From b3814beaec2b6f439ffb7af1594e70b5339a9e5f Mon Sep 17 00:00:00 2001
From: Instrumental <jonathan.gathman@att.com>
Date: Tue, 30 Jul 2019 17:02:46 -0500
Subject: [PATCH] Add new JUnit Structure

Issue-ID: AAF-902
Change-Id: I5d13132cedb6b0dae115c160c68c42f2d85277c3
Signed-off-by: Instrumental <jonathan.gathman@att.com>
---
 .../java/org/onap/aaf/auth/dao/hl/Question.java    |  67 ++++++---
 auth/auth-gui/theme/onap/images/ONAP_LOGO.png      | Bin 11349 -> 24268 bytes
 .../aaf/auth/service/AuthzCassServiceImpl.java     |  32 ++--
 .../aaf/auth/service/test/JU_BaseServiceImpl.java  | 162 +++++++++++++++++++++
 .../test/JU_ServiceImpl_createUserCred.java        | 148 +++++++++++++++++++
 5 files changed, 380 insertions(+), 29 deletions(-)
 create mode 100644 auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_BaseServiceImpl.java
 create mode 100644 auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_ServiceImpl_createUserCred.java

diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
index 3b61da31..6b6c23bf 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
@@ -224,6 +224,31 @@ public class Question {
         
         alwaysSpecial = Boolean.parseBoolean(trans.getProperty("aaf_always_special", Boolean.FALSE.toString()));
     }
+    
+    /**
+     * Note: This Constructor created for JUNIT Purposes.  Do not use otherwise.
+     */
+    public Question(AuthzTrans trans, HistoryDAO historyDAO, CacheInfoDAO cacheInfoDAO,
+    		CachedNSDAO nsDAO, CachedPermDAO permDAO, CachedRoleDAO roleDAO,
+    		CachedUserRoleDAO userRoleDAO, CachedCredDAO credDAO, CachedCertDAO certDAO,
+    		LocateDAO locateDAO,FutureDAO futureDAO, DelegateDAO delegateDAO,
+    		ApprovalDAO approvalDAO ) {
+    	this.historyDAO = historyDAO;
+    	this.cacheInfoDAO = cacheInfoDAO;
+    	this.nsDAO = nsDAO;
+    	this.permDAO = permDAO;
+    	this.roleDAO = roleDAO;
+    	this.userRoleDAO = userRoleDAO;
+    	this.credDAO = credDAO;
+    	this.certDAO = certDAO;
+        this.locateDAO = locateDAO;
+        this.futureDAO = futureDAO;
+        this.delegateDAO = delegateDAO;
+        this.approvalDAO = approvalDAO;
+
+        cldays = Integer.parseInt(trans.getProperty(Config.AAF_CRED_WARN_DAYS, Config.AAF_CRED_WARN_DAYS_DFT));
+        alwaysSpecial = Boolean.parseBoolean(trans.getProperty("aaf_always_special", Boolean.FALSE.toString()));
+    }
 
     public void startTimers(AuthzEnv env) {
         // Only want to aggressively cleanse User related Caches... The others,
@@ -987,25 +1012,27 @@ public class Question {
     }
     
     public Result<Boolean> userCredCheck(AuthzTrans trans, CredDAO.Data orig, final byte[] raw) {
-            TimeTaken tt = trans.start("CheckCred Cred", Env.SUB);
-            try {
-                switch(orig.type) {
-                    case CredDAO.BASIC_AUTH_SHA256:
-                        ByteBuffer bb = ByteBuffer.allocate(Integer.SIZE + raw.length);
-                        bb.putInt(orig.other);
-                        bb.put(raw);
-                        return Result.ok(Hash.compareTo(orig.cred.array(),Hash.hashSHA256(bb.array()))==0);
-                    case CredDAO.BASIC_AUTH:
-                        return Result.ok( Hash.compareTo(orig.cred.array(), Hash.hashMD5(raw))==0);
-                    case CredDAO.FQI:
-                    default:
-                        return Result.ok(false);
-                }
-            } catch (NoSuchAlgorithmException e) {
-                return Result.err(Status.ERR_General,e.getLocalizedMessage());
-            } finally {
-                tt.done();
+    	Result<Boolean> rv;
+        TimeTaken tt = trans.start("CheckCred Cred", Env.SUB);
+        try {
+            switch(orig.type) {
+                case CredDAO.BASIC_AUTH_SHA256:
+                    ByteBuffer bb = ByteBuffer.allocate(Integer.SIZE + raw.length);
+                    bb.putInt(orig.other);
+                    bb.put(raw);
+                    rv = Result.ok(Hash.compareTo(orig.cred.array(),Hash.hashSHA256(bb.array()))==0);
+                case CredDAO.BASIC_AUTH:
+                    rv= Result.ok( Hash.compareTo(orig.cred.array(), Hash.hashMD5(raw))==0);
+                case CredDAO.FQI:
+                default:
+                    rv = Result.ok(false);
             }
+        } catch (NoSuchAlgorithmException e) {
+            rv = Result.err(Status.ERR_General,e.getLocalizedMessage());
+        } finally {
+            tt.done();
+        }
+        return rv;
     }
 
     public static final String APPROVED = "APPROVE";
@@ -1214,7 +1241,7 @@ public class Question {
     }
     
     public boolean isOwner(AuthzTrans trans, String user, String ns) {
-        Result<List<UserRoleDAO.Data>> rur = userRoleDAO.read(trans, user,ns+DOT_OWNER);
+        Result<List<UserRoleDAO.Data>> rur = userRoleDAO().read(trans, user,ns+DOT_OWNER);
         if (rur.isOKhasData()) {for (UserRoleDAO.Data urdd : rur.value){
             Date now = new Date();
             if (urdd.expires.after(now)) {
@@ -1225,7 +1252,7 @@ public class Question {
     }
 
     public int countOwner(AuthzTrans trans, String ns) {
-        Result<List<UserRoleDAO.Data>> rur = userRoleDAO.readByRole(trans,ns+DOT_OWNER);
+        Result<List<UserRoleDAO.Data>> rur = userRoleDAO().readByRole(trans,ns+DOT_OWNER);
         Date now = new Date();
         int count = 0;
         if (rur.isOKhasData()) {for (UserRoleDAO.Data urdd : rur.value){
diff --git a/auth/auth-gui/theme/onap/images/ONAP_LOGO.png b/auth/auth-gui/theme/onap/images/ONAP_LOGO.png
index 458e320c26cd061c4666523d78f0d2108f848ae2..55e3718848af62f001fe1c6bbb465f92125ebf36 100644
GIT binary patch
literal 24268
zcmY(q19WA<v*;arV%xTD+jeqd+qP}n$;7tpOq_|6iS2y(-+RCN-aBiZvwBxoS6834
zSMRQ0)s9q@m-q#P4Fd!O^h-)oR2c{ec>1Sp0R{2%>qFE(2?PX3ZYd(7C?z67sOV&G
zW@!Te0+NhO)qvDgSx4q?BPAj#1V>Cj_ChJus4NVnS8G5@5)_7JBC7baAO>zzq1hi+
z7e(2QE{Klv)Cl$G-%wCgBmKEC=us|dK%L)p&$V1{$Makc7t8lF-?Ps%PyzN3dSs&#
z8<10o=l-7rpwZz&RERSsK_D2Y8wqn~QsVE73@9ML%a?+uKZ=(~hZ#lm<Nb?2nk&7+
zATUs5AZIMi-$OwkOrWh)666zL!P7vuB`i<kh{y!8c~p@g#Ow)&Fp#b(hb$0@ao>HD
zOvG}K0#QKI2o_MqxChf67ZzijG}Z8vaGfBOBg-&9E`K)cEzq!ulamvXdP~qB>dP)p
ztnY|ScI4!lS<Hbb?ZYBe%7lo<^`@^mw-5V?i8S~V#!%^_Xb}?t+tgcHDh~aSY6Jt+
zQc)4nYQRfp0L^pyUvnQzi@}6%iMSAGZ-{1K!Ae~>L(bth#B8XhV&bq1{<9!M^x=kQ
zi*CYrwEB!_r;(1|BDV{fyi$r=jAqeC9j5#vi#1^1g&8_8ysHk=Wgvb&NkJ4FX$+Dv
zL7L$E?@2Z7H$?gA;67%{4e^@TGzW0`To8*R1HWMirfDUZbuo@7FdB-&97OR2_*I!O
zvL}tEI?e=hCX!`iFpnpWz#*v42Vp!1Lx{dKGbtGe-NyaPDS6Ds39OF+;o}$Nh;7n$
z2Vo~q#{(l}6&R33-5DO>9J(yYc<9A@0h<9({a}Fsz$J=Hg7o8HL92OT_%8}f$Z&rI
z;h2FC{`}GkGbf#p2)V(Agz3*mybUll)erDVfxIjHoQhC$YymyHTkv^}p}m3I$3=v1
z{Oe!oljcCGL+k-V7nI-VOt@xK(fB*x25!X&hbaP65{?W4rPh&e3-Wo8WN!tbisUNJ
z8}9z?SiwWwf`XTPi_iu6N)`n*%HMDnD6s&=2@b!C{__3Y0Ty!w9HGC*$OjW=ZS*k!
z?+T9P^`Mur4Yt{DPK{gnwoM;?gm^Pq>5j6IVEtSIf|{M0o<zws_pKKLM&FWT+c+-f
zLlg48>&x*k--m>P4V4=dPkinmz444DsG%W6gZKrEn{1fG>Zr==2Ied}%}Fx&0hHh5
z82%*HzpUZj(cVozLkqaWTeIT{eRQ)ri!{xIfjN_xq3x_OLuf9OF-F`=yghpA&37~%
znQOJzytvaU|0X&Y2*Z!Tfq{YIU7N%uV9o~!pvfb9b{fcbe|pG0VKxcsS&csq>!CoD
zf@r-|o&AVcdg=|t5_>S+0R&JWMugbI!KRF8Pnig7m6+2&&i%rQVAB264e&M~Is@<x
zkQb1ULZB89<^5a^Sj~Yrd-%FEdV6T6;MYO|L4>3sVe?3O!%$2THb@e~c(+192~ecy
zQsT;qaH0{CiCp8vC16w{>_nT1R)-viluj@m5zQp-2@;YVcj&J%#*}C)qQ4YjU2xCi
z-irTP@N$FC2$mOvpBlS>cLLW6KNmipQavzxfnJIl6#8QJr!d)0V>S(KF_ELkmKvUA
zU}lG-nH*`NsYkO7Q274(H|*7*z=>3T0JjBSx2DJoe6qK6>*+z&3%wh>c3^&E{X)`>
z@hx3|^Z?xorT`Mnn3y1xAw)@>g5ri0hd4XvULJjuCrN6BLKkUwvn@kzhHQ=^6PX?9
zI-ET0wvS>=5GlGyww}~2wLr>F6|X9~A-N&JEp$%kn#fO0MT14fMGa0<N(r3`lRBCD
zM2)9$uIN>_te{Skoy<3}U`p?a?n&lJ(GlsBx+Qj1UZFxuwUgo@O%5OefR?5?r8(u_
z$!lq?i>`}!1~m$L2Hrs&flgwi5K#FSSt;69$ex>4rE~^$W_u-hg}=p#7i-ObSWq?d
zZop`>U9w&hT^7UW0cv1mLaUh#N`*`HOGS=asI^vfR}5UMtOBh%&WTp4tN5%;*<jhq
zuyt(nv_m(PT6C;@&s|(0A1xknAC(__&M{UDED~60S%X;Hv7_1CEOJ&ogvU<HT*z}p
z3`BRO1Z1ukNv*W48d+J`WLTfATdkg~EG@XK$*g9UtLC}ORw`pHbu5~in_4ui2$p**
zKRr_hD8H4um8Qg3;?6N2h0L4d^5GTAHOu8s!e-6&!t4_4(ypwwA+{mC+Vf&}z<RK}
zbRK5UA7fT=FWItKIz1i+7Th0|d~rTCKiA)Q9_mk@u`sbiFeBjDv2)l@nU>ifSf*KZ
ztv$9HHY4l~O-LEFtz8CB$wZ?6&W)Sd80Hu~VE@Aj$Cin0!)e2Q&eqH#%|Ojs&g5k*
z&FIW7%dTUyWx8ZzVUA|aHc>ZmTg$PzvYX{Fu=m^f2o5b3OBz9rhKR;U<4&WU0-3^|
zdRJ$qF{nOMS5sfBja<E2)mqK2-Lz4}!NBR23!PEZSzcXHH|$z(^@THv8N>XWQN`4D
zQQ`LG_Ugvw7C&kgAB(BO*=lt0&(Z8ad9)Va-ET|78{^&PJ@@Gumlbyq7X~j2cZYj}
z(+QUbx1MJqCn)!rhmE_(vDNjM%igi~QrJDxMQeX?|88VuM(slT-^QicaoV~1ncI}!
z65nXg@@Ej_07<_|uSC-rg@VQ$?_6-6zvsFq!1MCai)qJ+*ZyPnR-s$2dwplKhsPI_
zzmk8`hub&ScfD7wH~v%hv)!-jBkx`3-TdwP-XG79fDoP&`6lpeB4>&hD*`+W3>~r+
z!V-)O%ofHA(*`*QNf%`cXCIlF=g^drh?UpH^^`6RIC`kc>@ln(bmkWiiu|v5*j>~w
z&Ovfv+y&G~@i4Kv$Zi4vK3R-a1jItkDcb^qF|A42*av?gCy|-(NQn7w_}|XPb7Kn!
