.invoke(manifest, "        :");
-        assertThat("Entry should not be present", blankEntry.isPresent(), is(false));
+        assertFalse(blankEntry.isPresent(), "Entry should not be present");
 
         final Optional<String> noColon = (Optional<String>) getEntryMethod.invoke(manifest, "anyKeyWithoutColon   ");
-        assertThat("Entry should not be present", noColon.isPresent(), is(false));
+        assertFalse(noColon.isPresent(), "Entry should not be present");
 
         final Optional<String> blank = (Optional<String>) getEntryMethod.invoke(manifest, "   ");
-        assertThat("Entry should not be present", blank.isPresent(), is(false));
+        assertFalse(blank.isPresent(), "Entry should not be present");
 
         final Optional<String> empty = (Optional<String>) getEntryMethod.invoke(manifest, "");
-        assertThat("Entry should not be present", empty.isPresent(), is(false));
+        assertFalse(empty.isPresent(), "Entry should not be present");
 
         final Optional<String> nul1 = (Optional<String>) getEntryMethod.invoke(manifest, new Object[]{null});
-        assertThat("Entry should not be present", nul1.isPresent(), is(false));
+        assertFalse(nul1.isPresent(), "Entry should not be present");
 
         final Optional<String> entry = (Optional<String>) getEntryMethod
             .invoke(manifest, "      entry to     test     :       : a value ::: test test:   ");
-        assertThat("Entry should be present", entry.isPresent(), is(true));
-        assertThat("Entry should be as expected", entry.get(), equalTo("entry to     test"));
+        assertTrue(entry.isPresent(), "Entry should be present");
+        assertEquals("entry to     test", entry.get(), "Entry should be as expected");
     }
 
     @Test
@@ -389,55 +391,141 @@ public class SOL004ManifestOnboardingTest {
         final Method getValueMethod = AbstractOnboardingManifest.class.getDeclaredMethod("readEntryValue", String.class);
         getValueMethod.setAccessible(true);
         final Optional<String> noValue = (Optional<String>) getValueMethod.invoke(manifest, ":");
-        assertThat("Value should not be present", noValue.isPresent(), is(false));
+        assertFalse(noValue.isPresent(), "Value should not be present");
 
         final Optional<String> blankValue = (Optional<String>) getValueMethod.invoke(manifest, ":          ");
-        assertThat("Value should not be present", blankValue.isPresent(), is(false));
+        assertFalse(blankValue.isPresent(), "Value should not be present");
 
         final Optional<String> noColon = (Optional<String>) getValueMethod.invoke(manifest, "anyKeyWithoutColon   ");
-        assertThat("Value should not be present", noColon.isPresent(), is(false));
+        assertFalse(noColon.isPresent(), "Value should not be present");
 
         final Optional<String> blank = (Optional<String>) getValueMethod.invoke(manifest, "   ");
-        assertThat("Value should not be present", blank.isPresent(), is(false));
+        assertFalse(blank.isPresent(), "Value should not be present");
 
         final Optional<String> empty = (Optional<String>) getValueMethod.invoke(manifest, "");
-        assertThat("Value should not be present", empty.isPresent(), is(false));
+        assertFalse(empty.isPresent(), "Value should not be present");
 
         final Optional<String> nul1 = (Optional<String>) getValueMethod.invoke(manifest, new Object[]{null});
-        assertThat("Value should not be present", nul1.isPresent(), is(false));
+        assertFalse(nul1.isPresent(), "Value should not be present");
 
