From 786c7b6d347aeb944275fc76a796424573b1b632 Mon Sep 17 00:00:00 2001 From: efiacor Date: Thu, 2 Apr 2020 00:38:22 +0100 Subject: [PATCH] AAF common name bug fix Signed-off-by: efiacor Change-Id: I18f6dbbcb4310b510070b11fee30badba953a05d Issue-ID: DMAAP-1420 --- .../org/onap/dmaap/datarouter/node/NodeUtils.java | 20 +++++--- .../datarouter/node/NodeAafPropsUtilsTest.java | 2 +- .../onap/dmaap/datarouter/node/NodeUtilsTest.java | 8 ++- .../resources/aaf/org.onap.dmaap-dr.cred.props | 10 ++-- .../test/resources/aaf/org.onap.dmaap-dr.keyfile | 54 ++++++++++----------- .../src/test/resources/aaf/org.onap.dmaap-dr.p12 | Bin 4233 -> 4217 bytes 6 files changed, 52 insertions(+), 42 deletions(-) diff --git a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java index d4fc7dbe..37e5db60 100644 --- a/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java +++ b/datarouter-node/src/main/java/org/onap/dmaap/datarouter/node/NodeUtils.java @@ -47,6 +47,9 @@ import java.util.Enumeration; import java.util.TimeZone; import java.util.UUID; import java.util.zip.GZIPInputStream; +import javax.naming.InvalidNameException; +import javax.naming.ldap.LdapName; +import javax.naming.ldap.Rdn; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.codec.binary.Base64; @@ -315,15 +318,16 @@ public class NodeUtils { X509Certificate cert = (X509Certificate) ks.getCertificate(alias); if (cert != null) { String subject = cert.getSubjectX500Principal().getName(); - String[] parts = subject.split(","); - if (parts.length < 1) { - return null; + try { + LdapName ln = new LdapName(subject); + for (Rdn rdn : ln.getRdns()) { + if (rdn.getType().equalsIgnoreCase("CN")) { + return rdn.getValue().toString(); + } + } + } catch (InvalidNameException e) { + eelfLogger.error("No valid CN not found for dr-node cert", e); } - subject = parts[5].trim(); - if (!subject.startsWith("CN=")) { - return null; - } - return subject.substring(3); } } return null; diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeAafPropsUtilsTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeAafPropsUtilsTest.java index 927b8bef..ccf2744e 100644 --- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeAafPropsUtilsTest.java +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeAafPropsUtilsTest.java @@ -36,6 +36,6 @@ public class NodeAafPropsUtilsTest { @Test public void Veirfy_Aaf_Pass_Decryp_Successful() { - Assert.assertEquals("tVac2#@Stx%tIOE^x[c&2fgZ", nodeAafPropsUtils.getDecryptedPass("cadi_keystore_password")); + Assert.assertEquals("V+b}aGuWxHI+BPSNMVXqD*bx", nodeAafPropsUtils.getDecryptedPass("cadi_keystore_password")); } } diff --git a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeUtilsTest.java b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeUtilsTest.java index 2d87b8b9..9832785e 100644 --- a/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeUtilsTest.java +++ b/datarouter-node/src/test/java/org/onap/dmaap/datarouter/node/NodeUtilsTest.java @@ -78,8 +78,14 @@ public class NodeUtilsTest { } @Test - public void Given_Get_CanonicalName_Called_Valid_CN_Returned() { + public void Given_Get_CanonicalName_Called_Valid_CN_Returned_From_JKS() { String canonicalName = NodeUtils.getCanonicalName("jks", "src/test/resources/org.onap.dmaap-dr-test-cert.jks", "WGxd2P6MDo*Bi4+UdzWs{?$8"); Assert.assertEquals("dmaap-dr-node", canonicalName); } + + @Test + public void Given_Get_CanonicalName_Called_Valid_CN_Returned_From_P12() { + String canonicalName = NodeUtils.getCanonicalName("PKCS12", "src/test/resources/aaf/org.onap.dmaap-dr.p12", "V+b}aGuWxHI+BPSNMVXqD*bx"); + Assert.assertEquals("dmaap-dr-node", canonicalName); + } } diff --git a/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.cred.props b/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.cred.props index 70d01908..f63286f3 100644 --- a/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.cred.props +++ b/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.cred.props @@ -4,14 +4,14 @@ # on 2019-10-02T14:25:19.002+0000 # @copyright 2019, AT&T ############################################################ -Challenge=enc:wQM4uZbepQQWfJd9uhcfPZJc7TAOnfTnj5xv9uCRteQOTuc7mSXAWjg9heC7lXod +Challenge=enc:HJsK_drz0D2MDwwSw-8DRU9HMrZKkyoLzJoHmSWzVNmfV60-Thvzv8cVzE_5muYb cadi_alias=dmaap-dr-node@dmaap-dr.onap.org -cadi_key_password=enc:YhS5u9Fqt-ssUs-1wWrv7xkOliMQDb8d7kmKKK2QwtwQu4Q7i_psLw0baQ-NY3mF +cadi_key_password=enc:9dftI1cNP6buWnYEeCezE20kaEM7FXz7uZnRfbtQWJKw6F6Xgph6VOG8PCItM7Q9 cadi_keyfile=src/test/resources/aaf/org.onap.dmaap-dr.keyfile cadi_keystore=src/test/resources/aaf/org.onap.dmaap-dr.p12 -cadi_keystore_password=enc:NwhywpJzc4rlcpwkPRs4GWkOliMQDb8d7kmKKK2QwtwQu4Q7i_psLw0baQ-NY3mF -cadi_keystore_password_jks=enc:McsNbnuHb5tgoa_UMgdTdHqWEG4bt6VcPsc_NTzS277aDcrNRutDSBDYyyLD5no2 -cadi_keystore_password_p12=enc:NwhywpJzc4rlcpwkPRs4GWkOliMQDb8d7kmKKK2QwtwQu4Q7i_psLw0baQ-NY3mF +cadi_keystore_password=enc:HRDU37Il5FnfAIi9F7Hk76nenrM67n38irDqaZMq47tAu2o-KS3pCwiXSly0WZ0L +cadi_keystore_password_jks=enc:xra37lQs-DyHe714sczkXACFJqtvylqj01qbqaC39bvkDMd0qInjg_pib9aJDM9S +cadi_keystore_password_p12=enc:HRDU37Il5FnfAIi9F7Hk76nenrM67n38irDqaZMq47tAu2o-KS3pCwiXSly0WZ0L cadi_truststore=src/test/resources/aaf/org.onap.dmaap-dr.trust.jks cadi_truststore_password=enc:xWbQBg4WdbHbQgvKGrol0ns16g9jgFYteR3nQkwTl65BtvtWf_ZKhSVP8w_Z0VHU cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US diff --git a/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.keyfile b/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.keyfile index cbed0407..8794edd7 100644 --- a/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.keyfile +++ b/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.keyfile @@ -1,27 +1,27 @@ -hPUFfq-4kxkPy1LmRi50b_bhcRn9BKecnkq0u-Uec6JnRIsMgqUiEYJMbxGCGEZquBLszBBPj2Ux -udBAZ5FPIp5IkQFX6NpXJTCqPW9lb4k6KVhRSqSocascKnbYdZxrdThqOaw26kDiw04NFzA7jwxF -G9m2IVWF9AaKx7jQAqaoy4SSK5g1OaI4fGqWQn4HW3HuVJ7cc52JUmrcIGIV-I_6pR0ZAPezHxGn -5k-0rErQEZBHfj0S1M74Lx-eOa7gRlj0b3O8Zq-yfOllRLBZiMLuTmWlVz4ikbmL_eNC2RmjuEyy -v-wFva0Y4dqXEVEj9FoBUAQy7vE-I6VxGRffQRAi4Mnz0v4ISkHPmiOJsYmIzjT2bWyLKloJENfQ -LhV180qF-7UrjWGI2DhlVV_r4AY32-KLU7HLECpKRSjeqhWva_nZAj7ELGvBBTftGDu3HKts_MqU -hb14f5482rHZGPDYv3dCsere31ShIF6WF_YNhO494RgdSMugvWDZwxQYngNjGTgxS8hKezD5erp_ -BoqMuI3xotgaKZluV8yrxsc-M-0F97hJGxn7k1y37jKQugGUNDEwsX5MiHFd9OYY5jY9Pdr2tEXk -PqEmZQXBeCXJOku7KQFwEl4nqkw-52JJS1PAks4v_dlkrJIL95q6zAQOrgSgc597_-0x90k22Zd8 -FowwHQ42R-bo9oRyO0Qbypzd1Ftzu7kCalYH35qcLyAiIOO9NYAwSi5tYldzHgUhVq4wb1aoomeP -HISpNJfT2rK-AGMZw3d3nXWK1b3ztkF-74nD2s-WuTLeomBni1eMiLED850GyRD4uB4j4zF_4dZF -OmT6iShH7RR-gTolGZSAG7sBbwNs3lks9usVWI0qSulQvHBs14QvOY7EmO4SMRueUMo6ZIaOJIkB -uxNzoM_yQ2mMb24AZm_tT1xqMbGf76oYcx8Mu4zcXFkoe-4xDA1D-HXiPtyOzj6K0ByR86aytY2J -SI8mltJwtPx_t5t1fb0nFMQYCM5DzODKXgd-QhEJ8Q64uw6kSFFkv09ZCP0fvWy5Q7AEOAw_Y1YJ -lYyG7Bzu4E8PAQrihKhyYnFsp7WmMak_DGB2oskfHjffsb9Yh4FSM9EyB8x40ryQ6c8SAoP9LmYh -87-NvfQfuinLlHl7BcqCWmA7jwHo44r_L8guXWQ0wSRdCnfphc4_FthK2VQrURzFXTPnb3UvNE4I -U93lmmbwSlCoBjI2SwJAQvBpztlmbaFxgDA2Tbk6Mh6_cKiza2EcXCJzVXghFIqXtPQpAXPwHBZv -NrmKRamZBlMSkWPzPuIbfH6XYqCw3bodTEktzJZYzABFVkyIZ4JtstvoDGxaQDy6Ob2POLhuq0YY -ZW9eVhfvGWNyBK5sWSzEuCrd-nPN-XuDZjt8kWN4GTmokXnV_j20GDHyqwczikrCnlfReA1u2-O8 -VXmHvKMSHI3ckLdGP8QIOWoC4FfFi0QG62McYZO83ZA2wjRZVnS3bAz04uhLryqafm-aJ7tg1XBg -BNTIuJSrWA1WIU-UngRV0TheiNIGtmhBeNdZfWg5MHXaVzSYj0w6A7A7Kwf4cXt2dJosX_8fCLzY -2Q8XA8NjG9_gkE7hwav8UdmUAw86HQW6mTpjOIdSsQ0NauwNbREq4tec-9kuzZGkW4JwlJsxl_xn -yOP1eMHDoV_Xmiz8UxTiWjHHeh3AQcV7G6J0uyjcRTHESAR-jxptepD_iZr-cptrUb43H_spNtSY -dGZ3OvZIl2W-sFbO78ioCaLqYA0Uq35vwMIUpdjFIYb9vUA4JFTXNk3J5oCYX3vibIpACqYODFQ3 -CSqWg_Xg0Eci7VshNXZ9S69hX2KZFnf-qpnvOnRvrOCPJ2HqnZ8RaAkRygT5Nk0VRgLT8BM_1ao5 -MNCgoVw3C_tJlq66i7ve3TY2jamg6_jPxcb_7aKnbTWvKaP0p3dqlnrj3Irc35SD1k_cq1Nh8CYP -Fd06LzCFxS4Ws_ueZ9GJpREYnh6rleFVj-qI6F73rfHiGhFta-4Q_XJeZuplJkrRbHmo5GRb \ No newline at end of file +3WQe3-v0lopz56oP3LKdegKk2FaNrftIicyQ47IHI07CoBrNy4JYGO9JtnWHDy1AdD6IDVkBf5zD +aTMFDs2EeRdL7rhMeb7xwphn0rOWR9eOWZpU4bDArSfnSRyWoGj5AopLJigrymBifJpoFOgkfV-h +VnYRv9884_iJ5QxAbEGK024-vnv1vZyS9ESmjbDjbw6S2-kjmqEQn_18rzrtinaRdcA89GSqtf8W +a9CWE5nVnb3w-RzDlwM0kDGFCpD4Meo3gNmzH1-HbaTz79q2V8ia6_FZJIjP3xWkEjX8MiwKUX9u +M7hhhtEQ8g9voCh_LrHEEbRmsMymeBBOeUFcB9nw0OU2-KnsZYweZtHt2aQP6336oFy-VhIG34qF +Wm6jD9HBchaOvepPlDcv1rEU9k-2SOM1RB0BFGDNVfVHGkdBD7c4NqnPxcGoq5Ujyx3gxHoKPD0- +Kzab1_agGCNIb6tfnPuiubVeP6-gHjkwARYDFBLpBXdD9dy-8s9I8rhawob6yX2ZtP60tN2HZs01 +iP42aU3QyJQgMa3fTU3Fx_DbWvaSOI0ZM9kAt-TKA5YR407IPVy4W65N1J8XfkFz-eoHcYwxIUY0 +qbF8fyEpjrh2smRSy1u340UvlCdBEzrt1TQw5RQqV1JYN-o0Mi44-9KjqkJzKrmk1pNjAR43w3h0 +xz2EhIobjHXgiX3KGYNk_FrvVFk4MQ4-HkqFvHY0Z5mG5O4I1ePzvHp32zTfqedAdQdsdy4VKU9b +xH1tBREsRBB0WzXhLHilZ6PvGnQ7YpNo4z2WlDVR5zmLWim1062OUbp5w1QXBeO84EI2QoUFQnhI +2xaFm9YFkPXUoqmh-phcRYKd4xkTKEcq5jU_k8Qpu3pml4uKdGfNnog2xhXxC11RBlvIyPiNJy-n +RqywcPZ5woNEyqdbB17F6Z2FuyuruG6OTdLP1n_hiC81BBza2onPKsGxkA0VJixq4W_jn-KO578M +Y1918I1w8NTD158T35M7Qj0XgUJn3HMp-JGX_3tjOlWNedMCQUCz_8GeKi5Luwt_we4uheZYF2um +2VVQmcHNk94hgA4jaiHBXnLK7qLHVLpRBaNvNjFI7GFI4CMIkhZV-e7ziPk1dauaUaeAI7Th2_Sb +lsyzGJ-pjF_l53QENjwTR5Dp6Dia61unCImJJ3xFcZuq-ewnWjdp8l8MBz5Sp5hOnkLEoL_M_FyF +zo6f868bB8Eqq_zn08Icb8QpvBQx62-GOg51jCdTCSKWJauTf_zhTNfdd2h-IO2RX03NYXr3ZDuo +j9KLodsG0FIwEdX91Ju_X1A15RJKKKK2aAhF1gPj1_pq4gsACcie4QGox7y1kbVMhqNJc0cStvxc +tcEQJd2cMfawVeHoOUpTXwfbUk_GaLPmodoks3Dm1f0M7WdsSme4_c4iRsrawRPXEnbhiEbstumq +koQUPe0f3hcCnmQPC2jLNZIISJNwp_BfziG9IlO0TuxKt9a_Qkmx22NKft4QXUSAgiMjffJP9OMj +jYeryZYGIRGjGgxZ-J5_2U65_lLhtwalQqmyAWl6ET41xpM5tUth-iOy3Sx1-jG4bRchnFzDxkL7 +iy-BD1lICg5UuDr2mMF3QxHkJ9UqNaDgY9ix9CFvIilyq9QJv1seweTllLd8BZzNnBpRytz3b4If +5GDts41sdx388IgIcj0zhwJZNwjWa7GJRKIHymq6rRGTlfDruski_En-Vqct0-74mpX3c9kSLY02 +QFU04YfTduCRnNnrAKRccTuo20HE5gC0g16R5BGJ-9puLzhmQfl96M-WfnHz-i9oYd_Yq235Uq6O +K2iuPqDFt1Ob9HUFH1F1X9MD8MbZnG8UD6CQMmJn3bO4r8zBpUo2pQMhAOHAWBHFE-5EscJ3APgg +YCvwlPjYBRn1za-kmn9pTQ0gr7TkqjwLKBtdeh6RFWmA2ebxzQ20UIDlzppHokQ652n7SQy1Cagy +BOmDZvZ91ylkv_aygfFsnsOqNFnCF9L6lo05rw9Bt_jzLjbuT-Up6IGyhkCy6I785e8gDyCX \ No newline at end of file diff --git a/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.p12 b/datarouter-node/src/test/resources/aaf/org.onap.dmaap-dr.p12 index b5c304796966eb6a59476cab4d3630a240aed291..607e2f89be513a9d9817086deaec60f7602f4e94 100644 GIT binary patch delta 4079 zcmV#e zty-?U?iic4oPt9(#LVY;yMF=$0K-rOf&|EpUxbC{2O-ep!tUW!gU=wn){B)luIA!k z9$t$t*i^AqPFTqkj3G%3_v+~e6Acs|t=V+n6qQ(QP$u7dyXW7 z$^3QRk6%1!Zj#BM`CPYf+72hqlYh-eX#w@c)eIM293J+zweIy0%fFW>zBc=^4TzkF z+BCY6u=Swoi31sbzpM}BOzJutMaGkQ&3yX`LBwxdH+ilT_wGHVuFr1jcf`Qvvirw5 z_?0N1E4{U+DuxT_6J}{anUK-O9|o_6t+<-f^RIa)RaCS+9bKhzs5wX z%Uft2@7~RYRReEPP@u~DDjOUkX7QlXa`s+Ys^08|w?ZUUB+mimLpqE|t>^1KR=^>nwo67EHFr@= zW8kktP=ZCYGiKIAmS0}ZQkW9d2^(DU5>=O9+mwQiF#6|>ETYfg9)CSouH{DfePg$k z{h_9oVC+;Esphv15*%ICUByZy)xtcJeE|j*_4<&2y7Htn2|{I$&O+#DAKo&J|0aC< z4Y#0<#p^n_*mz0(99?`29$St}yX0!QGXc>oSyGwJAr?