zWh0ld-UI}Qeav6_L25y)g=9)>j!wp|`{5=1C5<Jskq6|nxgK0v3|a|W8N$+1vg@gf
z98?yIol<(qdgK^#y<8(slhaff<>zuUd0sYI=d4f7B9$S_CCfdPpcfWyXk84ksp^@l
zQ$|j!&iam@?baRJy!QH7*Pfm3URrO_aMv+xSld1Zeq4PL{irs`-4k##TUoC}G~Cwi
ztA=jMZhCRb@>a7-g<*^`9^`9`?q+sf<LauU=Q&qgzS|G_j_n@lV2QGctjCsv@fS48
zG-nKp60iKPXs-n3q_do?D!ye7$EjNEO=&Y;`iQzW|7?8N&E2MO54d1Yc(eWqxWDt7
z>Th(Xy_Vf$%w20EHX6<ePY%|E`lD`Oq@jKFP+BT283&KRq6@r|9j0dyrxH6Z)RO7T
zw9=2H!=$y+J8QQ(uCE!}-IgN1C*36lD$Adh9>Gs>&=Tk-_7=I8{+pz$j;Ic)wyS&6
z>nWG*sVTUa$QoyRw8pZIUi<2?+vtownmy84Q(2W+bGM85GvB^ob5Iovn*EY(rwXRJ
ztah$JU;WXL+0|hZy_>dC3!x*^>bFDw$IaV&{OOH4y6O&Z81I!Q?^1Tl^GoB|pxXWH
zl6w6S(B|NNlJ|$tylT6u`uY4?Pb+v;(z^3mZfC7kz`@_7R`2qO`?50$bT8nce`;6R
zzsr;H!*Gh|S)?U=20;VAkbtUA;@o`Ynf(Tb8z&iOGd>K@*7DAZ`|kbEt~&<~hX(Ev
zck3PJ(aZipFa?bKLoRCW1y`!$xztp1ns+%xUaz0oVCHJmUvq{WSbq1n?(bI=jBW;2
zgNJU9hotw?u&KKAfA#IUTzBD91QObMI{)fB^=xhKEv&5wcKy1C+76am`mImun(7RC
zkz9*E%?4*S+sJp%yJvbn_vN2*Io$8BpLTT|@*VnK0yl#1!ru_8zW|^0o$_n5Ch;Hy
zdY-t?FFPo+$r=h|3Xq-X0>ykZ{&o-DZ=na#$5(q-t?9}7Zav67=hswkDxY(cYwGm~
z-$&1DsXLK9diKNi5W8u;OTKOI_9uNhZ^m!<y>p(s--R#5S7UtnTLQV?IS;R%-!Z_8
z{b3BN23fsf{yhR2ES!|a(d%~#z;M)AdGP(4+d%V4zy)ms*Wpr8O_{ogBc94}{r-bd
z_u0C-z!jk!>*k#Iq(G1b+Oz=@FakhDg`@Al%M+HO;i5@bhZPZ}%Ai0K9u7CQ^gyN+
zphUsJpG?8Q2Gm6B|A27)3pr6HMcp8_j|oNa#KZgJ@9g6%9PC%CE9QR!2WSULEoUGg
zbh7_^fu)p5Z+_wmV@p*{7fm@?ZWDW3dLvVNV*tH}t;3Ht5D>2i_fOLn;9^ARVQXXO
z%<aKP{9hW}KkfgB8Hfr0OU1>Sk62Sqkx<0m2|&n3&q~io%nw6INXYACYR0WBD*ivi
zf3En5EnHk2xEUDS-QDTkS?KMZ%o&)txVRV?nHiXw>3%fmoIUMaj6CS<oJs!M$p3Fg
z6yR*)Wa;2yX>UjPAG=1z_O32`#KixZ=zl-|?I*y)^8d_a=lnm*`dJ{ue|i|0=ouOQ
z*Y?j)-v3Cs)tmuNBKEen06Q0c6%!`_z|Psi-i7zShWtOB|1%*k!+*T^zr6bICI6T7
zXU+UDybS;Q|MA1vP4CbH0SN+0i3+KD0AK1sdY}SO@SzIbp?X4gysyQg2qiJ7f&xA@
z8lGV&*}=d|qF|z;T#yvce!6+2ETBuCA->=3INNovoZ7nF(_t@o74o_+F8u&*&)N27
zJDC%1IHV9*xQv{J4*h!p1Hi$cSWblAVSU&F*#EZ>1`;mNk{1dB5)K~ozvaO2m>^5Q
z<XGkZbN!#eB8J#=|7GL9^&A2~xu)l&BqbAmAB;)~8Wz0%rM>TQtzKoeyO2?CFceZV
z>2<rzlFh&E!R2<5wA=12J>Qt-?@$?&XMQThAalRkvcr*{tle}XVOF0750^5uDAA3N
zNNmXPh>Va)co{~Ol9Y1W)Re^o45jDj>nBm9x1o;bsze=4k(9!oB;Sp|NVg!1m3Rd5
zCeh){IsLlbmXde7?C$C5Av2%NsmlyN(LVZ^fTTN|a3-N=W@lHQYQE4<rcl72$lGpu
zNE;p&m6Dcj<Z)BrB$9~3O`_4DZ~H|S+kY4=WaRnv0p9jY&|X5{<ByMz&tax{URt3@
zn1$DibUHnqea~yybS94m`sY*E@aV9hgW0behs%wYqgA>!nAe{eI8t6RX$W|r@l`e8
zMX#HFAd$(-K3AunL8m03xk_7{d!>q!O&TNB2eF1Lr(Mza^+==9=hX=bgP;BJ-&#5}
z%BajM%+dBFj|7iS%Q-_Pr%_RHc{$g0$4P$jLa_uihM+=m-?u&qf!|HxQuxTPEsw1^
z3H-COht@|{PSDArL2%ed*1xOP6B2g3QK)ppWYQ^!yHUN$J>qPZ^96w^R4VA%)621C
zEbQcY&n{Jlu78C?OGLt-n4N~93isxR5Uon<`<}8~F6Nc|G6W2su6G%bkdW$hzg4GM
zo#kVr6jBZ}>?T{6(gFX@fS`laGu4U{>O#aOl6=bnuU}2drJ_b>%3~VZ>Qu!(bD2Xl
z&X_fgYa|kJ<BdmCrWb#H)32nd!T;;!=VNA8R<F}MOX9lI)4qS+oy1NP@b^o9xFuw@
zY6O~xaX7j|<MP<s+qO)n)l$ahu%w;I<_M3eAWNlITWq14N&-plnm3cn8ZQ`wkP3gg
zEENm{amOlomRTy3D{(rKzPtASo*;<En3_PLXo_jAbiXS5XX(V}_8L~h?IGWq3#~d`
zTejQyW)9PQ%d#et+UF|4AlcTLTH-!brCemVL(9}sDw8htW35y!n_bJeTgx}W+wD3L
z7DLzEk;nTf=VJ4OBA45B`n=|D{1y@%d}4#m8u0n{s9Y+IW(hp->JX2w+~dV2mpw~M
z!5EEBN39@Se6ih?o<gUyO2!fC3wOF}pxtIg);A#9b(3yD$`t+Q;gOjX3j}Zw36$A(
z)BqMD3Ijg<DUD$#IzG1<KM8HIVE<r4R0?x+|57O~Ax2|1m+$u_)$Ywc?ur``6_sSW
z*+!E_uJMSBjZMwtc9CE<lND76=!}{omWq^eIzOc1@_wRy=}`&$ML^9*$hl$+!aKE@
z1Kj5XG_M3{w)T2|Jn1~gSFNq7Y#T2R!g!z_C1R!?gh;JgL1^FeNPh7uAakkR67se9
zo;hBOXI?)(tj2S+AA9qztx5fibRR1t8`i<4sQ+nOJWNq)8o7ysic8yMHsjQB%`L+?
z6dGLe)V6EiC-W-%0o<bL@9&Q>J8ZEr9EiHdG@Hvqk?+eb<)`%$T~boveZr>?qUfMj
zt*xf-|H<}x@Vtv=P-=M>=c5c2GBP$1SDkKpT&UN$_X5m?;ij^$Mu?5WW<~03HkV|c
z=ci3A9MOqrb2gr$>o)r(BXl<rg@;J21xj=xE1naY`4qd$AuU?No>I;-X52;x6zyiS
z3(c|wvBJ>3-5QI63Xe$D>3jlD6tuJAax{syHHSx!HeHt|qHdi}xtGaeKGE%Y9}p1d
z?D2w6#|R4?asQ`4=<c;-4%HB0LEefIi->s4PCvbGmLPp55QCJQN(rQB(DbOoq>*Va
zM>jswshz8+Uf<_dEMsU?X1CWj_ngDk1CgFLu^@x$`zo0-B#gJ>(EY5FcE?*fNtt&S
z&iDRUPOH&0QV0D3^41dy8alDXdac9uTy!7V)FR=XQ}EJhXN$n}wGjYs&&#K7$ZoeK
zStg%JT;I(rf4)*pq0cx`Rk)X7q2>6LQPbn0O)nZkU8cG8xPX}R9!x)#UmibBZ;>a(
zxWp~Iv%^&)7L9&)wP`=~5-*UZ&1NO}^e(t<3N^#r$Kpi9xrM~O)pkNEqWI-}Q4|C>
z3zN+2bJ|d&|JgRg;H{pKTpp7Ma<QSdW}RO4s^9B__3YGgW^k}1hg&eO3+He$5d56b
zg5`SY2*Tpu>mz*^nD76AB-y`Om5hj3;>36wMa%iyV1eEw8Krhs0DQw-(kJG_`7Gwc
zX+Hq0a-JQQC@1u{iU6nwlVLwl^`&`f@JZ01>GNx~aNuo0^7jnXy5|#fv+NkVQsx9h
zR_Zaa+sopJOeR;%d);+=JEsNy{T4SvXPntw76~gj&Y?a$7<G1P9~n3IhTRxG3FEzx
zVyo?@xS5}TNS^-{*UCCh1(|+qTtcaN{G<VfJS7l8S5u#JkiTihhtplaMMx`FBH}e7
zWkfnUy{;yIE~n7(Y#yB)(s2@lz5c|pMLE6`ev1q_=?x_DYJn;|;)@F%uQjPzdn{ss
z`;M=|;1Ge$zksGZJ(xNJf4vl{plHVsfBLT_EfuB>#}v?hFhmd6^JS_o$Ky<TMoX(&
zgyetK41Ki8eP7y4o>fwU{lnB82gauFN6~ki6CzH;q>?IIrmDt4AMR(gAK7C^e`2kx
z1cfd)+lK!1DbIKHLdDETqoSo#N`Tl)3MW}Fbppup7>{->0|FXhazRzU!U>M8<z>><
zj?dy8A@metH=QL6R^K$+t_TYKHwd4d2q`(C2<!FSmUPUj`c1bMP=>;3v^N@zL`tDp
z+1W&mJW&U2!9#GB8kC@L7DU<#b@U?wnh5;nT+`*H9Bi6JHpo?2n0j`SNhBr@>wAMT
zTl+k`4Wk&WyP>0F(}w~FR{gvT<F|uWTOrBMYefG6DH`$S3vF=y+}%H0u+!(8>t*a|
zH!~rjU@It-bwV~5kWr)KkhqlW_#e_dOOPg;b!KMo<7a93HEgiCiWtWd@t5~Xk*J1l
zTr_ya`1=q02XB1%UUC7v`{dvOjf<+YGMy>Xe%F7iiO~5z#7pH0$x&!DS$=na6v*XI
z@`Wt98veHTiDZ{HYXElqi3*7X-|6O-NBHl}u5<G2x7rKAT9(2ywT4Zhw_ZX*LjkLZ
z_<#IB6D2-hB2lnrcWX2KEc^f-;`tH;soy;}-Bto*Y?GRVx(cBXQ|KX)qU59IoLqbY
z%9|y7y5N_Oq|@D(Q)+3-uP_nrZtoU)Wmo@}e;2FPDyvDI_8J|CLkDJt9z3&dxZh?C
z;edFXm>Y+Gbo7w<*X1PPMC|i&IZFzu!cY87)qAzO_LA@q2Z<mBm69$Bv^eYn3<8hF
ziH}f7(ehVPot9c$u!7o&OONcIQ}0@wrLT*>Od}2#cSwVkbz48%k^TCELXtP1%AhiZ
z+xW)jV-|-iv`WDPYbJhQQd)_vT({8af~*B-Mi=Asd1=^JuwHL0Eqk!Vid|Ug%gh64
zJpVj8Cmcw)nuHT32IspyS+a-Rv-_um?^N_Uc}YPb;Z=c{WhD#3ly3wLpb(T;dz&PA
z_bezQviNOsr@rilM<s)i0VRP7mQ-1rzq^Z%rqV@HgP&6mCu1@<d(7*nCc)ORyLt{p
z$Ir=NhNbyKOQlAVl*@G;kGv;>UP}z~a_AAdjL1?QNO9WH@#)N&(u>Cft5sDZg}KOc
zgPdWJXX7dLH5j}v^mmc6tHq&;jUkZ3&`F1_o$0nfCNp2-vx#T0MSjCM<$y9(C^ozP
zQ`g(00>OYpz>k5!s_}bhWpwO9@ANz<v)OJ`!{)H7(XO0d%x|hIOr3wA<*Am_xg@19
z3C6`DYlcBQnoMz*#;u<1xx3QqO8LdXA+S152a;@gG#Z0NQmfsXus;&5gCh|(CVXH5
zm}>zNYa)$eW1-{)UJnAI<wp3s-fqfOd7?5&WSfi=Opm|^redr2iU7ThQD7r4Xc(~5
zvSmrj=_)7CUaC-RwODWIdP}D->D1A22T2pl=*azjp3YE6szPCCesw(LG;fg4aITx+
zolss=c7q86eG^))Wx>F%u1&>BsoDEw)i|BSr$Xgf(vk~#$$ghAERB##r-2Sq9DE3_
z-RqXS(dfNqH#1Ya+aMGMhZpsbbHvv6_X?KEG;2@GObN~%>0iCFg?_h(l6pZEobSAs
ztY^B?Wr!4w%>-5Y8>3dS%^`{cVXs9Qa+`%UVr#}!0%VasMlLU<cRe^Y5kc#$>zJb%
zd}qvjY72(K#2w2RDeLTQQDbQWW%eVtzaVv4onB|BNxR#-;TC{XP{6A~0PKhcfg>5a
zG^$fiQ#&p@TiB{)hB`H=a)?_76iSh=8T2;eigfh3H?{=R%UT$p#|`eU7Rxr*1MTiw
z5}6E}bx7I7^VyO_6e?AbMJO24d0|2}QKQY7GM^kT;u<oCa-A+$2x)6-B-E{mWKrH9
zesbo5(lPW7Q9~!>W$JR-ycqC3y3(qktQbzP8{P0o)0J10#=~hPGMf;7F$JQmV1*C}
zstF``FoRGAwt>Qhh43l7g9po9s_sgqp3ZZd*V)4XF4HF>VpSS7DkV{U|8~zZSZV8n
zxoFlXlP)$ju!@#lJTCO$qIFu=WBI$sTFUzFx2VGa1WlR+j3HSz@8>JmC;^RsoQ;#N
zq9b+MEz)Zam2eN2n<sWSwK{ES+7*2j;pimf$t$vOjdQ?OZL0J51b6KZ7wamGfHphj
zmfa*logUMB)^ZrxApR=VN?HYhM^x6zj>QgV3N@<BcGm5X)z;&EPpm%kuA19EO2-=|
zPhv;BM+vit%J2`<x4_SFdKW#l3$wXAzQeBT-qgQCVNz$xrObe+8p)#6mw+d0<zE5#
z?}U`KzNbBP#=nCW%e1*JI9qynw@So@&zAaIrVBOdB}&kwr_PATnO`2$4MHD*el^Yj
zgE${g=aJMH7pA_@$KbPQJAsxP5#xJ<tg^LG@yV^-v+(ol`wj51jyu9LswM)uegZVy
zzVZF(YK?kL+>Yn^B``BPi&R!ASzG~ptJ@~!8qMF{J)AEy*KcZ>ehz)KypFOUgCvLA
zsyVv-1{TIJNl2W3B5>qo1~lnO_P&)(YeGhcr|PWJ0UJUBrm)=PLO_sQ!ajx6uWyro
z()ClMB<a5$+Uz>z9OE9W{p3**%d{&G@$w7BwMtra)YcYwb-HXEC!iIR$OnDl;aquz
z`pWogbcfTwZpR>DeT}svwaa$DKBIQGB-_lgqrswWHe0u!py5CEqo3QY*XYk?Z6I#c
zX0q6p@HCtQeg{6(V;^Edw%4szDCt$H*Pj0YSD)>SJ49=hJdjRm?N}_8nK+y<n1a0S
zD<|w)CN>=U+n(#zuR#8ODW?4J4;j*fFVeEl80h+0BBwwAEcu?8ZYj=S#y@eQ?NC&+
zc`JZW!T3{@whGK-M^L+Z<z#Lme6wvbjwT(Cd7;q&1WdES3#6(b=KIiuDi{pvikNTR
zcM_F~F!b)wX-$#saVWi<dU})}99M)*$1P}+T7y~0&}r+(`((R6qMp??^CtY^oGEl~
zfWP%lk5;SFgNFQ&8h$5b#xq$hZ&e}v9=GEp@syU#bYs%_F3(rnE}>!b!VN~B5L0Eb
z-z<ATscdOR%T?Rqp&N0y^R$d-$+R($#*{Xr)#^1s38m49>NDxvN>L(mlX{B&yE~oG