         final Optional<String> value = (Optional<String>) getValueMethod
             .invoke(manifest, "attribute     :       : a value ::: test test:   ");
-        assertThat("Value should be present", value.isPresent(), is(true));
-        assertThat("Value should be as expected", value.get(), equalTo(": a value ::: test test:"));
+        assertTrue(value.isPresent(), "Value should be present");
+        assertEquals(": a value ::: test test:", value.get(), "Value should be as expected");
+    }
+
+    @Test
+    public void testSuccessfulSignedManifestWithIndividualSignature() throws IOException {
+        try (final InputStream manifestAsStream =
+                 getClass().getResourceAsStream("/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignature.mf")) {
+            manifest.parse(manifestAsStream);
+            assertValidManifest(4, 3, Collections.emptyMap(), ResourceTypeEnum.VF, true);
+        }
+    }
+
+    @Test
+    public void testSuccessfulUnsignedManifestWithIndividualSignaturee() throws IOException {
+        try (final InputStream manifestAsStream =
+                 getClass().getResourceAsStream("/vspmanager.csar/manifest/valid/individualSignature/unsignedWithIndividualSignature.mf")) {
+            manifest.parse(manifestAsStream);
+            assertValidManifest(4, 3, Collections.emptyMap(), ResourceTypeEnum.VF, false);
+        }
+    }
+
+    @Test
+    public void testSuccessfulSignedManifestWithIndividualSignatureAndHash() throws IOException {
+        try (final InputStream manifestAsStream =
+                 getClass().getResourceAsStream("/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureAndHash.mf")) {
+            manifest.parse(manifestAsStream);
+            assertValidManifest(4, 3, Collections.emptyMap(), ResourceTypeEnum.VF, true);
+        }
+    }
+
+    @Test
+    public void testSuccessfulSignedManifestWithIndividualSignatureAndCommonCert() throws IOException {
+        try (final InputStream manifestAsStream =
+                 getClass().getResourceAsStream("/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureCommonCert.mf")) {
+            manifest.parse(manifestAsStream);
+            assertValidManifest(4, 3, Collections.emptyMap(), ResourceTypeEnum.VF, true);
+        }
+    }
+
+    @Test
+    public void testEmptyIndividualSignature() throws IOException {
+        try (final InputStream manifestAsStream =
+                 getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualSignature.mf")) {
+            manifest.parse(manifestAsStream);
+            final List<String> expectedErrorList = List.of(
+                buildErrorMessage(
+                    8, "Signature:", Messages.MANIFEST_EXPECTED_SIGNATURE_VALUE
+                ));
+            assertInvalidManifest(expectedErrorList);
+        }
+    }
+
+    @Test
+    public void testEmptyIndividualCertificate() throws IOException {
+        try (final InputStream manifestAsStream =
+                 getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualCertificate.mf")) {
+            manifest.parse(manifestAsStream);
+            final List<String> expectedErrorList = List.of(
+                buildErrorMessage(
+                    9, "Certificate:", Messages.MANIFEST_EXPECTED_CERTIFICATE_VALUE
+                ));
+            assertInvalidManifest(expectedErrorList);
+        }
+    }
+
+    @Test
+    public void testOnlyIndividualCertificateNoSignature() throws IOException {
+        try (final InputStream manifestAsStream =
+                 getClass().getResourceAsStream("/vspmanager.csar/manifest/invalid/individualSignature/signedWithIndividualCertificateNoSignature.mf")) {
+            manifest.parse(manifestAsStream);
+            final List<String> expectedErrorList = List.of(
+                buildErrorMessage(
+                    8, "Certificate: TOSCA-Metadata/TOSCA.cert", Messages.MANIFEST_EXPECTED_SIGNATURE_BEFORE_CERTIFICATE
+                ));
+            assertInvalidManifest(expectedErrorList);
+        }
     }
 