%NwfY(AS`MNW>GZKQ^(w&B z>aRrfe1YPLBqthB6@SNIqE2jYwwK`bSyBdL(E+x#KG+YYq#)9Anh|^Ti@yeP@vk;) zBM`cPX2otiroUw(RV6yJdV3B{-rTk;u0lO3E*_2L-)>}agxR<06_=JLIAtRNhl8=| zY-@Es6?eg(v0KHVCnZq35M72QTBsE>zR>K4C?WWye|i@ZiGSp`l4_SEL}85hq<J&CXx~`xh3IJfvcM19F;%zp(_N%P*EzAj3D5XroquAAt` zU&{=A@l3RixfZ6>$cRyJL3VR)YPWEeCO_b)`hG5nkLN0YzR_Z!{WNOK1flASj4o%z zn7w!#LE!m^S!k9UkfYAp3p{X^?pntoEKGuU7N3Bn1Iz&VcSxiiel5+4VHDG;uHdyE z=Zck3h<|Pd0JJ!r=?P%n{f|HHOdG@foY{F|6Bs|pvnoJPnm_uQV42&tsh7G`i84R8 z4u)lEH1=^jDY$dSI~_0q9z7qU&7A{B!XAF`SO405 zaMSF>)|X1_>&LNQUbOs43 zhDe6@4FLxRpn?izFoFtU0s#Opf(lxb-vu3io$ZCBv*Db$4h;RN?_g&`VeBM)0s{cU zP=JC8AgzoU?p;#7YpHFlCpJF%DNoFBDA8YA$o zA9E{tAVns(VZV1*f4Mxr4&d3YI_tUSPdxNSiDgp<&I|2VO#SXqhScAdp|nQ8KwHj# zCzTwz%t{OmJF2AT*$SA`XTMJiC`3Kylu~Fo)r(dCxf>Ob=5*;PRM<~)%6#ui}U;hb$wlV8{@Jns!)p4vfBTwh>3;l{e z^x^FuMJ%`}CZW!w>=ZyY=4l7%X&y4`YqbW~)dVZwe|3md*3*DV=pFG{y$4Z9h9`X6H;+x~16C1pHnOvp zq3ZxME(6p8Ulj|K{M?38^djIL_q6ae!5+JyTnp%Bvq;=8HtV^90*eWMXdTa@S0nO8 z=XP8W$?w%ZryK6Me*oowtP=Lwq+iC*F*V-kjA9QA*rDF9^LcwA&OPL6XUkdrz5BL< zM^zt?0FhZ0_VX)5785--a@BKEDN~3;iz35qX#?{O?DdQ2z zsR@e9sHoFT=|Ttrk>@a25>7zFBG^{Q{ByPI#?9DFGk(nK&ewQfFi7S|FTii~qh?a0*9MAvU=mrfS2I!bt4eR_cT!xL)b@No~wD;#!gCh z9{j8ltpp6zg~`Seg$Ap4{u-g=n1XwEUL3C1$T{0flH}fhw%o@^QMC0B*VpZ>%?IlD zu8#Na*LbRGFipxP{3lKYfy6sg1NngN?aN_Mf5=!PhR>)`tqP{6yF?26gL6nmTV@f5 zot#iX9umIsMvng5Bel07UrP5SN{78UxZ=CKwRd{}en-&Sw(>`Fh_K$bmm(U~36Y<8 zq$)4X=+Sh4?zhf~uxb%8px)UK)+#SkINKEjfIwz{Sc+g2ubX^N)^=_;>+4l&!lSaDnXjSw{s(XxPFl5`Q+Q4JJU>Ezg4I_ zIL550r~xWWb`6e(l&mtV{5S^|9*Fb|mv~mWFO^GwOj~hREwzlIEk!5|evk)2MY(L= z;cH5cj>TVShb-{e<3yRue}+qe_)*u!fvLv+7KM4A-!|6+0W!r!{IIEc3c5cTx8HBQ zLNW5Cw3J1CitklGiCTcE<5_x`Tc)!a_}}jk#>5_oR7RyVIr&Qvhu>rDA9%|%cQEek z3Z?XaDu;tz?UzpYaVvu!$>qFC^ClPy8axg`I>DDC`GuUbGrH{kXjBVB)*}I-eQ7Hn z(_FW~OkvF)wW4{slaA+~gj^TN2=Of9&z25KE({mkh>P~Bbx7$bV@KGiz4g!g(Nc$&++n8 zEj-oOVN1a1D}1j!GN&}$c8gD~G5fRm;*~qcOlO(;Vn|#U9_tN3y*a%Rx76?33rzJ= zvOq_Pq$$R-idC_18Tt7D@AJIh==Hk8UH!h)9|#jQvJ!7J^r5}$oqIZUPwgKZOMqH` z&Fn)A8SmaTlBX8qW)yo`=}d_7sXARgPy|`*z}aBlHGdT=3bD2Ryjox7MX*Vha~Os0 z4V#g9y{8hu)fsMEU%RYuaQGG(MA-g(_wX;!dt|*Zja2mo9*mfUSp>CBtkZ*^S#aOh zT%SF@gUvzbQvSSk93q3SpV%un?;XK^fy?2iV`*e`V3JvlkFf z(!)Peq4RDz4JN)6rcxd3%r&9(TmvdUsPSpQc;dql8y)?+q*@BX_@ zr7g*RR|jCJ8q9YlAgPH_A1TFzb=k3PmpfK9jaY}M=?G3cLZCqu7UxN7tfJ%4xr9+2 zieJcF_oS7tKOv{o^Am{ObTm^hi5ilPHE9pyMCoMWf0Rdyb6OHO8+})G+G++@)Aw1n z0R@CosgdDL-wEs6&oVGo$ z70BG@1%$9kCE>JX#Q3_Pq!!