zQu7RwtjGxWMDijp9N>E?38x-h*vR0vELs(RJCZp|JfN;+n4q1|O(gp<7h_RCi>@D~
zT~cH>x>U%oH%S7O65%n7j;GiVBezbz1r_J<^gBJ0ykN*R0y>%u_2<wtObHHzu~4c~
zw=RcRW0U*y2Z9NbrF&Cl!&!Zig<g)*4FJ-1s&b%i2V$b?Z?CUsQAgE^y+O@jZ@U}&
z)869_h0>`lyCOw`?j*gdc&=RA<6h}*Vpyv9AjwRH+LSQ=T3a4-Z7q>AxR9t9%H(js
zQy<_JeRVHZ5NV=v#Lbcj;_%a`-k&D{aPvq-;_g(u>h!`M;^#M9oQvsaxG*P%0RpoU
z!_>l?=p=F{H2LjjQvm<WX7loz5phCP@EW|*$yA!D6nk=-4Q>PWtWG^KByKAM^qF*>
zyHiBbx~ybCR}3UwiAaMv`JWgm{yd2w1Z|=RL=0UJNn9_tN0*e)Izaz>Z_oST&uy0_
zAxE@cB<5TRRggxv|GtF@ep(Bys<WnvFW`FK{DXWnor%Gwp72AyD*;t4E?F<aB{j8R
z#8u#CXuLr7y|-b;{1>Y&)#v@%L0(_H&M-kv`8A;J6i;!lE3BH{`7VnrsQb#IIbfsY
z(#Rpn)s!G0Z@9Ac8n+mbg_ULlh3eP={YUw6c!}4Bc4g$bA-{Qqx3C^X63?abeaRIB
zK2uVL2hU)LVN_|Dv;yG?vsUfY3?z&)8PeO%|M4DykUtT?`IpfTHnk((_WAj}yRtb8
z=uIy>>ma&IHMOWyD>p|p+pekqu35JV9-nc$+^klop58P80UM2A?g$c!a}3}NxX>(a
zMkIl>dHuw*W5Phc?Ul6TaGm5}b~#0)(ox4F40O62k2QR?VsPs!SKzKu)6QkYmJ!u1
zF@$Pdq8vhn9~gbg6`Qc21sZ%IZl0vHFk*$aF7>!D{j4)c#tMI$+9C-j9UkCKWu-wx
z6&+@h$!oE!MPReE{kYvLM86vi&cLv|Ue4HUc{qr%KIOhCG94>NZ+t+suoRhNJG{O5
zJLF=1Wdt50MyUe`p(@#l{W;=J`4wzFDzX8|WO3NrwLu5@S6H4G{zM3%AI@3|C<x0f
zo_B|%-q#HtGDA4j;>*mniQDK{?1B+j=K1of^Et99b>t0M6Ocs--;WX*1_E2Z#p1%Z
zQbcirf3x?;#5o$@&L`1_jFebq|G_#%%4yd%Cd8!*2@VX9D_hr42sR5wfE4wa33a}^
zdYX~E#yDg|fKoG0D<C+T3s?V!t}04d{2<KuC9$T#AHl`PnKSI<gqpfBTndoMychUa
z$Nzr8qFf*dJOjGd)o4D4ul2p_l^q>;Jlgap^l;?5?~_PsoTnzWJ@IU<uTKP>y?3a_
zu;hfO#I55el2z5}Xr8_FYo~W*x&CO|DeIq()8j(Qju-f9r`5SDf4JJ#NyW=^B1eY*
zSDOxc*khXwSYKZP8sU_B)7(<ZvZUIR7n<Lel}r;&{oMOZ#4IoX4H)M8rHC+7Usps^
zA%1f^Tg&|KMrb6y+U%YYld9az@4F|dI}b~YIocv_=IpZLHa&9$L*sEOy-)ws3u^qT
zaGhc3H&b1F?=*|~Y`ay3R?+ssSlkr-A>4|HTD2Nl*?@Bjx9b&YZ*Om0p50@&>-PuA
z*B7w5KMQ=>5s+^}TVkdhiqLEs%+`a34q66RLVlA<x%}NiI6=R`YiCj=#b+rN0T;BK
z)6Rkj^T`bnsoWYqVZI}Sr9YV$8=~2=3=sIjx1^9oyvHotFo}LZ|1V$|b%kRbZ{JKm
ziaV#CZ?Q}-LxRcVTqLXfI7EA57RsLIovu5kt6wwCT;0tif_P_3oMS9M^r6w<+ix6I
zO=vBEUbmf4;JbS-a77jBDU;o{v+k8;;w74)w_<WpTz62#q5hO;)hY);CRyl-3o)8e
zpti30V!g3=KgM-Sq;n;0yql?5LS_seuf$@Z2>V=>oO<K%SkQmOKq9$@Cvw9KH3?=|
z*aIDOuee5;Y3L2As89_;xVl9A3|`2RALfn>an|R}*_}k*PV<s`v82QV%fH=&Ia@3k
z;un$#dY#NaMuOzq?Ite8T5UEgCMPiVMuIc!)3VrXRJmj$8U*Z1$eXkAM3T<3?E)cR
z%k`qrb9PKE#U622E@$nous-K8`NHqiI;LP7XF_5SB42Dh|K_@5(MVzI6!D=$dW)SL
zE@@suXOb$a^XWUCW$LqXU8my`<ne1eBg-s8U(^Qy2q9};_-`{*u;PxbGRqg3kn_xW
zi^zfUuFz7;oDWjUQ(4Uj**`6MX88PsM)T}=+r|wsigXq^+JBdh4;XvB`5`TgPJaku
zl7;r1g=Jk9H=rs<z+Yd1Me9nNzF-Q8#SRwuY&@i$TzP3NNs-w9%V)6(@-Ane->NiX
z9EwbVagFmo&SP>S=@b&R)=PhqVff6p4hAej$@0TlVHm(jL!2@QYq#HOKFopCT}nMO
z1IK+jk54;8v!N8D*i%_P&4TE8;|->4RFoqo<JWWq;CAl)eVPhH4kd;E$uu;K2FCM$
zNlvCp#OdOR7Bb;*sitBFac@jWr#CX*|8Q8>Op|}hl_Zb<IObVx=?CSq*%G7BTC!I%
z@7)BH@fVxz5?tYL*30TO{*6{Z3A(jX#`ZV6Ce<GNh3a^L<cOPq{Ni+7G{NxPXbiR=
zp8VaE==3IBA}YpGoKUL;*m1nVo(l`5_Ovv=<ROGqoJ%BYhhye6oDD3B`1U@|EDy|@
zvG>zlap$+L>3W^(^k=;uR&&jmpg_54c0Qpu0wC9l!s=$T*OsbQCTV8}G}KVaWwEc|
zl8ncFGQ39b^7~>%u__S4>U#W8L1-w$86(?hA0|x=+eEWKPY5wD0lgNLvf51siu$lW
zRsu`$$>xqk6Uayzl!Y1xWFOK&qJO=eYS_&>y@bKsLiOX*k2Yr~ht;}FKcW3K+%22)
zM>qwO@&A4Qz&&}53J}o!bb7rf!Qp4UJ~zD|LRo0-tcXpYpboU5<X}ZshF}}Z9)-FZ
z=R{Ee__u01cnAwodIVG(Mj@Y*aDUR=g(D46<dbgd-}0eWWY337$mZB5J+uiL-VsFX
z4xcE{kpxBcWRfDTCzVph{mf`PLU-C8ktmb=GXfUb7s)AuP?RDX!$GJ-TyNZc3q%?!
zI+@D&tTA;%n1(6xdjNRU3?7$LkvfIJ{s3+azDaw`J{sL}CzfYb<~VQU`Kw<j#1WXb
zIJI4>GTh_T>+#&ucK^z?CUv4{%qyZro`990ndD=iJZPl<(NxTM##pCB%P@;$9FqCX
zt1-ktI%U`bs!X<(xJ*!SbXzhpfdw&YVYO*p(Lr2SE~UX4(^>U6E;A@s+u`L^R4l`q
zjVxmq<>38uE-)+>Te@Dq#|8uy_o)Bwh{p8(cqT3{?`XD|!FqkMv~x6<#+{x_DX>ob
zN;e1gwGbM2Q3Q<f^K0`OKXhoGg`j7RSvSJ$&xC<O+R%7cbvU&~o$<X>Ih1VctQbEL
zwOA27g_JBJbrh*-P-i4P3bFDSB3g(d669nSsqlSFcMc`fS~4luY>&zDs4x}->mH>=
z>V#Bg_fo@a2Bv@qH6#Q)HsvpDE6~D>V^J1#nk?OJhXt3@-nXqr0PM62h3ibE*gZPb
zK~;VAulr~olEgs$z12FsuA@J{O^#>y6?b2^8nF?aNf~rsqPy>ByBgv7J^6-(A$xCF
zHj7*wGg{?c9z2*6DyTRTyV;M^4ypFZI&Q-`71LFuKWs;6a}aZb&d(5i;wJf_-cU)O
zB7aFGf?15cMja>Uis=cMWf@qG$_IFIhDtXSAGmT+#KJcsLt13{e)l|^KAbWk*O3TG
zB1Rq0X0hq;f1C!xB}bZ*?Kspd)0@kF>#sHRB#a-uV&tiynVHv%kVE?4O(Zfq4wgU3
zx4iNUk^ewdncjRZ5siwd8F<w%LEu)e$6Y(5{Tv?O8>NK>WOQumfdLNIV&j=|DO4A`
z!@?FZd5nyUhz&Dkn<&yDgmfri^@8R$)458%r}5Q2mG_`D^fcmyWh*56O0^q@=?TQn
z#I+<+isoeyK+gzGoAqc8B0Sv-^{C7*%uj4n2SEf#ADY+6`#FJd-MRdKmJqHO?i2ps
zUlhLYk1H#26nY=mecvF<s1??dcsy>X<gpIyOxvd)uL6@RG#YFizKFf+!I1FM2jsCo
z=%WU<BMhI<ZTW}in3(y`mObHZ0REK7xb|&IA|fLEMS<AW#bs^RS^mfoJwyZ7RW+op
zpa?ydrC^=QPC!hCfr$d8jQA2OM;ya}y|4F2M(mPu59vzYaGL~*6>nsQ<R(rfOKkEA
z+Al6D0)T_O&z%WkdLbh~e`t0Xr`8eu=3N6K)mj_U&;d0>ithD&>jx?KHIbLIKB`LX
zobPKLEkEN-W34N^dRb!ag`+RB@9^z<!pb4qNB*_cDDie2@iC2;s^>Ixn91Vrre~)8
zCUN#&jHQN@l7`3q*B>OjsKA!oaN1MWWHrM+N0<X&+X45>qR}nP(0vd!mi&qY9+g2~
zwlZ7l@bG7=Vx7CdL{4TfXw}vC1LT~Ol4tR_E`&bZ>iy6ljen1S+e|ql@s~?$ffXxQ
zt(GOFUs4hZ3J7(|0UkNFxLiJ}Qse!<u}gA6f8nsB<|FfCvG1V=R>lBvu;W`Sm$Z{k
zs1bG@(j<x`XR;H0po0ONtTLcjH8qe4#6dEXfZ-<9=4I~C=L#ofqo>H2kPmv!@@_km
zFvK_WW`L~(<qXrjE2czXypk$}=tKpU4g5b#hjIRc_+?P=9e;i5#B?nmtR0Dde10A|
zXLQ<@N-y!Ozj%Zkj*OgJh2fB@8&qmlm(^h^=>?DPV=O7mxR2?_)V_m}W5GZdh4_R3
zqk{d-tp5S8dYD$(py-jC9^b`<rK7;4B0|UVbg_iQR^iZ?&VflgK;Y|brYhB>+8N}Q
z67!u}AD%2>*TA@j+apTF;?T*}ESr()Q4k41&^zh$I>caT0I^Pw+oX&2E(!NP;3)Vv
zbIFnYWq6X4JD^9q59&>~hn}5IHY?R?7*-iicjcP~uX>EqFuWtOQw}gM_bCqWIFtLf
zhv<YA6c0At!(kL8qf0%5i>$tJna8^~Q_#qPrcle=RBd#T2c_y*Zop_N!pXmkEGGyL
z{L`HZBohZ=7E=dR5SV~IvhB+xL98~+*oxeGeBa&TF<fR3|3xNKD25(Yuw?rfZWsfQ
zSJ@vQYc1SoGl?1Hii>WF5n}}1aKKSR6r;OB>ZPFWBZ3rT`wbeK`Z?Tr=D*1B$9JIu
z-1iaD2X7FOL(P$eEjf1_zQLsA1L_wEgF!R<1Amg16a7M<E`d^<7q*gptwuxQ+uB)O
zT8L4M!LC1vudYqm%WHHec?OXzk=n8sSv((dcl|bbJ<s;BA@~)J8P!0`eUwmGV0Kv}
z2}T8&<~ED3cv2|G7lQ?AISTJV3O3UK_oCorGGuHgpHsTX;MdfHQs~vJ<1^?X_R*U?
z2gC6MqQwd$5<Qf-0D_x2f$tQVbow)^v2Bd{FY6Zi<mRrie>Gom_<T`d_dK~PTc8W_
z1H#}(>nC}sckpEy4^V*<JR->yChR1iC}fAMxPO73N{FRrn&lC?LQxMRfxts^B9k2~
zCSrKhKC1EA<xMyd@F6n<y>1SIOBrRGv!JgJe;1FL(lxi#7-x}XJ&qChFY+GM_z*1}
z`95#6n*4IQAwQl;$H1!VRqS_y*C)m&W^AHrCwOB%Ff59Vl~n%-0P!yvLq6nef*p|n
z0fzm>#Y8WLl-HJvX?<SltS}%xK*@7l=}zIQD>~DNs^+cA`Ww=8+=5&;1mm+)Qa*n%
zubsE}DfbnJqq^_=D_llcFo#QCqt*5A2l#rUXEaUM_?@l!^JHB>F(qv_hkf1o=eTZQ
zWO|mx+9uGFqDt{RQCWCOOby?y(hU-GUv)V2?51R?ge@oZ0UJjjvonIqJ(CddfWR{i
znGsT~%rbgw0v2z_y(B<<Epvn7-WVQ>Ta=m`$ZXuAz|ql>`Rsm<jFptNc!~Lw;}}h^
z%gnYco}>w~0e6Bz6J)yJ0hdy-A;9HwLv2*yMO3@hCi4r7M}k?yP#A|~BgNA^xz@rA
zRb1*8v1Gj48Fm6j`B9OF#p!4cF$nC5bd>QIL8F%DnG6;S>nv$ZCU(V2a*b{}R=5-K
zlO(LtP>h0fm)87Z98X<GD9+%mcAw6ZL_eRNdKosG)%Z^$>pTyHZF=4L*n_qrWaDTw
z7RMDWVs(ZT!E*1RQe`m36Jq;7Fp*g7@Nan6e-IsmefMqHa=n2;s+pzLM2};JyH{yP
zM1Nih7>E~h8WpPa@|K-Y_C1I)yF}ha5}yQn+vXWngH~~ppNw_T;;`aUIkOqmdrFB-
z5>0;k*6dboq@|`M|2?RDZ78ZgOS3Et2?IhpWuhb0wN!vqe`0o7D3;b<)|Dou+w~5p
zK?(omKLXVti>>zGF4sFV2WGyY6Ky|bIAqIV1TLLe$UzNRc#}QGR(+7E8D0%`+uTrC
zXOwh5iHaZEBQp>L?)rP^69h$DTiB*5tjz3ic?+}46ShqInpeM4D`>0Xea?+0yXfzt
zXiXZYnN`ul#PM`4o>mYc+cu+_#F!RiJbU28lfCGuG#prB9y=~xdER}U#IU4C&6DP!
zY@5|-=0~n|X3t^Ent@o(4wBxflG&UV$TBTPVIyFQ+sJg*G6;v04F2{8sm;D5mj(2s
zbr3Px*ZZ03^jN#aimUB5Mtf*Oy~F{jO}(q|ZiI8v$MYWABta&Hk_wGRJ>i_KO6I3V
zC)5twJjol3yamxBGDgc3YJx7gSb0d+!xDtL@KACZ-WFvl6Jx_I6fwx>&?9+2k#+!j
z1G+^8W)8QbfXKVcVw(E(KMZM-<|^0k%q&E7c*MKAKPE;dpbrhZO#BW+aL=zmI248m
zc0QRIFsZ6nkWnl+(-^WOnc?YNT+v8@*fRN3OG0y$$7{r!#|RMya=H1BVx?NcT}xYF
z%F_$*oOFU%#B};wC{19S<Gag`Euf*pb*x+>AqL;ba@N(#2c|y^%RL9Gq0q)$o99jL
zOu#j);jo>`nTjzP2x>o{Wz1$4gKgK@+xp(9F+Lzc(jqg@_N(aF@m4$}MARCG;@L>-
z{%k6v_}H)gPWM>&GQfu1Hi1AL!79!2Pe#rs<|L;l3^*7Vr4%|Z;KxIF6?sDq(%9#a
zSHLQ!Zn@FU0(COse1`I@R?t|El1(x;4R|64D@VQVjcrzb!4psOq^Lzbtw@;&^lXF1
z+ozq7Gk{>3T~E!KWk_i2b)j64UqZgg3!be_jsmnqX(Wl#*Yq((RzOna;%@+<R6wLO
zijjWr2&`r2G71B=c5?-9+#lI2v&Tb;U-0m0mb-H4uL56t?3ZLDe)L+6s_sdyqqXQ%
z+N8yHTVFURePg2*5?zhTQ*VzrCH~)jb_DOA8-+4pWksbz31q^_MF9?EzaKZ@P67(<
zr33hQ1e(cLyqwvgnBvwvu}gcnRF=#zV=)AUxPW1l1<btp{(Se?b?i&$3RoFyTSV?!