     private void assertValidManifest(final int expectedMetadataSize, final int expectedSourcesSize,
                                      final Map<String, Integer> expectedNonManoKeySize,
                                      final ResourceTypeEnum resourceType, final boolean isSigned) {
-        assertThat("Should have no errors", manifest.getErrors(), is(empty()));
-        assertThat("Should be valid", manifest.isValid(), is(true));
-        assertThat("Metadata should have the expected size",
-            manifest.getMetadata().keySet(), hasSize(expectedMetadataSize));
-        assertThat("Sources should have the expected size", manifest.getSources(), hasSize(expectedSourcesSize));
-        assertThat("Non Mano Sources keys should have the expected size",
-            manifest.getNonManoSources().keySet(), hasSize(expectedNonManoKeySize.keySet().size()));
+        assertAll(
+            "manifest should be valid",
+            () -> assertTrue(manifest.getErrors().isEmpty(), "Should have no errors"),
+            () -> assertTrue(manifest.isValid(), "Should be valid"),
+            () -> assertTrue(manifest.getType().isPresent(), "Should have a type"),
+            () -> assertEquals(resourceType, manifest.getType().get(),  "Type should be as expected"),
+            () -> assertEquals(isSigned, manifest.isSigned(), "Signature status should be as expected")
+        );
+        assertAll(
+            "manifest should have expected fields",
+            () -> assertEquals(expectedMetadataSize, manifest.getMetadata().keySet().size(),
+                "Metadata should have the expected size"),
+            () -> assertEquals(expectedSourcesSize, manifest.getSources().size(),
+                "Sources should have the expected size"),
+            () -> assertEquals(expectedNonManoKeySize.keySet().size(), manifest.getNonManoSources().keySet().size(),
+                "Non Mano Sources keys should have the expected size")
+        );
         for (final Entry<String, Integer> nonManoKeyAndSize : expectedNonManoKeySize.entrySet()) {
             final String nonManoKey = nonManoKeyAndSize.getKey();
-            assertThat("Should contain expected Non Mano Sources key",
-                manifest.getNonManoSources().keySet(), hasItem(nonManoKey));
-            assertThat(String.format("Non Mano Sources keys %s should have the expected sources size", nonManoKey),
-                manifest.getNonManoSources().get(nonManoKey).size(), equalTo(nonManoKeyAndSize.getValue()));
+            assertAll(
+                "",
+                () -> assertTrue(manifest.getNonManoSources().containsKey(nonManoKey),
+                    "Should contain expected Non Mano Sources key"),
+                () -> assertEquals(nonManoKeyAndSize.getValue(),manifest.getNonManoSources().get(nonManoKey).size(),
+                    String.format("Non Mano Sources keys %s should have the expected sources size", nonManoKey))
+            );
         }
-        assertThat("Should have a type", manifest.getType().isPresent(), is(true));
-        assertThat("Type should be as expected", manifest.getType().get(), equalTo(resourceType));
-        assertThat("Signature status should be as expected", manifest.isSigned(), is(isSigned));
     }
 