|RF2uy!7Q>W=!W@Rew= z$Q>B&GL9h1H7V!wzU8qiQJC{F7SD{Rj2uZ{29KiQ6s9R+zd&Y z{*GWBO5EE>n@1Q2R%<5DzqH&k(W4tgQ9zMh&c{psPNx6Z_#AN!@-&R$DxP|nz1J*0 z>MEoT&@fYVocGobwr&P+bs5x45nDlnNu zL(#1Y23&c|V=ZYR&A?qZ75;5KMoo9rO~;|0#XOmZ8d8p+9)M_lfft0}^#_zT0zPr7 z0kqymJy<(-%wQZut;l-fsDu1-_vyIl{BVbKNNA(R2??W)_B)(^`$>keAAev?-O_*j z_ECCK=j`At+$2{SX}0lD6YEsc5;mgYomQXL)E2??JRgb`pD;c!AutIB1uG5%0vZJX1QaKg*(m4?W=iVlI{g(4>`GR( h)}aIxU{DQ9hZGeO7!+5vFNF;keVGT4#{vTZhM*HW)AIlT delta 4095 zcmVA_Ac-L&FoF<;0s#Xsf)G9i2`Yw2hW8Bt2LYgh5HAFR5Gyc(5GRo$Mt{Q7 z;-aZ3PVFn->*NhKtrGzV`$qx;0K-rOf&|FB_SQv)(ASDP;xI^bM=R~JdP_<`c6Qph z)M_>mNI#)awb02HnTv->5o@%o%J%M-AXoMnHle=!zcjhlJ{>BN^}uitDkbJh<;9c1 z1}L|g1H{x8d#05`T$Ve5eU~3u41XO*pqJwbN8Bb*sfyBM`i+J?Ot-rm!0TufV95kA z!kGTlb%n~KA7YwP^K8=-?KA|DP(I;A_WK!gCnpWCL86=j?ouo`mub_)<3oVxR6vCP zv}n<WkP_AHFp`uFMXtoZUZp^(@nk7i1YG~CLzWv^*a{6i?* z=ID+>mV4gK^htt>CfWVk&aVJ4iz&~uxs#fj=SWdXLV4!=qMG|f+GJ!)~lJwRwQ{eR>*5Xqm*VNb1Kj>X|X{U8||h$!carsj1RCP*xL5hRZk zc=?^@i?c7ZyZ02}(;Ml1VmLQ0p{FwY0&AxHJJ4>g0#`Fr^I&+op zA=V%tf86R~=!V;khF;Y16MtZQFw|4MI6I&(jUf&59w#c5!;^%Ko@fTh8;wPLnNZ9@ zYH`U@nNOW&)|JWQLQSTTb>f27gfYQL{^C#6LV~kju_J<;R(~ZtT8jDqd|nWX&9`^Ozpgl9rxM>59)Z=p(V7TRKb96OVCW)&yBd5Vh9UV_EFn zm2gD2>>PLGSQLig5Nh2SR0*47ziHb=; z2Ds+(n{#W(Hh&M;Uk?ZMk5i6C?~@*C&nIXzvG7`k%#Bpn%v;c_$lPy4FoLMW?n<7r zN9v5y*B}$=9_;x{JBO7@dj`3!ae1PX1)(A##N=FE!Mu}z~AU1~HtE4d^pFN3? zKB9LNgJYAscRA@xp+;P!F!Ww|1K9e2ih(_{q2wL$R)4fZN^t=h9tf;lmHoq8qVQJ? zzh^dv9lpr`jg~A($iwIf;I$8jO*RU7R7%ReA0?uMU1a+D8+(f|cemt(m`c!t%;5dV z2K}((rDK5q#2A4gM)dCs7kl8c^!bp(d!rcvae~5z3@ec9dFP4wTpnhQ>NlPa^@p|0 zEszUfVSk|`=s8d!2<~Ly>_vn)|X1_>&LNQUga!#J zhDe6@4FLxRpn?i@FoFtk0s#Opf(mMr-vu3iIJ+>Vn$bg5KuvRqhf=3)kbqa10s{cU zP=JC8FcLF)MKX61@VeOiLN%3nH&DtMxUopc|Ba2^@e4B`R_bYD9sP!S3*!ijgX(F6 z>nl6UQc`J=N#y-hx&!I{i&F_U0d8KlvL^Q#E*5dwcVWkv=D@z)*k)Z$oSPW9rtP19 z0_$DE{cu4u*0~+(n(~8rf0Q3CXq`1|eMoH-(Ag|W+s1Z;jiwaaWw4oMElgq%%GgM! ziwVII70%i3`|<{-wH-G&2-w|+*l5m6U*4K5pZrDPHOj!&^T98lYKJ2+l?2I)@JTQ* z1`v#Aa`w1%tK}362bv7CZDYrUrs!`hjA6DQo2t<{XvZB7$j-(3({cfBSN1& z>m8aQ;y3-*2A#6O`tG;AIZfkNlLjC?OgL!WFXQ}?m8+PaA-JEHBVdLqXX8MB^U~2t7)8+%RCV-sCpxu4 zuh82Mr+)W%j~&pyO>7n)3-eN{WmHkw@}207&PSiTX}c!p-y_x~LY)Rm)0+G(4V$QR z!RlWg8r_N>C$cJ+xcpN4T7p@Bd!MdzrdQ#$#yO>9R>C+?