zo^4k|snTdIlY}0x7cj1S9W&!2+TIs`H+lrVL$V6_BcRAOIoxh_IJ*KDW~iBMG@mis
zZE2=2N4Y$BnrhLOg)E6IxA*0Jr0(A@F2yy~=Y9|QWb*rl9h+4GX7l)T-X1)cN!Z!5
zDE5Ugs?h14MrW&tYebRf6cJ-#Q+xPrKIKiRQJ^XR;>J;<Nmoc(oknGcSIY)(I0iAB
z!Tnia+B6QBJQ%q<N#x~fxz0=qOz{OQh_AbTMS%b*ulG#Jo5!3M1{l72UFu6oF5)v}
zZQ>kl@v8Z*4)pw#l}UYiJ-Rd}c%3B)q>tkl*t0}aA|B7?mUq3cO5O+tM3gTC1cJI)
z_lP3YYnRqXw3gqJv5Xz?21btXvz0Bnisj-Np@!o7mP)bK4n9~eX-C{LH<J-@vw`Qc
z;|(VwtqX)78)Vg`dZ+-V*(GfIm{QGEsR~J4vEN|gViF^1+$UpxL878uuH0CVT`3(g
zy5!Hk%ZpyDE(J0>F9~_NPoTdr47s*!HY-=kuH?D=;t!72()!wd-T^Oa5QQ*b|Bf`w
z28TsI72esn9(lr|P3v);Qs1QDyn*#(ayo>9oOSu80<-#s$tdVPR;~V3x@lVLjrc4D
znza($D0U~KUqIWDtw2-}&J;C&!>n?XaRoire@@<(q;f#m<2-a|8D?)(h7aO(D)A6<
z>$HUn*)pRuzkz9=#ZsTH`anhLI)#2RM_;@Fh?-jH$LZYYLqemO`j{ObMfrk}ETd#y
zTMWI6Rv6%giDJ)=zL=q!XFQeZfmTESXY)-nV!E9q@L!TqlkrGXkh%7muCLc_se;4d
zSMB|L;^B4P@DNk^8VC+IJ)YK*u9)~MA~D_NaOQ56ZoO8sL<g0{ZcWW*z3OtN`N%qJ
z_?}9m4%38bN%qE^nbKoEm#3Z0Sl2ZKJOk1s@j0o?>#v{LY+9a!@aq|Kz{JnIvV#f;
zC*!D_D4@H$i6+Y&`6D$?dO0P-rPo`}z|&mOnkr|lW&X1)ReEZ_r+n{tsm-+@fEZg%
zsASOHLqPF8>*zY%QZpCy(`~!U9Ydh+vlFpQcCz>Qnr$+FB~I5R!3gDtuDby6iJjWl
zNa8v9)aNo)$T2H@!=D;a`^jsEU$oM!tap2R4(IX>tXW1~_X5n4ZQNemv{k9-ob#`V
zhIm#J7sc+N<2`YO5KD$Bq#inOkXv^R_U*+*Qk{))qms#GXODz3Bn~FYj=IV_$1zBF
zI&?LiPSK*#y6Xez<U8?_1l;8-wW=zbvhK&-ERrra%i~d>9c$5s)|1VJUqIgx#ygx(
zT-jzGEZD499xR%8SRR`#V`H20s#x}rqh<0r9fhAqH8F;+gQMACWtX;mVUANd-dhuH
zMK+|`!ct2F?Jfsy%Gh(CpjA|yG*d{4oA=xtGE7C>vJPd|$ZoA7wxVL!V)9%zUZ%0B
zHM$F8&K3pvadw2bS86SuqOJRwXB#5zsYv~A`e)*-%kzx>)mEhmb?<-9C9Bu!P)$@s
z7R*qi;^Wh2v)iY=cyte8NA^yc&16euG6Ps!_wuGZ46N2F>0GVW7E%k2-X8x+p9_vI
z{3oR91Sju0mb2CBiRor3DD7V9E8X{A;wLrNg*G4rGX?=Ws-@u|(_z)8-7ptgKdpz3
zOd|a@l!Aev6fLJxzP88&>QQK_x?35KV?Hl@Q?AnlR%?tdQ{_8e29b<kYY>LEXv?a-
z_tM%+Tyw8F>Xnl*V<!ALPDn!(+@Uqby=G=D4uHNTMPtyY%Wf1tWVW?I+TPgmLh<wS
z55~&nZEc9;w2Obd&-EdryZN`v*fdNYg)c$LzLAv4zp4u-bZgKlS)hwdZxqi|PZVho
zqzctqo5GV41Tj%@3MbL)CfodFa)8pl)!6?#fu2v<Rv#(}qL>=hTIn_@&)H|Q0K#nP
z;r;61pi`+cAmLOw-Q7fBR>^gLER_?N%RX}&OOuu)&Ht<r(7U6fQtZN1srB~7K9+S~
z;c>fvw_cu~MR0d|UE^6P(RFxu&QTGsh|F=UwKAYoSG(QmnmQQzNVHK2V6H9vDNsrf
zH*~^iwB2ME%!H&4)wJK~j#PD12a|{RbOfdcE0}x_-WXSX*~flMQ>24pw%B=6z&x=n
zAVs0qPu|ohR4e*O(F<D4{Ix=xG;5Gt@~_Ydhf6}wHpBQ`?EWNeXP)}x>)PmSr=pSi
zi<FEEnkB%8-7<-n$*ClV%UQfFP1b0=P~3At`)Z0lziA$tD}krgb)`{RSOUF-mUX*J
zq;%bWID%qW#$=+c>sQCi)Nhk9Q;e#lQzG@>n7keh67TeMCu4GQ@%VhSKW{~RKkxdb
zS5#20tYKl4I1$G7voet}6D#-TzSYX+Fe<g$ZC61@9)o`?ly{;X-Xq}wSY>0;_KKaM
zg~oS-S~H*m(_Q{n?U$><uFr(sByYC!Cz@%$@aloX7$*g=w@ezbENGMWpH!z&5K-<;
zu^Jxe`+?uu!?JB-=sXuF99aDv=^(Qj)~h2_J@BkkHCiG&3_RE!<_SZ>mmmL}ky21h
zJ@3vf^YtFjWXphBWN5{{Jzmp*!=C9#h=_;)ZV95BHkSF!y4AtSB_!@I)Ge|Ne7;J3
zp4Lf;Vsu~^D4tz3g0wcKis!2yOw**+1VR8#lpl%X=fskYba57`XV@Li0UP9l#LD!$
z31GuyWm%RgpLwnHO3vM^`|1W4>ze#NHL)(Xdo;_Y%kw+Fes}m$`F<>}RXMz#i)UIX
z8ILEA_%o$0e<3m4@=%^l1(VN}KlvrbHoUHW>c+`F-ycOXN#|k&_#E~EaQR*Stlr>p
z%l~@&VP?*!x(YmzWGgv^fV!`Ddn0L~;ALmR12vqxpcuUtr_>l<%N*nH)u6_r%6g;H
zq$sn;iG)^Zs3^N7is^Fblln<IsCFADb&f!<<tD;QwDrCF=`g~VL)bO4SMd@%X9}Hb
z&9?537i9&k)!w)isw{(4DoT)zFAM{}$VRTY2{S@a5@O<I>Um3wi~)bPy|(uf1D%k}
z!<oIB_vdo`U)7QVP}8^(N<N5@j*;7nxSeECmp@sq5JnLxb;1CH`s+ruYIW&}>KZTq
za5$_Y9y``kuLPT|cBbk^LY1-0`AI>6<DXJ4z{kriv(X2b*k%cX932yj;@qg3=|H>w
zVzDEDDu)5Xm}8~I3Fml;w1ihiQ2EkEiE`5g^0TTAjmKQ&w`e0M%t45=hH{JCjo^%8
zPhqVpoth>&yls5@WF5?#TC6%&bh8OhLhiwtd44K^|A$nOiE&Pyn)ZP(D52Tz<%%>l
z31BA}QC&#Vi66B9Z@IgyJJz$hLt^zMeI=f0%Xm72Nx3`2Jo7}$NX#CW2=*6?60mQE
zR;qN$O(MM>{vw-?9e1n!Ced&OW=R|<JhZGz@&qEWKS}i%?A*74U-13Q4{**B#<s}&
z0O_4UAh4#XwMucFmW2&WjnOTPWbE4!$1N2pz+dWj^<gFrEhrE*tuL%!MtY1xqlajz
zqcY%I*Lq{Euc9sl{bU`B!%MHcA?o{>tadt`Cu)O|Mu~>nu+qWvTb0lu*;FJ0?+3hH
z`n^8{k!$ssB6<ET6u(nWC$C}`ea2y!K2hnA26%qGo{)uyhv?4pHUCs^b$A_By)vr#
zm;1M(C;S%8HB;LUD>EsNQ*J2WH#k09DnI(k7-y|s*G%%5$LK7nN8cP~I`m%ew8%if
z;ZouybV^;;#Uj|IL!gz)zZ&1|{*`HTxMzZnYS4ebWCufQncRHg%Z@uo(Z&*2OdvF4
zfyTCVGaa1>bU?HsPZO<eq!Z)|-dt5?eo`z}7cnyW+vqa_qt#(mn!_FG;%Y_jw%?JX
z-Q&bBjb0G^CDi!U-lv>M3KFqD9jD_u%KCcodltY^LSUoO(_JKYzk}rx58C4;5XAc%
z@~FP=tJ9q^xp#q1loy;MSvxZ5Cps<5`u~bJ%ebhzehrg?bO=ay4Bg#=C=A^xozgip
zh)8!0HFPNrN(qQ`H;8l$-8s~pdCvPj=X~AY_WrH4*WUO4y6%zTUb`Q9)ka$QbGAN5
zi-jQexPj%)pmqWz-2$X}flpMMp)6rT8LfwZ8|`YTWP+*EmnDWdYCFDBaLPKDamvbF
z9eY=va;(+dq=w*`w%FM)SFqyD@f57ssJu)22xgWOwa5<M;Ls&#J#+VG1o#V=s0$D_
z50|$Kg;uu45D8m~pX}`-VDX)q32AM?;k$@CAaMqCiz|yYv#C~7F3WXZ=cP4j#4eaF
zVtswpT4*>C7Z}TKQ)2v6c{s9w0BRR8ZO|3Fj3guGSW<Vg!yF$fbIA2orVT&zho{{{
zW!L0UOiHP;@>jj;Muj4jMhoMo;k3vxV?na;0t3Fc*ym3xO%9DXl)|F~S?sSX49y$x
z`K8#|jr8EnMmNVRtX7)9@22hFQ+Pf|>)PU<QvE44IY+qwBsDoZWv0^3(~`nD3W+FR
zbN(@p9Mh3=7y{a2$;bTcZQ<BN7qpQ>vZ2u7W_G=C;-1ra(M~)lTYYgW^PB{3w2db1
zs@plseUiBmJUa(rkA$AP>a_cN5YN5GLwz4eRCcZ+!njQ#Oh8yc(Q{v(Rt#nais_LC
zm7S(j6ytZRkeCxzU^O}&^Y@jI5)t{evyJo0<iji#W6!HKg0MYy$4l=id`&b8<<ZHd
z1G7fK0%Xa0OU)8W{lmGH-=mQJIhdK|2U%1pL^8yqgnrUS8QDJE99uty9PS*<akP~+
zk;|v1JB<PmhqTtWtovT-Kgbj#pGP%s1#EtA`rP7{3-~QgZuEHY8b!sOEVrg!9WUr-
zEgDpV=Vy2Sd@a1dt}6Jrj3U7GTTwE}gQ2W}bQ&3tVpi|ox1yNBker&jItv{9<ef|v
zx*yx4jeUKB5Y_`PqFuIgGdfil&R!}<{1JZvVuz6@p5+Iqr|)wvgg|@yV=1g??p80_
z#mf1RUm2nHfXh^C)rWPLce1-%Tm1zFIE5dJd3jm6)yF5@q`(8vOYbWQn8)>j?i5k8
z`6`AsV+ObB(jx)?&(F%%CEvYogSR{>`qya@Y+tFn<S9wL!0~ix?A76#x~In$+U%d@
zeP6ZbJEz*CMPI$Uu5yiJd63OnF;|I5N~wO$9wS;}MPad0;!tfYDF8(PEp}>!IyU?5
zN$%lG6z$)2@hbn3#FBPI3r3inyuTYfJw2gX|LXaC=6;gQr!K|pyws#u?F<cnu~4sz
zTdCie`|XdPfi34Elf@`*&d_YbdlJyopA)UIA51CqYnK+{{G5*I3S{t`hf|N^B_a2>
z$yQ4DLgRe@I%`i<Zk^p70%c50q~?CTIj$Xmr$Ps5c+aKsxfW@Scba`ZAVC&Ri2C<k
z`F!*Cr`pVs=i*GnAtB`mE=Fzfr1{hm6dFez&$R#hp_wS#YK~wkXm=cv$<ui!?{mBw
z|JdO|)sY=WvHO2UoGM<0G0a)m>H*_k`dRiw9xDcs(F2xPj+Zk!vHo(EJZp6VHNg)%
zsSSZE$c7#MkX*?Cl3)_&U>O8C0XM6l!)g)!%A($*Z%9kesBj~$e5LXN4Q;S3<T)7<
zVn$c^)`42d&@R{RKT2NWR_F+NnL|G^?@aL1+ya~BlF^H+)7tJL)h@C7_Yqs6`Kl!r
z#}^F;U2o1@Pf{`I^i1W<kdg%D=y&CQX1{5#2B2$NDBw;#-cNMFhZ}Y#V>BaGoae}d
zg2?~>mJY?%5#d{9FWt|-k=K-IXv3!MKFQ?}kdctM#?W{;Zvxp{pNtdggP~d4=k#MF
z^c9~Xa3fO0*1N2*2dQO);dJgIBT8F}UlUz-S~n*v*kLqa2Mf}gkia;a|EvZ?YToVs
zr6|=;UX?>s)Zn!mpGR-1@-PP%x#R_kn|7_OAz0cXs{<B@4~X;%@b}CC(fia=r1Zii
zcL3xPZLyO$M-}^7ysj?@{~2w11+;v5d{_%18dul{6Monz39u2g`qyB*6<ycEy)^q#
zxn_U~tNyW?v6^_3Ass}6sCVGN=3uFyXV4wMabX=x0@&a1<n*0ZbU6w-<7Iu|$lzjm
z@)u0j9CZCE+>%%CINBy>efIrW!mIR5OTc%_<P++D#YS2TeqD2qY@8c2G-prv^V4*@
zKF|JA_1C+*y9%gm(5t7X`%k|bd}cHa+ibh2#0l34*w|cGbEC>XvZ2y(9x@OH;-!Pl
z5rGbeN+#Ert_xabv8J#P-Jrub?Emf^X3?a5l$qYrnQ}E1bJ>C;1^HW6NFYLSbBTCm
zcfi>{EBxT)#H3o_T!WN-Ga&Or<s&Ci<lllwZ;n9~b!oIKClDaQq|T8|SeP`rQlA5n
zrHtn$TgQX_XRr2SJW)}3IMz$n*9*Md3qNC#rp#9xDW|firU7|4^s7@etdZ+Ws1TZu
zV|vwelLIj`*XC-_!}faEr;PHICkTjlBm=;BDDts45<pZ2BkYM|%;+7%Yy>yC<Vj=f
zJ<^8g2!iHCz8RM%=+3}4`$CivpDO8(9p4-D`6x+d;;7~LqjN-D4Djez;NFLGijU4N
zl92eBCm$S8x`TtC<=vUrR&)f<10)2V8XWY%w!jDKyP^K8x%NuhC3cpCStTtkfm*!4
z#Y$*r`E%D}N(~Q9L3;skpMUsHEK$2c_E!(4^S86uC}%|0;Bm4nwm;SQ<yEsb(|uxJ
zZ2FNl=NFs&&rx8T@AMA7TW{m}N2!A@W&!kP@qkmG?t>IU5^gPnR(0k&&DA#N_MYE+
zS$l$++o3zr=xJj4MT)V*<dT%eKU{SAO>h<C2jikz?Li+L=f6b<HgFM=`tSs28#-s1
z=eODhNIsse*zSp2zUPCEj7LS?okkqlW^$X!SC5M-AUA2Mb-8bqeKTx)TVv9m%@Rwd
zEdm|M)Xx@is!_n{HK+db-J8;K;VBvOCs+{W0~bJ2(&PpSe~MzF&8El;dcV@@nYqJU
zVV7;%D&tIuIsudxIr~T}@164f^@q0(m}8V!I5=pDKi*$c%#|9>ltE>Npj^f~f+y~8
zbzbdX4|-nkQ2=zR2~Qm`BoEQCwlf?3gcne^5Kdr>V9q-^|1S-n>^>eAj_0Ktm07G~
z5D%pC>|>syL5iVc*?`OP>%>DO>@PCYjpZq->?=aPcy83YftOaCK@V5;Z7iU;?(Hl<
zgwM$$AlR>4DUOPMLi!;N(a!ReBv_k3Iiu_E>&#Z005?_3eQ!+4=9-_&@1a2nvbDz;
z%G3{{Q7^-K*xORKM)feUwYlOTYqBs{R>|N5a0V&-vQtAW;|vHHXA)1>orzIF)i0Dg
zyOH&sM!_5buc$8XU#L&>#;(KMX_ohtx+`3sI@wD#2vDbi9N{2+(kggd|MjLKSb#Av
zX`^Ta{VO?5uxqTA_9gU*ZmvpKn{?}as&r$v=0Q2SjLMji&`#~#R}wkPF^^>ISXK_1
zT&aK;^s-@P^z6~hm|BgwZ`>i9Y_VPnt^FQA1dlF<9-TMbV$}Q*^n)w7koPHIY)v-m
z_6<qW8@8337%lH2`93U6UFCMZ61pdh!gmlWvm^NBM3)9>x*+Z*?ftWQm=d#cMpECq
z$Y1i9O|x$GbySp2Rosu)`XI{N@}#_Jjb)R-mkI&RRk~@Ov|&m7gy_(v=EDe(ZLBq&
zSE2=dSEPI&?!iLpZv$S{SJ?R;7T@AyC|7;a^c{2vHZHG;^Mx4pCAP%ab;X@^lke`(
zV2Ghv!`_cIYuuCFp;T5)G*Bwhnn}B!v%_LtSY@mrWP9rGX(vZI2TU0WO*WM!eg<=N
z&QA?CpqSlL^=cKJs2&4BV@$_MF)=BC5~}oTgEPB!hSUEyk+Sf#*szG{M#w!1`Q0o@
zvnV85qv(Qve`0RjV}El@m448n5VogtTBz=WGQ5S3!R7P{jgoDu#1ow7s=Dg<zU8Qy
zHx!M!4l1e!mob-&xBHl~1m9OaBIh$RvjR%VTc_L+nuV$H?L^nRri+~EqkH(XYH_#8
z3!br4j;|0mPh*T6ePYemh+&D=QiVn*imzW8<RrKuO3CRg@z!&2(qi};k%tmMON9sr
zdYD9K$|jPSW8oSp>zoF41TdG_QgY&n-Tt$l&)CYk*_GOzn)7M8U*SYhbhfA}&YuCd
z!a_OFRHwy{+dx}0I~Pvclhu_=#1Z`>5U@Lz_l2SS?+!Vps`NJOa##IFLH78MYs1#?