     private void assertInvalidManifest(final List<String> expectedErrorList) {
-        assertThat("Should be invalid", manifest.isValid(), is(false));
-        assertThat("Should have the expected error quantity", manifest.getErrors(), hasSize(expectedErrorList.size()));
-        assertThat("Should have expected errors", manifest.getErrors(),
-            containsInAnyOrder(expectedErrorList.toArray(new String[0])));
+        assertAll(
+            "manifest should be invalid and should contain expected errors",
+            () -> assertFalse(manifest.isValid(), "Should be invalid"),
+            () -> assertArrayEquals(manifest.getErrors().toArray(), expectedErrorList.toArray(), "Should have expected errors")
+        );
     }
 }
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualCertificate.mf b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualCertificate.mf
new file mode 100644
index 0000000000..6928da3007
--- /dev/null
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualCertificate.mf
@@ -0,0 +1,29 @@
+metadata:
+  vnf_product_name: vPP
+  vnf_provider_id: Ericsson
+  vnf_package_version: R24A583
+  vnf_release_date_time: 2019-08-29T22:17:39.275281
+
+Source: TOSCA-Metadata/TOSCA.meta
+Signature: TOSCA-Metadata/TOSCA.sig.cms
+Certificate:
+
+Source: scripts/userdata.file
+Algorithm: md5
+Hash: 3b119b37da5b76ec7c933168b21cedd8
+
+Source: scripts/userdata.file.sm
+
+
+
+
+-----BEGIN CMS-----
+MIIBcwYJKoZIhvcNAQcCoIIBZDCCAWACAQMxDTALBglghkgBZQMEAgEwCwYJKoZI
+hvcNAQcBMYIBPTCCATkCAQOAFGOGMKMvLSRzUBjkgZipSoZm1U/UMAsGCWCGSAFl
+AwQCATANBgkqhkiG9w0BAQEFAASCAQBNHXz1p5NBM9Nlvp8RPoVjszzh9UfQ/OCp
+mB926MTLexWOiawjPRKuoiXn4y4dQFZBXauunCOyXYfPASUMFnhL/7gvhajPH25/
+MwEyEsUqsCyJ63tAeYxZAqTZWA2pZi9ejCPoRnt6xl7EhEyogXiSBgc2P89hxhe6
+0/MP6Mtw9D8Ks7M1LxH6ntxGApPTNRlmMtQkrx/ZUtAcKKZJoNpofzdmd+O60PMT
+igNsuwzMNy5LfSjvp8xgWoxhWr4/zLRIZ5F5Z5qhz7lia9xDSGYMfPitDCVqI9XE
+O58S/FoHu+z3Tig7vauTFFbiJjIu9SkG0c33ayEUCKejuVQPjuY9
+-----END CMS-----
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualSignature.mf b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualSignature.mf
new file mode 100644
index 0000000000..c7b155f1f9
--- /dev/null
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithEmptyIndividualSignature.mf
@@ -0,0 +1,28 @@
+metadata:
+  vnf_product_name: vPP
+  vnf_provider_id: Ericsson
+  vnf_package_version: R24A583
+  vnf_release_date_time: 2019-08-29T22:17:39.275281
+
+Source: TOSCA-Metadata/TOSCA.meta
+Signature:
+
+Source: scripts/userdata.file
+Algorithm: md5
+Hash: 3b119b37da5b76ec7c933168b21cedd8
+
+Source: scripts/userdata.file.sm
+
+
+
+
+-----BEGIN CMS-----
+MIIBcwYJKoZIhvcNAQcCoIIBZDCCAWACAQMxDTALBglghkgBZQMEAgEwCwYJKoZI
+hvcNAQcBMYIBPTCCATkCAQOAFGOGMKMvLSRzUBjkgZipSoZm1U/UMAsGCWCGSAFl
+AwQCATANBgkqhkiG9w0BAQEFAASCAQBNHXz1p5NBM9Nlvp8RPoVjszzh9UfQ/OCp
+mB926MTLexWOiawjPRKuoiXn4y4dQFZBXauunCOyXYfPASUMFnhL/7gvhajPH25/
+MwEyEsUqsCyJ63tAeYxZAqTZWA2pZi9ejCPoRnt6xl7EhEyogXiSBgc2P89hxhe6
+0/MP6Mtw9D8Ks7M1LxH6ntxGApPTNRlmMtQkrx/ZUtAcKKZJoNpofzdmd+O60PMT