&O-S3SR3CjfFIW-=aMiV zliw>+%vIpWO%?c}&bWPaLC8$1O|=Bn^h&LUf^ptiA62-*o8XAtt+x6(S`13(QKA>s z^QP>Sc@oTL(IqOHiitH(m0Ux96N6CRp}k5pox~-fAeHxO?)j+(u4N8?75|p{tRw~K zF1C-M8O3PHC%w&sO2Pg-7YFlmwgWD5#SSDtj)(CkcDvj42k_jWAG3wN*R)A!vSQr~ z^KV7Vs^k%cf3!tPxXX1AS=(D~Y)_juvXw7^0jQw~{(keuQNy9Qp4$nDRXQ>k0-!$e zr0vtXGg(eo3w72y?BlF|!AU`UrQb}Jk)gJlIC$2e&P%5IX_+IgqW=-18S_*;JnTJj z`YKjs_bLq72&Fov6T^IQ-#O#yvTk)T%$o0qb_SU4W+jdrQGl|z{I}W$Q_3{6i`omI zjIq?`cC4oyGe-DxFnu16^&^{Vio*qezA`e9<7?lb#}cAx&q(BdOhS9EO#R5}JbH7d^016+yK;|DpKn#ibyBUDQ%$u`vsPD>lWr9qUm%#x{-`_45o^PVjj!&n@Nfy zMv@=#3##|~qp(p1*bbVJ(_k0S2rVV<{a#PXPcC&0uu`uioY1QlBJ588i@je3x%&F7 z19ws58>QsWmqPbQ4{Mc=9G~{>g&h4z{==dd#;>s|BOb+nk4}2F^VS*q@beRtI4#GbZ zffYsixLK=z>)JYkBVmVRDaPFQcYSpOXe#b3UtoR9U2kmSmshFNm4Mf@$@u=dY}1@5 z-CadAHQueN^N)2u;F}W^Q)+d0Yk*U1-m(A>t?Y0enwiBlNzQaTBa%v+_Hf)*? z>G3f#4`<+N)4r$2;!_iq{FvZCNtBsQI_ym*8C=V)j>SBZ6G@o9<@??0Ep68kjmJ?7 zs?NiXASh+BTOC7U3IeT{@>j3HofPxQv7Vtz%-Xd4xKzin=VbDZDP+^3ndPLR7W(k> z33;Y}hHv?4-BuKox57q5CTO1cHiBe`1*|KL(BX4hFdQSCrqUWlrvt!mXUDz%0V-x; zYS*16tnK;1f=*<#dv_zXdlP(Ef;;mE*A$o~cjnrFs`o0?zB`ep(@CUfw;=zP(?M;w zPGr5co^AwT$VT_kK&^~o>4yZ*xc6mwSVw7p|5ME^fZ}R&C~Fh9MkmVvNIrV>c-EG(0Ry2p(CerQ7-`kkDS01qaKH%rn78Oa2x#_-OB?c?1MUG>C zy4_ad_yNPWdUc!xLu}bP8n2>x<@nEeaFbdy%?p5*8wr8NEtKC5 zk*T%nvn^_K53<@_-aGP0ZU{+)IrNfS5)kh-ioJyP<1%wG{`Xv+*kyw#k@pvz^Ji#N zs1Z;*=AHw|^#f!;Nm^xK;blob>W3_UY4VqWhpmSozxQ(JZ!X)eFAtmVVNnPfQE+%} z(qqd)!Jh2aSz_xFKMzR%<6?|$LWNGjec^n1Q|-A|UtI*JH>RK}&-WW5!*O8PU((j) zhO<644=PI0tRD`n;I+&?!4m^oTZ zZ<+-yZ1~CQ#$IcNX$abm(z!5yrKXQ+F(6mom0oU*AE0WV-Z%~**gJPV(=EH&mbpq~76YHioYwy3P^V90wt77NR@Q=?^&n2qDx#>yK9V-Vv&Io!GQVn* zTrFr`+8XeD;2#oPP+6%IXo(Z{@L{A@Awe#LXXbR{4h~F3{|J4Lc%*%Q^CG=FkE7em z2ai)^K64pGx|C;&w0I==A7PYa&*35BVbzqD(V~!d;VOKCPE*V=3G{b@W;Vs zY-aat&{DG-0mH%}vlHBF4}xPH8ewiw1}X*rVRE!|=1;z(=ul;Dn5rT7ox@=}2pFR( zKVz8Mh8e6|FxceS3rjhFm`jHiZRCA4CxbN)Sy;qI_|hGns3v(99s@3AJ|mbg0iV#5 zG9D2$aKRWR_G`|cZvVZZqh5%DvQXJ_OYMPrFyOy0Yj_@zLClrDR9=9~tiKfl$cDiC zLn7ZlXFkb|l^$sr;Ixq85iVdePi!adlv&3e)+){SZJ%Jc@e;XzW~ZQ}f6s*~*HLKi z+-=Cg9DynvR`*DT;%K=}0i4>*6PZRFc?!Oo^E0G_zE$MzBD0#)sY@*##hRWZ2=Xrz zz^fPd@R=R+y*h^k8md65lpGB4Wi5ZlwUcU0WOcDCr!YP+AutIB1uG5%0vZJX1QeB5 xT}J)-sw)v0g4J#!8%$099!@0$6cjYv-F|kLmDZ|=;-*ox_fe_uJ^}*)hM<*W(CYvI -- 2.16.6