zM9%D+I8KxADjC%)JR)z3OMRO8FP4e(N=T|=Dga5NIsK+fFYFZsI^kw6vi7##meami
z!+<p)X@*S0Tay9<)MnYZ`4%K3g6V&{0QU2!Ste}8%~du}j-K$Pb%009O<tcIo~{?n
z8YPcU;DLWycss5(;oG0^Wm0HE?hPaHDYI?eTLT)>d0t`uc9TvXyrjo53pv*Pir=z7
zT@DFWZu35Nycbzv^}U5QdHvx(@7m_6?YxhHS%@WOo_AdzrhjfD^_gI4i|pG+A(b~$
zGKea$i6!-g=o`^i?C>IsHunfQEzsFrYJd(Z`Sb+L>;3NZKLnwV-PJMh8jh|%kk6=^
zmcruV;(DMSOcCcxf&(yoGW?KUWP~7MT)`E1d95GQOt%tki{UqxQaX}GEu5O}y3~PA
z@$tb6yZH|@d2s1Xw+wNf5(+++6&AK*49li12tA@NZhxlGc~xTVN<s#t21iD<*(y^V
z-eA|QdMC48{p_+N2$nu>_nKh-JcGb@3QG<GH=|kWUcweS#1!eYv^N?X?<QpG2@Sp)
zNZ9|`EK8c;g#&v%0WGURw|O{1>8h`3MUWBuyOYB})j3N#Gkjnz_#y966pkT@y4tgw
zIy5_w2np>{r}9xb2U)T-tFr=mg@SHVFCn7m+J<){@}S4_fm0gaZS2pqBIdLqSA~H$
zu-yiVoHQlcpsSNo;P8YDG2eJF`6{@!^Kshi9c=k$Kw?^GpY{Ef!+t~#Ec!#xQ**c#
z?5;TRq*Daib@{-$j$3Vlqrz#_6cs4p9W&=0+w+imzLh>EtkR~rbu?Sq_$^$qj*(L>
z!$=&~>+TUxE8+7k?ls?Z!(ltTd}V1>>WKV9O8^ag$nPHjSIgOSq~f9|f>=&2b(Mzg
zwBs%cNGStc5>(W*vp#iC+pNbf5{7Lk(T<d-vaFExq<HRbD$3cb7+mDy8E{5FH)jUs
zgjUN}uoZq^CTRXUAp?m}bYldjN$5Bn1)jAM<afE5wQOypo;q%h=;KN3#uDTPP63;2
z4oMx*xXJ@=U1EeC%*OJ|%(!I*7u>^C6e`=qy_4%`ZFQU!Qe8jY<4$K?e9IfKLd<SL
zWgYP?QiPqEP8Z6?a_IfK`Zu+3a*AA!uvEVLA}{SAxD)HWqybHthEj%-1R9Bch>7wx
znSl8pqKu<lN}=ra%6)KD4qf(TYjizRr0@C9pxxsioFQ5#)FQ^fyK&X6P-N6sW8o~$
zKfR>(+L|Kv7qmu1Tr(+~M)YfzrFtXSYUSL>ICb91EzR5)XWo6&3}B?4B@%I3u1FSv
z2W+6*5Zlb5ReiUh+=WQ^(m1JN<n*LuHoGq1dA1G+P^tnl@IS06*SRgXXU0<s=?L$k
z*%}eK3rhGL>*Pyy29PITiwGBUEI(4ZPJ6t7zfnDTxi*4mE+{>(6y?vQ66+}8OCdN@
z=hF1N3x)#!G}y!v;r%AkyT$J7?|-j`tzEve%mxHgOy=_zeF$R#Vj*Lt6cm_?`Rygy
zcn-s_El`A5vr}Kl++?K?R#|?IL39w<TtWmM#}(kUUH4TT_e+Ob6v0!gKTp8;V>}&x
z8%1;HZuQj~ogEFLSrFGl2`=hc&cyERcQf?0<&bRx=rFaY>U>{;SYEjLsx=C<=N<Cf
z>Q4%0hS?Tl4_oqf4mZN^l}8B?wySmx;~h~0?gVK@Zoghs4b)<djZM2mzeL{+3P+cn
zU&IN;n!h9eiO2iw9L6R-)~YInu!c<LnGRz^?6KH4v!W*cX7Ls8klleQ=R8s0Zkp@~
zK*K*&8#N2YvWD0Vk~J40fGxK0tO+{R^gvq&*!pra(XM6Un&8ZIimlpF$mpIXKS}m3
z>75<z$un<0YLGZCIxt^ypGzM4WE9MLI{({rx>8$7@y_db8hvTYqfdWW$bgHPsic$k
z>Z=ja8i}-%;20uM=1Yjkd2=yO<KF0weo8gqT0~{A`!>;EE8ib#xW8I0!6~8(lzCZg
zRk#>2rS60;vUQG<+PH}=-!+W*&?8ZTQ@VB*F1B4u&ic06Y+(n{3M#6Fi-q%KN`+Yz
zlTXMTb+^eDgh$(No;OU!+4mRYC-JZ#Gdx0q3!4w;!Q3jBtyX{M1>u*{(pQsjVqWfj
zfn8eY-Yu5hq(gfo;FGTMGgG@Cg3-H-b&+r#OC;iL+dm3Sch%_@kgJEjjN93xqEARC
zIn_sD>%m3&j0sWgwAZD#Z`qssyp|BkoIU)?6F;zR87-}ik=J#l?Z>*rv>jD9(}x~w
zoA=QM)_6!JeLnl1hV>rIK$Ujn;Xjd+Y_5t)1Rxic)aH*oY;5nQ8fZcS&rE0hurUjH
zENrb%@bs~OBlXr-T{{`gw(%5NnAzlEe2J^)nuH3To4qeV2;90_Sdn%)p7PgOkg(1P
zwa}RGWIra8<HGmq1J%|!wIk}L23VP!UDS%n-5#ZgBhE%%+fc*YE08-9xOZ>9jwzc3
z#u+H?UbLf5{(OodBP!&45jG)lD)E)Ud9}f?()Xjo^k^O5<GT+xQLIXaQq?@r`wa|Q
zgQu~J0+_$Ley@mj8M`^n<z>rFuB5wG3>i<20i#QfVP0TR(1xSmD~d;X*xgn@*@w;%
zG+~e8USDy>VIq_nL1g|<dp((E6xbmPZlDr<^~C{|#TAmQ8sF{I@QbT`fwRh|k^-gH
zOTIlCj0=<vyH=zC(2fSsC{Nr+$LDakCgiFDCn)RI2>A4NEDSn#dwx-uJwlK!oe4#X
z_d32vdc3-vh*6K>i4#*rMxtY+ErYe*bS`wGs5-lggknksTxm4D=Wdymt|Zs{v~I1e
zaNmk;Mc)<C_fRi~c*}A@DG36CN}us?X(u|FZ6;1iJGKR@XN+VIrnW3V2vWDeh9(`L
zUB0<;77ll;Gu7d&l>+gT{K>{IQ$Lw}FW5-jch7<JrWU1QJ6gfH#&h?}I;GiHy7w>N
zZvF&lmo-^R)lmtE@P%+2V$JxAl?p-}YNQQR3>>1bMW|O~4Zm04hG2aj&l3ks%myHU
zrZu2imuAD!rwOX$AJAUAxNg8bc_m1~QLlXd;ds^+In=SDMIYD!FfQYauqPP3W+l-8
zx1RBzE-d-3#gN!Y^_(0zxX#x!d&doWxJWh{c9Jg2O^O5yY?t-^+I4OnVq}2KvlW#A
zm|#N>PyB(I38Mg&mq6l6h8{+w4luI9CLXz{TWC|iT0VA$8AD9MUN5sBcu-*^@7wB)
z)Up4)ffgchesE8fKVG`xb)RZ_aqr&0{Mzw?;gNZnEAtGH+^=L`8^le4ii`<Hp+nlT
zgdj)t==OFlS>FD%++k;a{3NY&Po)}2kM%l9wlyqHZ^2@^e4;v%T($xUsB$y7ETh~t
z{MWVg_IEw5%bEYpL3Q`h*x!=GqZQxP43NxdCgPbQjq>xylMg?d1lxryS4=`K1s;Dv
zdnYpySdt~N09v+*9B1GyCmwVc9AX!6GtuUY4mudb&df@)Z+`yx<nMicQls6ii{om!
zH<C3~e7c$%AQf%W+pbE6tvWHQ1?=6;g-SB~W;LGLQ{DaZux)a;YOOF-mu=`Gsk(dl
zlj^+J4Ys|B4!dbTEpc7zEQ3r3r3~P%OZ>PFENSl^N6xOCK<djS%Sjqq1GWYTLj<G;
zOgt;oiA_&{3_L`~S;j9TweyL+fF&YwpXblWytD~I2eCA9!~|GfYW6P6Lm-&DJm%>X
z!XLB3TZCjL=5ILxyy-)-*;B3xzve02-~Eon*R>1=Vz*bnG?q}~LX<g-4TsBlMlkw#
zI2~IzTcxwZ*ljsFalV_aJ}rjXe4*`|KON5(@C~X(28%o0P+5!?Q?N&$#cW`vf(7?I
zt>cR(J*cNlu5m*J1I<uSc~ocx(C9Z#NZ8Xb!hIo@H8w{O5SvnGAWR!#oP|^^RU1e{
zZuibDS!y!~fUU~TE`D%g+2hobQ=V}JrL5&(vvfS+c|Hw^0WTUsOxPTHtPBXoS{?Sk
zd&rPJeSc?0BZ3EAGEo-A9$TA_+Ojj@2+~eSsSGFl?aE0ercD{BMxOHf3`=D*vehZG
zMn3h~A>z$c=ErJkmvB4A$1mJSsj&GDuKp3V(3h#u<)vn)9QgK`?|lvE6cFm{po^xb
z>G?x(Hf7EKQWf-&=Sy<MyL;kTgr8fniD-?G>@lS%JLIP0l|8p1>g`V=w9`_wFANS2
z#;P08Ysa}Ymn@SiGLEPzbi2FcioX5iK0IR=h+pbdwmq7zT@N(Ow>yM?<KR6VjVdVc
zK1(P3#*3x4LjUGViJ|C6)n%_-iQ$R5?&;j$dC{=(Rj=`<`=Pu;b9-EPz&UeeBps+9
z2-beR*(Hp`0Ox#^bwpz!iwW{;DerEwihnIRhA~I#9sWLsFL|x!bkN*JDLT9WkF>SC
zKQ4J;W0%|PDBm!n?rv*9y~HV|zTC9VFZ)YWiNw$_GWVnuAtvHiCY8kerDhMyrpo(x
z&-*y?nDvK;THP{8ntG89tEHyxq!=o+GCrGFrDqD`9vSG7kR*gWc<7faA6uV^lL~vS
z@lcPswb3$m$_jxE5j-P?t14s#E(egFo4!mlE#MB?aA0&Ej1;Zbm^&8%$K|0%g+o{R
zV&S}|F1M+{e5<$R`N1!q7hNW;XRuP!(yYbs=-;ktyrE<3PZ8xFzr;tYg15Pa=^k(4
zq)2>JuwQiSg{DWmoKG2yO`w)Q*%MKDsayZJk_`WgJSG<MoOrQaF}2t<``bUw2ON*Y
z5>7F`E|+MtNEPJhYW`cmWqHH_1t!qJ_KB8!VrWcWoPdC)>p=G_VEz-^w=cg7-N7=n
zWh~^j3be3>9gZ|N-WhkhKs=hqtc$?<DiW*I#?oljPF%8Ix-i6F4%Pf4?C7u22>Bae
z5*g@xMqP%z1yyM`393fas$Y}q>5G?u*Gs<3H4tB7n9irl5@GrFc$#K{Oa{}?<w$Hn
zz>!rT#7ghAal1jlR?$nZXZ*`LzsG92P%c{DYzfREyBDt<SFWlJ0+Kl&3KJ9YTezZv
zaT;3E*mV^Va<_>6`&{)81riS7h4_<35S+EM`ZMhYYO}wH;($A*e!$>6+onR$#bW)I
z-oRGgjPd4FBJ+9aaE^$THJ~v}f&SC`S|$Ioza`DG!o@)kPbGx>df;y9GU+7?3ka`8
zhb3vrhryI6DysX9FUnA+XIq*9dk{C=j)e))V3rlYp8Y4~Lr0<leI~cAk<Za`rF}j^
zkMzy4<cm0%t762~>}nt2?3z`4J=z_HnjV3N_IgTP;cMKE6jWXp*E#;PTQf@%+iURb
zFUhR6*@c$+#TGdyp)fVz0Bp#ok}nvo)2*>59_d#o)N|){7ZRX{$50#(dl9+d$r(=}
zr1Lnu)gRw1F03tM^)^u}e6f|>?gI;hSvV<ylNIYEr!Y(NtT`y_K3JZGy+7To)gL|E
z)@T>6miA#Y_Uz%7%&|$3-uQl5HHc^u@#b;GY_v0clkAbdk5;g6**L+Fg+VNE7ChDK
z^1jc4gg)!^C1p>_?u^dk>xjoLHe>tu(tSbSBDr99uk`cPSG(e(g6Bb=Q1+H&I?2Qg
zD5wpk^Rs%sg%Zw`<09`C&<)qz6oAix4|yWxGExo}NE01vGm(i|C;z_8c1eDKqEpu#
zFnVtHn*n^|Vk^k8CGv0j%`18q>OuE_D(-5v^#6r`vLuL#z{(iY{-J-bofUX=6J+5Z
y<cUC?|BdFWM9ndQx<~wK!v7uKgkhwk!ZEz;Zxaf|=WzdNk9@DFrcfhq9{xWtu@Pbb

literal 11349
zcmW++1zb~K8{S4qOj24zx?32H($XL$jP4xWse*tE=?0aOPKi-NKqLeK=^8CPKuSQq
z`~QCX-R<5B_nfz$=Y7w6Zk(>RDwK$x2m}H_)zy^rK_IXdaISR^ANbB<>mmbw@NG0y
zl|Xm@eLi%Sr2=;d5o)GBAP_O-e+L+plSd2OB=A+&QYKi%VWfOWDod943%K>r`GtwE
zqNlsNy@xMw2?8m4+gtnE+c5_?`#LeJs%z=m3D^^WK+GU@rKc|f=MVCO0@)0w?&J-p
z)H$=mVzM8n(p7x;<2O@r68lz!x$8q~ZS7h@uLv2Kya$iQ{28tnxW|iutqOeX_tfj@
zYc&PP_xYvB&uFnp**T8vs?;y3zB5NjDCiR{&L#Mcwv>9|_711$l3(Rvr{Cd4_>tsx
z0Wmwby83hdlpyj!u_}J_<Ng<%R**n3TB6xGDk11Fqyp5gHZMd+g2!Y!62D&S$!uh7
zM*ozZdyub>An*RK2YUI3INIOAq2OrrL$q{4F*F}t8j6$O-DM3$2w@#CLc(4y3ME;Q
z8;~Y;@H>d20<IGdMB%&T%1_G5%7@tpIGVi`5b-T%NP3h%Gc^g`)=htI%oiq;0(Z0M
zj|z5jRKLWk9-yB#?)ym75-DweJdC9#oQuaXK+_7*li+crWTjOfUd7)FjEzjfRgB^Q
zSJ;)K-)4G6JDaH9W435~OS|O~5!Oo(B?zhI{u(TfLjy_rw(CO4<mtnLaA&IY3lX9U
zJd*KKXGJ_i@^)Rlmj?}Ofk`a!ZX9bkq@$o?G^_6uvt!Q0u$&*p#j2KibkU=@-@KDw
zbP3ZERpI8Cf7n%Kx*r2^je115)%?C>(Q*aB{gc$(@*ReE;{dIwP}|+L`gvnx)%xT|
zS;v4_Rlpc)GS^FCD6zG_jJQrqN1%W){b_y0U`7HcqmJWsl-^{WHr|j3|IC&_0l|IZ
z7)Y624tMht3HCc9hhWJbU5re9@$C%6zS}I)0#ix+dA>4=8c@)%9`#a?InVRzi?fNo
zKxKIev&}p6lmWAFz<hos;o)&F?yWVgh*e2YGk|o!mVm@kbs?qM{Dd9oA@?6z7hu+f
zoLr>N6@UI8z>G5>M-1$Yn&`3u&BQ3Z_AE{G_6*w14<WO_U)1k==iD{x$&T<Y@Vq_K
zmmj;=mqaLTP6fIF)$!31g~|`Jzv-xM+aa+cn~k>>ZFe>EnS6zg--(>{TXF3_!HlvH
zSlpaJMX-G=x~QbfJq9^rTs;cToESfILY(`wlq+25>M>DhWmR9aW7?ip?_X>v1j~#a
zwc<j&;858Wk?7E@>+yZDt7diAyj9wm-IKg3qLBw;1plF0Um&;of@AVUjp~pHu*oiq
zkn)ZA;J*y1>j&OX!5)I(?F<uyO52kub5R<Q8;%5lV$>8GZrZTi0GL1?zW~QY#Qa+H
zgAX8aWrJ1ke*txd*5NA1T4lRF!znbiBf98hvFfSR>_xehzfu&ULW@=TaG7sRN^q%*
zdpDZV5JS-i3R*%`vl)be@Tv=Uv>MW?iTrW~5ES15D}|cHwxOjk*(^5Qg{H5EjP`0h
zxp<?4^PK6YbD!H5dQxMTE46y1%769KZQ@SWS!CGtyn$f2G0|3Bb##sf&r~pY6+kE~
zkuEC6{7j_VAhCKD8OX6i8Uv}tZ8l)kMv2mVY*0sEi^6Ren(Y?Eo8do|2M;vnsI2Ly
zV<Vw>;hJHDmW?T6?1NU1L6>?TcxZ{t3rgCa&QCA;qO3YSe;7PGoSR<!g8}4yVw%NX
z1B@Jw@jP{kHi348Ci5(CI)WV4L0Do-YO=SaBGA29jae#T8q8+^v0q--(rp$EMr=$n
ziQNxnrX^ZT-}wrdb@9*nIxuGOx{|URp8{(V?q5KI{5R`;8g@b&jDl-tIZ^38_qqmA
zqbh%2OKu9+uhI6;aqK9&<^9Y~hb`nK_09e3__}_(oQEH105-`e#<~5hPNscp@%{7X
z?FPm@?*eBN3BXZ5DQvq{A+@JM1>Jb&Iks&YUZ2wAl~c^#oPJr?rD)wL?3WeKia8^~
zWQT(4pf@74M0sh>K>_o!5$k_#lW?%^t{(H?(BS(PXhSqRfQ9AI$%Q1+h=#Vf+?DVf
z-x)b35<DY-2yFFQqNTZ&JF0f-FBQ?MHhy0ostXCGO%7YGU@b7lFiB4D<W~S%T!Fvb