+igNsuwzMNy5LfSjvp8xgWoxhWr4/zLRIZ5F5Z5qhz7lia9xDSGYMfPitDCVqI9XE
+O58S/FoHu+z3Tig7vauTFFbiJjIu9SkG0c33ayEUCKejuVQPjuY9
+-----END CMS-----
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithIndividualCertificateNoSignature.mf b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithIndividualCertificateNoSignature.mf
new file mode 100644
index 0000000000..9fd1700f05
--- /dev/null
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/invalid/individualSignature/signedWithIndividualCertificateNoSignature.mf
@@ -0,0 +1,28 @@
+metadata:
+  vnf_product_name: vPP
+  vnf_provider_id: Ericsson
+  vnf_package_version: R24A583
+  vnf_release_date_time: 2019-08-29T22:17:39.275281
+
+Source: TOSCA-Metadata/TOSCA.meta
+Certificate: TOSCA-Metadata/TOSCA.cert
+
+Source: scripts/userdata.file
+Algorithm: md5
+Hash: 3b119b37da5b76ec7c933168b21cedd8
+
+Source: scripts/userdata.file.sm
+
+
+
+
+-----BEGIN CMS-----
+MIIBcwYJKoZIhvcNAQcCoIIBZDCCAWACAQMxDTALBglghkgBZQMEAgEwCwYJKoZI
+hvcNAQcBMYIBPTCCATkCAQOAFGOGMKMvLSRzUBjkgZipSoZm1U/UMAsGCWCGSAFl
+AwQCATANBgkqhkiG9w0BAQEFAASCAQBNHXz1p5NBM9Nlvp8RPoVjszzh9UfQ/OCp
+mB926MTLexWOiawjPRKuoiXn4y4dQFZBXauunCOyXYfPASUMFnhL/7gvhajPH25/
+MwEyEsUqsCyJ63tAeYxZAqTZWA2pZi9ejCPoRnt6xl7EhEyogXiSBgc2P89hxhe6
+0/MP6Mtw9D8Ks7M1LxH6ntxGApPTNRlmMtQkrx/ZUtAcKKZJoNpofzdmd+O60PMT
+igNsuwzMNy5LfSjvp8xgWoxhWr4/zLRIZ5F5Z5qhz7lia9xDSGYMfPitDCVqI9XE
+O58S/FoHu+z3Tig7vauTFFbiJjIu9SkG0c33ayEUCKejuVQPjuY9
+-----END CMS-----
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignature.mf b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignature.mf
new file mode 100644
index 0000000000..0036fc974f
--- /dev/null
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignature.mf
@@ -0,0 +1,29 @@
+metadata:
+  vnf_product_name: vPP
+  vnf_provider_id: Ericsson
+  vnf_package_version: R24A583
+  vnf_release_date_time: 2019-08-29T22:17:39.275281
+
+Source: TOSCA-Metadata/TOSCA.meta
+Signature: TOSCA-Metadata/TOSCA.sig.cms
+Certificate: TOSCA-Metadata/TOSCA.cert
+
+Source: scripts/userdata.file
+Algorithm: md5
+Hash: 3b119b37da5b76ec7c933168b21cedd8
+
+Source: scripts/userdata.file.sm
+
+
+
+
+-----BEGIN CMS-----
+MIIBcwYJKoZIhvcNAQcCoIIBZDCCAWACAQMxDTALBglghkgBZQMEAgEwCwYJKoZI
+hvcNAQcBMYIBPTCCATkCAQOAFGOGMKMvLSRzUBjkgZipSoZm1U/UMAsGCWCGSAFl
+AwQCATANBgkqhkiG9w0BAQEFAASCAQBNHXz1p5NBM9Nlvp8RPoVjszzh9UfQ/OCp
+mB926MTLexWOiawjPRKuoiXn4y4dQFZBXauunCOyXYfPASUMFnhL/7gvhajPH25/
+MwEyEsUqsCyJ63tAeYxZAqTZWA2pZi9ejCPoRnt6xl7EhEyogXiSBgc2P89hxhe6
+0/MP6Mtw9D8Ks7M1LxH6ntxGApPTNRlmMtQkrx/ZUtAcKKZJoNpofzdmd+O60PMT
+igNsuwzMNy5LfSjvp8xgWoxhWr4/zLRIZ5F5Z5qhz7lia9xDSGYMfPitDCVqI9XE
+O58S/FoHu+z3Tig7vauTFFbiJjIu9SkG0c33ayEUCKejuVQPjuY9
+-----END CMS-----
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureAndHash.mf b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureAndHash.mf
new file mode 100644
index 0000000000..44fb787b61
--- /dev/null
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureAndHash.mf
@@ -0,0 +1,31 @@
+metadata:
+  vnf_product_name: vPP
+  vnf_provider_id: Ericsson