zdi>PF!|Z@&nh$)LZ;)18*vQ$xSG$aRr;b)W0@r6WQK2)6*}Tyo(E*yhe<?;ea@{t$
z0KWrM74W7suTYWTHE#z!!+}x32rosJZO%ynhm4I-TS<YR{3m~6+bSUY`o>nNZR9Lt
z)DiKpj@5s$7ULHlL5GfE@XU*Y7ADvV5|8QKcEH~50wSqG9(o7~ez=h|GHxdcoF1MK
zOWb*iPle7@W3vEZ__W9#*pLMdUg+A=PhVt0F5?qvYH^Y0x;G(>pd(KjJ&DWHuwE-J
z1t7#9lHdst#z1%@R{~pqv}fb>Cg4~S#Xxc+r?UmBJlt@tZlMxYGB?vJ;+ee9MNgY>
z#yE!;SQUE}U2D5nKOY)s2YvLIRPzMrmrj>AL-<V^zof;TT~*DwnGXn6uKBQIlPoZd
zXfF&LiU;B?$K<-u6nKzf+|3T~O092aYzVA`2hBG={{GRUYt@~#QS(RlUxa4w%la3L
z1prCfqI=sYz_p+oGNdfF!OcXF*-%2fU^jKMr#X4t_O7+v&&|%I!Yrd$GO_n;@Z={e
z{2Fz%uy9bTyOFW`?OQBj0#=G=W87ZTQy;f%hTg3nOTQhB{nWqfLcWFMNFsqfh)g9h
z$-W=jsQb?o^ICd~C&G`PlZN*iP8_<Zc$|>JL7!|hu2G6YmDsG2OZgfh`|l4wh_pp}
z0m7+Sxs{G;L0<aV+CuASIJxma@qGN(A*wSmvF#z}gDGO>zs*A%*yfgs)(;}yH5r}v
zbKI|azqxV$9c$z`AYG%wF2Tpw#{ePnAz;X-@+&EouUxxY3@r<X`<wGkGGoA;Pfh$6
zBFk*MCZig3!v(X)?mvOLjz{<L%^tyfbeZ$^X~w%(P7sBHd|QM9P?gu;-7^pVnu9Jg
zthjW+i}~z(h7}A95wBA_uG#BjHycJ2+-!Oe#+x@oR0kHq8e~jC7<TIgoC{xHXiV_6
z%aDDLRP4I;helNW@z0&vIt?ZuZ5hJak50Z~03@VKLa;R^@Pk>Iy~S>yc5|ukw}mf+
zn%&KYs1ap)|2U&6WkouBsTtJnotwo-$Pd3c{6}`%J}^x56JXa2lUYlFIhxx!5P|`r
zCa&EK=)bXjuP0+H-%AZ*-!MYi8TLfWJ->JMj}E1GT4NgT(5xuVwe-LF`TAfHCQE+D
zt|NTR74TH0NWJy(1!LaNs?fmTuxLUD-u48AahA5O6iKVcj*x3vs!q7uB;0NP;#6|?
z0ZdOJsSN2eE@83uR?x;-eKc;Z42OZivE>_egKq;Na~tV^O5RyQCVQL`OZ}Ek$h?v4
zr2OnhwG_wL%y)f(GUHdVOChtJ5l#ked5v+`n#@K^v#n1gKaMa1B?P8B(jXgta$&9r
zCfG6?24IN;^ZF$D<6L0LJAxtwOVG-RG3T@eQyd-t%rnl3IZIdm{;O-NL=zRKR)-0Z
z1&ur{wGOi*1S8DkK$pTFfV6ufq~Y`G1u)0MtUg;%GxP;dJR=>`oUfy6h)tk(g;{cO
z)l)5!soA3IVAPTGiW!_^IK3f2JU>s3i9?!mDX~Xa;bWb)R0|1BT!X!=-t&|V9X$AP
z95G0n4ICgvHj4Wl!gfgDar`smC@aRW)5N6C*`$yyp!=Dt5LK%W>R90KHw}TflD=pk
z4jU1{d69w0JD|phO|_;mj8Cmjl*!-T9KqMWx(#WUkoh&$2yg*wwpEjPMj2{gVBu(X
z@^CLn%Z)4bbZa_<5}8^fK8dDbTDOgoSSwyi%ZO|UnseU9$FyE*4mL1mvc>r_??>Sk
z?t3YpWGdUmx58HJ`*1Iay~lD-UQX8iTcH43&ACQd5^n4JWK_{)rn(z+nXRU>o$F}2
zb+}&?oOIf*yLbI5#bx;I>9WU2c(_-|ooZjAkRSZyCwyu4vwcqt4$HxoAlINTW)B}z
z&IaO)lAxp<#idy5vdHL+0W>%LU3$-px*)^0zTS%Kz5CkMQOM_Mb`7Ngi4ZX6FMv!N
zarB;dgVy_=!HlHwmmj(8d&0tUk39DF8{OMi@P5W^<Hyc>BsJIOJZCc+)bAnO4z>#L
zvt1|F?B2?h&?4>wf+T^x<3|pj&R|1mB%zJ?s7cQ+k6yFS%Sk|m;1tzpCAcra8%cG$
zh8MZwOrOz=`)uM@9vDXXJ0oH;?y$V8ygr^L-_0jueTq{<lY_$b$nC(S(e+OE;`_#n
zi-*+@DU(00@`o#DY{M%5`ZL$>Y<(+Qkgu=CEosDAp^;N(KuBTEAm400g!uit@%q?c
z1*D}|9}&+QZ{_=`3uM~b@6AiX311g?vc$UDn$GcYbe(bYbcg+LM&Fx|v6oCimwjjb
z7;)ZzH#>pywqaW?;ySf;NVikZq1C#XiqPv_xm|HFQBikrjaO51W~^zn{tDqzL9o2=
zPG<%53yL~FC}A2hrzF8^Ksu49=F((@H8`6XCIoJ;4uAi_xRCn*biKzA{ywXrb}z_3
zG_*s0SzyqII5dStcv^aD`gEjKki4ZbU8LNm)z!u4=yW~*oKY25je->?ghT40Mdt;J
zmza1V*XquG6l`iaw>A(9_>2|%A@-AmfLNUn)RlEPg)(facjH_P`!?1w>_0zeA~#TG
z*sCfKE%_1mb#eT7*I>>vHc*FU)as+PNeZ*D^Tov>{Ub((x1JfpY~9xq(og*?VMf9e
z(o+J1Z)8`rQtEB5*WIrR60X)$<6LIgsCZX@??;)Wut^u9b46fs8}*mZ65_F6!y_J%
z;04Q^S7wH?ZRf_Y^W#(JxxM<Cob+tet_teCgo`10{|cW)c*vORfcL(D^mpyqAe{@2
zVSTp`wx3+R#k}68E!O2Q(T3IE9_JkQTw-$gHx1$~EgU&dV*67_j@3i#ghYfr7Tg3(
z@|4wySfbtia%23!EI}{sd%trwc?7U`w*^Sy1Ll&`J6%dJD7pVE;t8}ecM&OB0djfu
z5k2KIt1LXObG7xZ!NkuTuVYN{s&o;2`9`(3Pp!jYrO}|bQatk_-I#mo3M6NmLHj6Y
zcX>tFko_9QX7-Fty=r%bvZzXb$K*>%XyU^bUPn01qtt6@&I=^zH&;7lp1EKeaWYE}
zdL#b#u0%tYK+&}TfQ)Oc87O0oWvIf~Xo+N=3=hoU$p5GxQ3j;RBD?D?wKm<j_)|#l
zt)XA2&Gcg$S6Eh!d*bBwfO6_~+=O7ljkGx}CL~}06?3lb@jk50F)Pz9uH3|Cvg_{M
zASG*@|DfwITNb^}{=$W(n~M#sUfGB(JB2T1bB&NG;jX81gYTQY5Y~^hzgv7k98WQ-
zF!?$r&t<YsPAIk+V~A#moY^=QHN!qs(++Pec)(`LB5d!uyYwLUWwXW3XY+#vC(ed3
zyvKumsv%`4mFu-!w(QMDzmq|^LHS=#OhqSn56n7CLfiNZvbAjZ)gcTV_~)AY2|Dvn
z*k|FsrEix2zK><h*G7kE^#%hq)1^;x!-_%wgdEM>0}{M{;$|UkLR58LYtcRjlYck*
znw2*FGld_^vkYFUgskTVf31Hi?Q!7<(O1uSt1}lSJJx@m1nra9q{Olj?zeV!2{N9N
zUTA(9ju*?08Wa_$J^CHwk=K_7XH`$L^MV||3Dj8rcWq<a(}?ZDsS<&@(g;;1wGIr(
z$lO6otviDVE7x>Vj>a;Nq&4cA1t}VbGkL2kCDPsF2P}tT?6b?Gka5Vk)k|tqZpKA*
zB5${d4u?=?xu(DGPo7$~`Rej8G*gnC?=uym9a5{(-Ukq7u`Cng`ta?FLiYjyBJ5TE
z7Oum5v0jCqn`;X%$VG5t&)Gl6L;>}*?lK*Ms6CxSmC_7VK=-JSzNOv5szpTe9S5qt
zkfAV-UV~9z4Xb6n&5M8DHw|spYJQxc#4i$;d^p(LwN!794t_q{&ZbGewh>(z%=Pc_
zWF1nlfrEd8k$3=Dkp9+}lo(}SSacWoTw-8UZ2#&ZCBwBDCyH`b@wVOeI;NdN;(Nmj
z$(ia5fY@@>+z#iSFeO3174C=0iPJHtyJc+L)Iy%?|53Q1>tOfn{$ip@4w#Fa^LqJN
z28!L^=35D%o#ml8&GJ-nq?nT1+P}aOvC%Bqq)~n|>n0oBIahi6?ygU&Om+4u&k-A8
z+Gd#2x1@nwsIOvGx$(GS)QU0n20+o<rDTEyGB}1^{bUnDI^H$Z`Mj`OXW54Lk|#J#
zkq4CqE|!#=dI|}OMphUp>whcZZ-$%{H+h*>>X*J74B3D4;FvjcH<`wuuQO1C=Tv>N
zu6dNxDJ#a0Yq@tfUaPAO*95x_;J$pvw^Znr8jGGdTY!-tS7kA-t9wtn8{G!1vQjE7
zy^FkUDuXLjL^LiuqGiH(ywdGismL4h%xi*TMV<?u-W09cP9Ye)-i>IGoz-I8eUAFo
zYAVy7_zK<RuBpt)oH9wr<2={~Z`nd%iZQ6!{{32$u|F4O7kT-7#>4>50)_Y7`=*i#
z1G)@~eO_GboCsx?UU_weqABZuWghOtFFfv^lXz`=_}qtIF1$YXsoM(f$*wHB0?h_j
zNo-z=rih*!t709no?d5)uN8;x4V;R3RY9l?1YUFlDgC9=K^#UYkSh}Cb)6H#HA1|W
z8Fib#>MAFRRJ_wm?M(?+-n6h+?uhSPcU>PYRvO(lDS0CC{zGL2+%%?dtEvYc)1Vim
zadnT?mSHW7@X^%7A{#>iRiPW*CU3mL;2(&Nh!0_3gb;L30P|3i`W9eX2}~ZFOr~KM
zf?T9u1EF2OO-0;U0;;?vw8GtfzX(T*!Uj<6-s7=zICZ!~t-rR8QYB_7c)h=r&5L|r
zXY8ob%BGd(8h5!q;4gquQc(U2FEOUuv@$#2VryW}F!bjgUJDPl*;@<Wm(e5=t^Tp+
zV*BrJOcZ0*K@adt|3TKsSlSYY!}#dB%jV%#%{ylc#)cN4C-Q2$u0}3zeTycyN&>p~
z3hj=UHBtanbD0lZdppO7?suFS`*PoI-kvy^eG1Lscy$tQ5v0*CSMq4vYS?_}Te^CA
zV}n8RrdLI0bnOD)V;zL9VQj;*IQ8o0{T<MdIh%3WhUDqJE>PKaU|0mXs1>mO<wC^7
zt}$r!qP*`{hBT{AP*J{fuaUFhdht<vgv(_N$q8zH@GbOu^SnaaJ~7QoORoKSj*S*D
z?2rVDvO9a@!Ox7H+I@Ze;gAiNla9u*j1L`_%ldQWBsj8oq3Q0x%F+;M2n7R29#2Ad
z7Z^BMh&0z}3v13Ih(f$KPw-hZs`2h}HmS`o`usLQCasNx(^zSfF?@OJV?ixo1#C&P
zFzY}lS|P6)5P_fK$(wlkI(sgLl&J=5m4TUoYxnHL9dx~$i3|UuG>JKp=a07~2OSIz
zV{LQ<begoPnkAmcbri;3up!)#_EKJ>cfk{uD+-V4>i7N)JU+?V;=1G8dWx~JI68F_
zXcMI+`b9OXc_M689lMqpFFtDj{KvIsZ*a!qWP}AH2_CgZAbc4VXdZcF5>zX)!QgnB
z*Z*Vwg`q!py1@hgnLbpXHw6psaA|vmMmbwgMq5P!KkJps#*Z#N4x2s7YYMp#S@Dn)
z-|OqBQ*XW^kj}m9<7yxxEHR9fqB~xMmo~N12Gt}lz^b6Kt33v7kWp~QwkWZ+5YT2}
znyeee@!v4<O?5U|0lE>EpFkh;S&m+1Cem~Rbpy`nulyC<e}V%dM`F-Qd?!mD>5UD|
z5rS5e?7pgfT`K!%s86SJPsaPStfu;gr54SCv?BXn`)hz680t)gx2GR&2W|cnkfd0k
z5KNew`X{U75E<*J=l=w$)l9ejuH)D=+-B{F_9wyO<JnAOtb5Yb)O~^1J<OWq@+VFr
zZ9qQ`hFuMv0b1F%k(nV}a-PRu0bVo?^l_UOEIAky{pws*lVJkqFUtHCgI_a$NDwaa
zD7|TT`1s6Ub><&G0y`875%CWN1zCvO%%RCIVQUX)1Ph;^kGruO87~kuZF%LqKgABt
z{5i)yqa&$_x;r#|$5{^YJMmsN69UQ-$uam}98!C2325azc9w?WZ(^c9q^_m#{XOJq
zwtsJS`t-usivvSH@caq13{uT?$-KH@t~NV=;gl^;aj2lTHBsaD13h|h0vt&sH@@w+
zBd3KU7q<~jYJU4UZ;V#0xXAFk3`pKBid7kdJ&$#7_D<med3FaD8?GAokwCMQ?7gt)
zKj7)X?tFzO%U}H)%5vl^zjkv@7+w8I<t<UNsm?u~kFV9FV_bakAT;zD6VqXHdUQcX
z8!61rYWsYC%F!}2aRMl`#=L_fg=}x!$aiO)fTj%cjghl;e5+7WWy)OLN`eg40Z9xb
zBKrsh@CCVd3l2_b5VtT!0z`;0m}{^G_sy)qqM1fSv7g>0`tpa|BwO1ftVB=5n(@^k
zrWK!OJ6#p0x(jxj?CsNT%4p<>XJK_dA(bH%IZu(oP}g|Iq-Qjx1$vl)1kG-LzP{(}
zn&gl29M9W{JUO+^&G{(lmiK=?So>U3VjWF(;xk$IN#R?*tN`<KkZ1pKn$8dUP<#8<
z-4&exLz#<x6)JY=vLv?0TG~c}q%th&egR(=x;kD%<nj3)&9>cc+r8x?!|8XVpI%3I
z+UO5S5<Pt#97auR!iIW6U0K<QsIg5yCFuhL34CmZ4eL&-ybg4n9EJNPiKuTLbzFf3
z90=8T+GTKm0|Eb-L0kq<<mB|8wl}q>wv_V6ssPKq229bWzFTO~K~Imvb!hr#{=pMN
z9o*oO%U>A2JYQAP{l)N0z-6qW^%lk}d9jVxjz;uH-dmm4$-k$Cxes0<STxBkQd`E(
z=R^?5*iZ6m*2n$KeoRAdKn{DD5N7+$m&*@Wl-h1M-00lnghNg78y6a)sS4>ULPdUA
zPLFrdDQ9o`JJ1a_&lvvOE36zUYF}_y9%LsRIg1nl#MR(1t9_qXYJGqguEr$0QjeOK
zMO*7)560f4-65x@<WN5eVu|~<*7;gbWiqZU>Z6Q+H9zHVtgi2PZ1E2zO5R8UfSeTg
z>KjEgNcI<(!EU(PxlG*d6q}or|9+oV8{UO_x7l${GjEPZ@~U6r6S!m$FwteIs>~lW
z&=tKr2MaRHwuQ9|mD|~MmRc{pZKQO!eQfc(s>WYJ7YR!Y0ISpJ0-Htd7Mibs(ti<p
z<Bxo_x7oD50+iuhEO`8a2SJShb6bq?!E*innjxZ3<?|CwSqSTKq+3=ZDLd}aQ95bK
z11jwq^5@tzPlQ!MHPs=PjoESa=fyKkt*P$9U8R(P33G4pI%@y}h>We6BCTF}h;}Jf
zU5)}U2PtvmPpEQ@st!07X9~DR_KT~Tn?>3B{OL%I+_a#z6^>39+Pq=(4F7b*=RnQ3
zjabsr>UH@MbJjMC{Ry~M6|5R1_J&R8h1_XvXZq^4IP<Wf&$xn_-urL1Q-(S+hrD}p
zGmqVRlfb+HRdn+VFL0Gw%i`WFt)sDDqf;ZyZ2i8J5vqjJVkPs6g^M<Nj<ffQBO4VD
zSI_}qN)x8a%CIm1q{1DZQKM5n6(jaVZ$t<2wR4J8gX0RJfSEWG$g9l#PAE1{!zb&0
znaV8dkZaV$che212f&4>V74e*@kJJKgbeyX@j-6a^;sdvac)A!?rrL3!^!z{;)K$E
z>!Ez;>EW+In;cVyWCje;)*VTcx^>Rw$4d;bi_xpTQLuPx^cMLA4?7RRasu+6Yo^8!
zTtN{b8GgxD%l8dBA8fy+lO_$zKW8enR!3LL$gmoXD6nQ-;lZq(+q8cbao>$?KGdZ4
z=~gSXhQF2&+`RYSrVmy@oMxtDlX3ph4R>yHLD_2Ged94Nvs(Po9j7_r^pdY`-_%pq
z?a%+?qg<~4Z)M74F;5JNU;s@I$F|na3Gxv`$c%^Nc?Tn9V|olBQN2<x{qwS&2M@g)
zmLeO8pYxZi{kH>ZgNrHdm=dc3%HL7{S0)_5_+AgSPqwa!XS>Eg48TMC)MI(%fnNR%