+  vnf_package_version: R24A583
+  vnf_release_date_time: 2019-08-29T22:17:39.275281
+
+Source: TOSCA-Metadata/TOSCA.meta
+Algorithm: SHA-512
+Hash: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
+Signature: TOSCA-Metadata/TOSCA.sig.cms
+Certificate: TOSCA-Metadata/TOSCA.cert
+
+Source: scripts/userdata.file
+Algorithm: md5
+Hash: 3b119b37da5b76ec7c933168b21cedd8
+
+Source: scripts/userdata.file.sm
+
+
+
+
+-----BEGIN CMS-----
+MIIBcwYJKoZIhvcNAQcCoIIBZDCCAWACAQMxDTALBglghkgBZQMEAgEwCwYJKoZI
+hvcNAQcBMYIBPTCCATkCAQOAFGOGMKMvLSRzUBjkgZipSoZm1U/UMAsGCWCGSAFl
+AwQCATANBgkqhkiG9w0BAQEFAASCAQBNHXz1p5NBM9Nlvp8RPoVjszzh9UfQ/OCp
+mB926MTLexWOiawjPRKuoiXn4y4dQFZBXauunCOyXYfPASUMFnhL/7gvhajPH25/
+MwEyEsUqsCyJ63tAeYxZAqTZWA2pZi9ejCPoRnt6xl7EhEyogXiSBgc2P89hxhe6
+0/MP6Mtw9D8Ks7M1LxH6ntxGApPTNRlmMtQkrx/ZUtAcKKZJoNpofzdmd+O60PMT
+igNsuwzMNy5LfSjvp8xgWoxhWr4/zLRIZ5F5Z5qhz7lia9xDSGYMfPitDCVqI9XE
+O58S/FoHu+z3Tig7vauTFFbiJjIu9SkG0c33ayEUCKejuVQPjuY9
+-----END CMS-----
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureCommonCert.mf b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureCommonCert.mf
new file mode 100644
index 0000000000..d8a4b98f53
--- /dev/null
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/signedWithIndividualSignatureCommonCert.mf
@@ -0,0 +1,28 @@
+metadata:
+  vnf_product_name: vPP
+  vnf_provider_id: Ericsson
+  vnf_package_version: R24A583
+  vnf_release_date_time: 2019-08-29T22:17:39.275281
+
+Source: TOSCA-Metadata/TOSCA.meta
+Signature: TOSCA-Metadata/TOSCA.sig.cms
+
+Source: scripts/userdata.file
+Algorithm: md5
+Hash: 3b119b37da5b76ec7c933168b21cedd8
+
+Source: scripts/userdata.file.sm
+
+
+
+
+-----BEGIN CMS-----
+MIIBcwYJKoZIhvcNAQcCoIIBZDCCAWACAQMxDTALBglghkgBZQMEAgEwCwYJKoZI
+hvcNAQcBMYIBPTCCATkCAQOAFGOGMKMvLSRzUBjkgZipSoZm1U/UMAsGCWCGSAFl
+AwQCATANBgkqhkiG9w0BAQEFAASCAQBNHXz1p5NBM9Nlvp8RPoVjszzh9UfQ/OCp
+mB926MTLexWOiawjPRKuoiXn4y4dQFZBXauunCOyXYfPASUMFnhL/7gvhajPH25/
+MwEyEsUqsCyJ63tAeYxZAqTZWA2pZi9ejCPoRnt6xl7EhEyogXiSBgc2P89hxhe6
+0/MP6Mtw9D8Ks7M1LxH6ntxGApPTNRlmMtQkrx/ZUtAcKKZJoNpofzdmd+O60PMT
+igNsuwzMNy5LfSjvp8xgWoxhWr4/zLRIZ5F5Z5qhz7lia9xDSGYMfPitDCVqI9XE
+O58S/FoHu+z3Tig7vauTFFbiJjIu9SkG0c33ayEUCKejuVQPjuY9
+-----END CMS-----
diff --git a/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/unsignedWithIndividualSignature.mf b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/unsignedWithIndividualSignature.mf
new file mode 100644
index 0000000000..76eb7eed14
--- /dev/null
+++ b/openecomp-be/lib/openecomp-tosca-lib/src/test/resources/vspmanager.csar/manifest/valid/individualSignature/unsignedWithIndividualSignature.mf
@@ -0,0 +1,15 @@
+metadata:
+  vnf_product_name: vPP
+  vnf_provider_id: Ericsson
+  vnf_package_version: R24A583
+  vnf_release_date_time: 2019-08-29T22:17:39.275281
+
+Source: TOSCA-Metadata/TOSCA.meta
+Signature: TOSCA-Metadata/TOSCA.sig.cms
+Certificate: TOSCA-Metadata/TOSCA.cert
+
+Source: scripts/userdata.file
+Algorithm: md5
+Hash: 3b119b37da5b76ec7c933168b21cedd8
+
+Source: scripts/userdata.file.sm
-- 
2.16.6