zi8y6xFN)ZJUC?JBD}>viJg`y;YJe?_;Jsdd$S>UtQB7S*^?3x&@N3$?<YsB&!`V9{
z=7<nf_Gl9PPecf2XG8bHuvk@Pqjj%3^P$t+c(m<Amb;1&!!|69l`Q6(&*X>(aq_$C
zOY!~xHfX6uK(E%btAH*ps6JIdqp|OW>M-&Y@vOR|FGU>m0GRXN@_2*oON`&(W0s5l
z&5bL*wv@DDHuh{mkoFKyUcT=Irnqw?1A2tt{Jt}_=Fv~-m;RwVsdT-YcCNVo>u%m$
zMB|41Wk;u8N1<@b@BXN6LA%baM#~ewm0#CX`T^8??O6wn-qkbaLftK^j9xx+$b49?
z(&IS5vNP`U!OOK?$UaGzoV`(S&92j2a@OD?CZ#1e=8QA1aWq~FIb(PbYL&m&E|<5#
z6R=m&{J@c*VE?6aU!+;@`1ciGLup8|zL;_WzW;88KR>n%A$BrM^(KhDj-4^Fm2^Qy
z)A)<$x*eol9=NQHh&B1x!5BzN@XcljR^Pzjr70z@t)0M~SA8IkZK`o`1%{k4NISQJ
zPiYgWvdXJn{X0NaB*qpc1KYrR73UU#tGX{3wl6;jz9~u;fKQF$T4XlR=Yl*4RaujO
z`Kic=fs@idJ-LzYt4<q>bokR>(Cny+1MTzJ8kaIi1n_@L&NUJ2AJ(&aU6kP8`m+rB
z?jGG!Wu1W({xUr9Wi0d6pN~WVN;CzIE_@yTUOq_@_+b0jyWyx0d)w>2h9L$p`nF$w
zx5wza6C1aSR$5YVp$AAV#)LB9g@Wq;-UUz@1qOO%oNeo8*d9qkikptR(*|kPF#cle
zmA6!gb6)&=$R9(x>Qp>)w#13JAK=$r^ca%^%$WAG)(J*G=!?X(1M|28^Njc%U4S0t
zm%7`+a$^N3f_IV1%M3`BuF}dJh<RLNrD*vKA;ua$)y0TZ;qW!QmeRggeNb^HgzZI$
zO%O6xSI(D3jzPk>Z=(V)x~Zgs7R>oOhY|i0`AO@Dg<L2Dehd&xZc9yP9WCBgO?`^!
zYXB;L+~%cxMk#uN!_Z;q<o+1cS_$K;#_JtBi;)g{9Nx%WKSOCn^V87h@@$cUzbl#v
zITM|D5iNTG479l7Z)qY*Yg`V{VFLXyO|CqKNK00Q^Gq~3s=}|eCW04>J6bQx|4Cb2
zFR~7lvfX#u0;xsE^=2qtcU4r*C!^)Rj^A5#!UZ%U3Vm+;<q_a`LguU6u}F#CifNGV
z`UY(_*+q&{dq7;56b|RCe1QmB5QtA6FpDj^2vxy;6j1_tEir}-*X||!eP<7&_p-dO
zV2t$)$oUitKEkb`^wR)2Lcka=FRii~mqMCSRHM>T3QhzRYYd;VfV$y$Od3|pF(xvS
zH44sSBhdNiTz$}`lvPWOOE<wk{^iw4nArj)Z1sa9n8q7(_*FDY1F#0Y<K&q7S||IS
z5uVs?Me`$=o(w18k)f1Zo()-8yJ`shLXNzZy?=y@P`36#*yH3Y=9$VU@$qK(TDA_6
zkY=;H^yoKI)6ff-C_JbDi*38nsLpCJs56Bo|3U<-a$Eq-OCx!-q2SmFxlz<qG3%FZ
z6=qEA5d6`Oy59=DgdrBp7vwDOHvz3cKOiMYQ!@Bxvop;CZuQRd&1?aftd$jN(v2I~
z-#JEuF-qIkjLY<9L3qIEgLt5zP$(zq(?VJ$e(vsod+Z@Zm&UtCYxL01B&w{QlZNh$
zCY6=*pLOSP1%Gs8kX4=C!^p2X_2uUV4fP8#0dTr2D0Lo-cdR8C0<eoy^Y`W+jF&O-
zrq}QGx(~f_-+YtjKj^>vU2%>?h@}V!NPnuFUqV$(y_H(pb9lHW#~B~8j6W-YUBWY`
zL8@3tEKTT{U*sdiyz6RQNE5o=wf^-$apmGN1Ax~Z+I_qcu8OMYB)wFE(W|qw>%pgL
zXkO#x73CL98y=XgI<Xz*FfQLyin_b^AwcwpB~CY}2GE1^?YS>okB;#d#VFE}4g&MY
zKLVIjfFBB-eRub4{G{1AkfgsWrYVpr&81|Kzu=xJS%DYDi$}wdy4dezZN-)I&NdWR
zqS#jeO2Nn4mM}BDrUSUmW*T1r1e<3@1MgN>Fon@yDd(sjP8;%P7Y4F1Cd#Cg-fZ^`
zv2bwAUA&drr<Qun463DOzAI=Gd0N~kUC2&>?8x0;kL2ukAQE?%6=d+~bpY~SZ`=r%
zzvR8&*;_4o!gYW9Qg{q`@FF=PpF~5;G6tTIA;}a9oKxedkSbCD;sMU=CRJrEFAJST
z<HM)$4UDAVt4?+@_GoqP59g%tsqk$`GHbup-*hX@LB@xiIMV&yj?c#=qf?6%pW|6R
zuHERTD&LE00kkJ^dr(R^kxuC+eZN&B^b8LZ0$6CBY2{So@3Sn2(qRc1zGcs6ztLrQ
ztg<stByZ>gtF1CT+8{7Kz`Z*ar9k9APAq4Ghb=bf|6cM9-k}Np&uQI&=RM$4asY3I
zr+p-inF#Gx=@@Xk(O)5Od99B5f~u&#ugZ#J+Vlh82w-po5svoTt^)4F!_Ntk#i=d#
zFiR}UJL>2ofQyrB0{qfVN(@I!pn+1R;HG<=OVW|$ZnFsSD&yjWMSL|rl0gU0P<gC0
zeCpf8pLO2;cfl3EH3Hi2SU^e?@z~cjF4De+3*<-@k*z$aDyzg^g?|T-7KlSOi78n|
zdy*8nHR^{O@?LmO86I2$6bd+A5*_e$TusyXiL&vR3WS&lQK$f8qTA@lN1VV&xem-V
z00cHs75R{kN0*+~G1=6i@K+9HLcL^2l|z7;sNqvauZxmDO8z7stbPO-v=&tXFRz>z
z0UHhA1Q5QLMSI*|q(iEtpibDWSp{Y#k)I;uiYn(tQ5CncKnw~0D8WIWqAIjXnkK33
zc24PllmH1&6*B-^lD`wl-8fr^wdIp)2)E(BUUp#J^EKSl43d!R@f9R16$9i3NbVu3
zf=)p#OR1v&G9*kGgwRJmXdK%fTvnIJZ(D^;)`jC#IUK8r?0o03PUzs>Y)M9lQOp>+
zLlHqh0`jA$e9d4|^V9I)>1xwkN8vi{aYOf{8kdXKa2^7=he(xzQ>TkA^V#E^NLB#;
zlWW_B5Kh3VEp<EgqU!23QP}vjo(BY@zyJw04Xsj)iHm?u#eqOY<VCDIk5J!pFlEJW
zwG3^c*>24{g^!&{l{=*LiJkxcuM&s@Y{iOZ^P9L7|H-?bsGj<D2e33HQpHAc*Mg(d
zS6*UAo|YoD&$sID5AN^}xIzHwy1}RRNw!cLk^aUD9B+;=9RTTYk7+#k2{@#yP=%9M
zwC>2R^E^RZKtp)=R^Rwbufg)vjzWTv*AhuyhRZHb#-*`5GWF2s>)ZUj`U^P#k^XbT
z)HyPok?Zo#;R|n5f1BfT0KsU5-<-y87L-uqBK!4_$6hxWfqWj1Ve?3Fr2imVKeQqH
z=HR>=$m9Il8%p~0UMWx9shIN<Ynb{Hv_E|Wgi@oscd@4QR)*;Nr*Mg#iu2++%Px9=
z3tZYG*hcJbxgDZn@jyr9BOLj?POs{IIHWLnCBY{b*W>IW62e2&jGw?~89mkKU%?N;
z(w!zVVLy-RH7<#|QeIj3<IodGog=cnZOWNRG~?6~GMxXIevMPgR!`zA8?T%p7VR-M
z`13e^U2P=o&k}Xt<9ux-fZs8@3C(3iO`G~O)Dr7op2OV)FnlT+FgPw7psqlsHuVD#
z=cYYO8?^_#-gltsHf!&}rNWt;PfSY`0<Wxb(ILz=OEInfdhAw<)AbmHc*!7%<tG<j
z#s4*cH_4|%$AwXnml@M&Ts6cDh49rJ0q}@;Q+<AGGtmKntBZ=V@2(_^hX-#@oilS4
zM%u#mRGKl74G3w-D8LYhlzwA0_xq@6TwCxIzW~u;0iT-I5{<fi6aHfL^~+U}0Y01p
z0Jqx!$ZTe$gYfD^fN0Cz$`3O({xaOx(4}Skr3}x6z4L$p_j9dQ_B*3eaHJr3Y^TD%
z)>U_5jj6(9I$U&cS9z(KP`Yaa6_Flz{zQQvsW^R`2Vgw`s6L<2I9($o5A`|1UU#+u
z1s&&W3y$6vBck@(r#AbB#ec4DQ58#%jfl$K8fAJ-_zA*4RlYPE3Rs~!yMk%=DZ4DV
zt$whJX*SfHTrOVZ@;wrs;TgiW5d0%2Iaiiy|7<2Rp?=k&hZ6QLWuyIs^9;>tF`KW9
z-v?};)<R<-cX@{pa91o*q-5#$-NLgVkF_^{0M0d{#imm+ds6CwGKEf6QVTJR)@efy
zs)&x|veKY)4|3V}IhGgqF$H2XD*`6Z%B;!>N@R4_(C=B5@;wS2*4kdq@+|0w%e}#|
zwE?KC8-Tt~4p?Z_CdZStli=2?eu!2_R1z6)e`AfRPzN$U^@pW5l&|uTKP;mtrI&a$
z<#P?bj}!-bmJi<s>ob-E)?WcAor=%ox#@Ise8gQ6=+X}U51_P|w8195rrTN|Jza=N
zrTnTb4woy`7VM+QMTj+68h@FBF=XhUH2|zf0@ynJ#VvW5e;knBzRqDcG7PepSM&1H
zJf9aCyQA+$em4Jr%yPorrA0S$r2Ac*P=*UM$|h^i_18j`U*o|(I_+%4uH|2)_>mns
u02ogM<UYWJKsfzTz{(F;#)(*-+<{ZwhdPaWiopN9-K(ywtyJ^OD*Ar{zwEsL

diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
index 295db4ac..b57b0708 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
@@ -42,6 +42,7 @@ import java.util.Map;
 import java.util.Set;
 import java.util.TreeMap;
 import java.util.UUID;
+import java.util.concurrent.TimeUnit;
 
 import javax.servlet.http.HttpServletRequest;
 
@@ -2442,8 +2443,14 @@ public class AuthzCassServiceImpl    <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
 	                            return Result.err(rb);
 	                        } else if (rb.value){
 	                            return Result.err(Status.ERR_Policy, "Credential content cannot be reused.");
-	                        } else if ((Chrono.dateOnlyStamp(curr.expires).equals(Chrono.dateOnlyStamp(rcred.value.expires)) && curr.type==rcred.value.type)) {
-	                            return Result.err(Status.ERR_ConflictAlreadyExists, "Credential with same Expiration Date exists");
+	                        } else if(Chrono.dateOnlyStamp(curr.expires).equals(Chrono.dateOnlyStamp(rcred.value.expires)) 
+	                        		&& curr.type==rcred.value.type 
+	                        		) {
+	                        	// Allow if expiring differential is greater than 1 day (for TEMP)
+	                        	// Unless expiring in 1 day
+	                        	if(System.currentTimeMillis() - rcred.value.expires.getTime() > TimeUnit.DAYS.toMillis(1)) {
+	                        		return Result.err(Status.ERR_ConflictAlreadyExists, "Credential with same Expiration Date exists");
+	                        	}
 	                        }
                     	}
                     }    
@@ -2501,13 +2508,20 @@ public class AuthzCassServiceImpl    <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
                     case Status.ACC_Now:
                         try {
                             if (firstID) {
-    //                            && !nsr.value.get(0).isAdmin(trans.getUserPrincipal().getName())) {
-                                Result<List<String>> admins = func.getAdmins(trans, nsr.value.get(0).name, false);
-                                // OK, it's a first ID, and not by NS Admin, so let's set TempPassword length
-                                // Note, we only do this on First time, because of possibility of 
-                                // prematurely expiring a production id
-                                if (admins.isOKhasData() && !admins.value.contains(trans.user())) {
-                                    rcred.value.expires = org.expiration(null, Expiration.TempPassword).getTime();
+                                // OK, it's a first ID, and not by NS Owner
+                                if(!ques.isOwner(trans,trans.user(),cdd.ns)) {
+                                	// Admins are not allowed to set first Cred, but Org has already
+                                	// said entity MAY create, typically by Permission
+                                	// We can't know which reason they are allowed here, so we 
+                                	// have to assume that any with Special Permission would not be 
+                                	// an Admin.
+                                	if(ques.isAdmin(trans, trans.user(), cdd.ns)) {
+                                		return Result.err(Result.ERR_Denied, 
+                                			"Only Owners may create first passwords in their Namespace. Admins may modify after one exists" );
+                                	} else {
+                                		// Allow IDs that AREN'T part of NS with Org Onboarding Permission  (see Org object) to create Temp Passwords.
+                                        rcred.value.expires = org.expiration(null, Expiration.TempPassword).getTime();
+                                	}
                                 }
                             }
                         } catch (Exception e) {
diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_BaseServiceImpl.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_BaseServiceImpl.java
new file mode 100644
index 00000000..c9ebc281
--- /dev/null
+++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_BaseServiceImpl.java
@@ -0,0 +1,162 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.auth.service.test;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.util.ArrayList;
+import java.util.GregorianCalendar;
+import java.util.List;
+
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.Spy;
+import org.mockito.runners.MockitoJUnitRunner;
+import org.onap.aaf.auth.common.Define;
+import org.onap.aaf.auth.dao.cached.CachedCertDAO;
+import org.onap.aaf.auth.dao.cached.CachedCredDAO;
+import org.onap.aaf.auth.dao.cached.CachedNSDAO;
+import org.onap.aaf.auth.dao.cached.CachedPermDAO;
+import org.onap.aaf.auth.dao.cached.CachedRoleDAO;
+import org.onap.aaf.auth.dao.cached.CachedUserRoleDAO;
+import org.onap.aaf.auth.dao.cass.ApprovalDAO;
+import org.onap.aaf.auth.dao.cass.CacheInfoDAO;
+import org.onap.aaf.auth.dao.cass.DelegateDAO;
+import org.onap.aaf.auth.dao.cass.FutureDAO;
+import org.onap.aaf.auth.dao.cass.HistoryDAO;
+import org.onap.aaf.auth.dao.cass.LocateDAO;
+import org.onap.aaf.auth.dao.cass.NsDAO;
+import org.onap.aaf.auth.dao.cass.UserRoleDAO;
+import org.onap.aaf.auth.dao.hl.Question;
+import org.onap.aaf.auth.env.AuthzEnv;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.service.AuthzCassServiceImpl;
+import org.onap.aaf.auth.service.mapper.Mapper_2_0;
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.org.DefaultOrg;
+import org.onap.aaf.org.DefaultOrgIdentity;
+
+import aaf.v2_0.Approvals;
+import aaf.v2_0.Certs;
+import aaf.v2_0.Delgs;
+import aaf.v2_0.Error;
+import aaf.v2_0.History;
+import aaf.v2_0.Keys;
+import aaf.v2_0.Nss;
+import aaf.v2_0.Perms;
+import aaf.v2_0.Pkey;
+import aaf.v2_0.Request;
+import aaf.v2_0.Roles;
+import aaf.v2_0.UserRoles;
+import aaf.v2_0.Users;
+
+@RunWith(MockitoJUnitRunner.class)
+public abstract class JU_BaseServiceImpl {
+	protected AuthzCassServiceImpl<Nss, Perms, Pkey, Roles, Users, UserRoles, Delgs, Certs, Keys, Request, History, Error, Approvals> 
+		acsi;
+	protected Mapper_2_0 mapper;
+	
+    @Mock
+    protected DefaultOrg org;
+    @Mock
+    protected DefaultOrgIdentity orgIdentity;
+	
+    protected HistoryDAO historyDAO = mock(HistoryDAO.class);
+    protected CacheInfoDAO cacheInfoDAO = mock(CacheInfoDAO.class);
+    protected CachedNSDAO nsDAO = mock(CachedNSDAO.class);
+    protected CachedPermDAO permDAO = mock(CachedPermDAO.class);
+    protected CachedRoleDAO roleDAO = mock(CachedRoleDAO.class);
+    protected CachedUserRoleDAO userRoleDAO = mock(CachedUserRoleDAO.class);
+    protected CachedCredDAO credDAO = mock(CachedCredDAO.class);
+    protected CachedCertDAO certDAO = mock(CachedCertDAO.class);
+    protected LocateDAO locateDAO = mock(LocateDAO.class);
+    protected FutureDAO futureDAO = mock(FutureDAO.class);
+    protected DelegateDAO delegateDAO = mock(DelegateDAO.class);
+    protected ApprovalDAO approvalDAO = mock(ApprovalDAO.class);
+	
+    @Spy
+    protected static PropAccess access = new PropAccess();
+    
+    @Spy
+	protected static AuthzEnv env = new AuthzEnv(access);
+	
+    @Spy
+    protected static AuthzTrans trans = env.newTransNoAvg();
+    
+
+    @Spy
+    protected Question question = new Question(trans,historyDAO,cacheInfoDAO,nsDAO,permDAO,roleDAO,userRoleDAO,
+    		credDAO,certDAO,locateDAO,futureDAO,delegateDAO,approvalDAO);
+    
+	public void setUp() throws Exception {
+	    when(trans.org()).thenReturn(org);
+	    when(org.getDomain()).thenReturn("org.onap");
+	    Define.set(access);
+		access.setProperty(Config.CADI_LATITUDE, "38.0");
+		access.setProperty(Config.CADI_LONGITUDE, "-72.0");
+
+	    mapper = new Mapper_2_0(question);
+		acsi = new AuthzCassServiceImpl<>(trans, mapper, question);
+	}
+	
+	//////////
+	//  Common Data Objects
+	/////////
+    protected List<NsDAO.Data> nsData(String name) {
+    	NsDAO.Data ndd = new NsDAO.Data();
+    	ndd.name=name;
+    	int dot = name.lastIndexOf('.');
+    	if(dot<0) {
+    		ndd.parent=".";
+    	} else {
+    		ndd.parent=name.substring(0,dot);
+    	}
+    	List<NsDAO.Data> rv = new ArrayList<NsDAO.Data>();
+    	rv.add(ndd);
+    	return rv;
+    }
+    
+    protected UserRoleDAO.Data urData(String user, String ns, String rname, int days) {
+    	UserRoleDAO.Data urdd = new UserRoleDAO.Data();
+    	urdd.user = user;
+    	urdd.ns = ns;
+    	urdd.rname = rname;
+    	urdd.role = ns + '.' + rname;
+    	GregorianCalendar gc = new GregorianCalendar();
+    	gc.add(GregorianCalendar.DAY_OF_YEAR, days);
+    	urdd.expires = gc.getTime();
+    	return urdd;
+    }
+
+
+    protected <T> List<T> listOf(T t) {
+    	List<T> list = new ArrayList<>();
+    	list.add(t);
+    	return list;
+    }
+    
+    protected <T> List<T> emptyList(Class<T> cls) {
+    	return new ArrayList<>();
+    }
+
+}
diff --git a/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_ServiceImpl_createUserCred.java b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_ServiceImpl_createUserCred.java
new file mode 100644
index 00000000..1e4e9719
--- /dev/null
+++ b/auth/auth-service/src/test/java/org/onap/aaf/auth/service/test/JU_ServiceImpl_createUserCred.java
@@ -0,0 +1,148 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.auth.service.test;
+
+import static org.mockito.Mockito.*;
+
+import java.nio.ByteBuffer;
+import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.GregorianCalendar;
+import java.util.List;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.runners.MockitoJUnitRunner;
+import org.onap.aaf.auth.dao.CachedDAO;
+import org.onap.aaf.auth.dao.cass.CredDAO;
+import org.onap.aaf.auth.dao.cass.UserRoleDAO;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.layer.Result;
+import org.onap.aaf.auth.org.OrganizationException;
+import org.onap.aaf.cadi.Hash;
+import org.onap.aaf.cadi.util.FQI;
+import org.onap.aaf.misc.env.Trans;
+
+import aaf.v2_0.CredRequest;
+import junit.framework.Assert;
+
+@RunWith(MockitoJUnitRunner.class)
+public class JU_ServiceImpl_createUserCred extends JU_BaseServiceImpl  {
+	@Mock 
+    private Result<CredDAO.Data> rcdd;	
+	
+	@Before
+	public void setUp() throws Exception {
+	    super.setUp();
+	}
+
+    @Test
+    public void validCreateNewIsOwner() throws OrganizationException {
+    	CredRequest cr = credRequest1();
+    	final String fqi = "bob@people.onap.org";
+    	when(trans.user()).thenReturn(fqi);
+    	when(org.isValidPassword(trans, cr.getId(),cr.getPassword())).thenReturn("");
+    	when(org.isValidCred(trans, cr.getId())).thenReturn(true);
+    	when(org.canHaveMultipleCreds(cr.getId())).thenReturn(true);
+		when(org.getIdentity(trans, cr.getId())).thenReturn(orgIdentity);
+		when(orgIdentity.isFound()).thenReturn(true);
+		final String ns = "org.onap.sample";
+	    when(question.userRoleDAO().read(trans, fqi, ns+".owner")).thenReturn(Result.ok(listOf(urData(fqi,ns,"owner",100))));
+	    when(question.nsDAO().read(trans, ns)).thenReturn(Result.ok(nsData(ns)));
+	    when(question.credDAO().readID(trans, cr.getId())).thenReturn(Result.ok(emptyList(CredDAO.Data.class)));
+	    when(question.credDAO().create(any(AuthzTrans.class), any(CredDAO.Data.class) )).thenReturn(Result.ok(credDataFound(cr,100)));
+	    when(question.credDAO().readNS(trans, ns)).thenReturn(Result.ok(listOf(credDataFound(cr,100))));
+	    Result<?> result = acsi.createUserCred(trans,cr);
+	    // Owner may do FIRST Creds
+    	Assert.assertEquals(Result.OK,result.status);
+    }
+
+    @Test
+    public void validCreateNewOnlyAdmin() throws OrganizationException {
+    	CredRequest cr = credRequest1();
+    	final String fqi = "bob@people.onap.org";
+    	when(trans.user()).thenReturn(fqi);
+    	when(org.isValidPassword(trans, cr.getId(),cr.getPassword())).thenReturn("");
+    	when(org.isValidCred(trans, cr.getId())).thenReturn(true);
+    	when(org.canHaveMultipleCreds(cr.getId())).thenReturn(true);
+		when(org.getIdentity(trans, cr.getId())).thenReturn(orgIdentity);
+		when(orgIdentity.isFound()).thenReturn(true);
+		final String ns = "org.onap.sample";
+	    when(question.userRoleDAO().read(trans, fqi, ns+".owner")).thenReturn(Result.ok(emptyList(UserRoleDAO.Data.class)));
+	    when(question.userRoleDAO().read(trans, fqi, ns+".admin")).thenReturn(Result.ok(listOf(urData(fqi,ns,"admin",100))));
+	    when(question.nsDAO().read(trans, ns)).thenReturn(Result.ok(nsData(ns)));
+	    when(question.credDAO().readID(trans, cr.getId())).thenReturn(Result.ok(emptyList(CredDAO.Data.class)));
+	    when(question.credDAO().create(any(AuthzTrans.class), any(CredDAO.Data.class) )).thenReturn(Result.ok(credDataFound(cr,100)));
+	    when(question.credDAO().readNS(trans, ns)).thenReturn(Result.ok(listOf(credDataFound(cr,100))));
+	    Result<?> result = acsi.createUserCred(trans,cr);
+	    // Admins may not do FIRST Creds
+    	Assert.assertEquals(Result.ERR_Denied,result.status);
+    }
+
+    @Test
+    public void validCreateExisting() throws OrganizationException {
+    	CredRequest cr = credRequest1();
+    	when(org.isValidPassword(trans, cr.getId(),cr.getPassword())).thenReturn("");
+    	when(org.isValidCred(trans, cr.getId())).thenReturn(true);
+    	when(org.canHaveMultipleCreds(cr.getId())).thenReturn(true);
+		when(org.getIdentity(trans, cr.getId())).thenReturn(orgIdentity);
+		when(orgIdentity.isFound()).thenReturn(true);
+		String ns = "org.onap.sample";
+	    when(question.nsDAO().read(trans, ns)).thenReturn(Result.ok(nsData(ns)));
+	    
+	    CredDAO.Data cdd = credDataFound(cr,100);
+	    when(question.credDAO().create(any(AuthzTrans.class), any(CredDAO.Data.class) )).thenReturn(Result.ok(cdd));
+	    when(question.credDAO().readID(trans, cr.getId())).thenReturn(Result.ok(listOf(cdd)));
+
+	    Result<?> result = acsi.createUserCred(trans,cr);
+    	Assert.assertEquals(Result.OK,result.status);
+    }
+
+    private CredRequest credRequest1() {
+    	CredRequest cr = new CredRequest();
+    	cr.setId("m12345@sample.onap.org");
+    	cr.setPassword("BobAndWeave");
+    	cr.setType(CredDAO.RAW);
+    	return cr;
+    }
+    
+   private CredDAO.Data credDataFound(CredRequest cr, int days) {
+    	CredDAO.Data cdd = new CredDAO.Data();
+    	cdd.id = cr.getId();
+    	cdd.ns = FQI.reverseDomain(cr.getId());
+    	cdd.other = 12345;
+    	cdd.tag = "1355434";
+    	cdd.type = CredDAO.BASIC_AUTH_SHA256;
+    	try {
+			cdd.cred = ByteBuffer.wrap(Hash.hashSHA256(cr.getPassword().getBytes()));
+		} catch (NoSuchAlgorithmException e) {
+			Assert.fail(e.getMessage());
+		}
+    	GregorianCalendar gc = new GregorianCalendar();
+    	gc.add(GregorianCalendar.DAY_OF_YEAR, days);
+    	cdd.expires = gc.getTime();
+    	return cdd;
+    }
+    
+}
\ No newline at end of file
-- 
2.16.6