--- /dev/null
+---
+repos:
+ - repo: https://github.com/pre-commit/pre-commit-hooks
+ rev: v4.0.1
+ hooks:
+ - id: trailing-whitespace
+ #exclude: '^ordmodels/'
+ - repo: https://github.com/jorisroovers/gitlint
+ rev: v0.15.1
+ hooks:
+ - id: gitlint
+ stages: [commit-msg]
+ - repo: https://github.com/Lucas-C/pre-commit-hooks
+ rev: v1.1.10
+ hooks:
+ - id: remove-tabs
+ stages: [commit]
+ exclude: '^(.git/|docs/make.bat|.*/Makefile$)'
-NAME CHART VERSION APP VERSION DESCRIPTION
-local/onap 8.0.0 Honolulu Open Network Automation Platform (ONAP)
-local/aaf 8.0.0 ONAP Application Authorization Framework
-local/aai 8.0.0 ONAP Active and Available Inventory
-local/appc 8.0.0 Application Controller
-local/cassandra 8.0.0 ONAP cassandra
-local/cds 8.0.0 ONAP Controller Design Studio (CDS)
-local/clamp 8.0.0 ONAP Clamp
-local/cli 8.0.0 ONAP Command Line Interface
-local/common 8.0.0 Common templates for inclusion in other charts
-local/consul 8.0.0 ONAP Consul Agent
-local/contrib 8.0.0 ONAP optional tools
-local/cps 8.0.0 ONAP Configuration Persistene Service (CPS)
-local/dcaegen2 8.0.0 ONAP DCAE Gen2
-local/dgbuilder 8.0.0 D.G. Builder application
-local/dmaap 8.0.0 ONAP DMaaP components
-local/log 8.0.0 ONAP Logging ElasticStack
-local/mariadb-galera 8.0.0 Chart for MariaDB Galera cluster
-local/mongo 8.0.0 MongoDB Server
-local/msb 8.0.0 ONAP MicroServices Bus
-local/multicloud 8.0.0 ONAP multicloud broker
-local/music 8.0.0 MUSIC - Multi-site State Coordination Service
-local/mysql 8.0.0 MySQL Server
-local/nbi 8.0.0 ONAP Northbound Interface
-local/network-name-gen 8.0.0 Name Generation Micro Service
-local/nfs-provisioner 8.0.0 NFS provisioner
-local/oof 8.0.0 ONAP Optimization Framework
-local/policy 8.0.0 ONAP Policy Administration Point
-local/pomba 8.0.0 ONAP Post Orchestration Model Based Audit
-local/portal 8.0.0 ONAP Web Portal
-local/postgres 8.0.0 ONAP Postgres Server
-local/robot 8.0.0 A helm Chart for kubernetes-ONAP Robot
-local/sdc 8.0.0 Service Design and Creation Umbrella Helm charts
-local/sdnc 8.0.0 SDN Controller
-local/sdnc-prom 8.0.0 ONAP SDNC Policy Driven Ownership Management
-local/sniro-emulator 8.0.0 ONAP Mock Sniro Emulator
-local/so 8.0.0 ONAP Service Orchestrator
-local/uui 8.0.0 ONAP uui
-local/vfc 8.0.0 ONAP Virtual Function Controller (VF-C)
-local/vid 8.0.0 ONAP Virtual Infrastructure Deployment
-local/vnfsdk 8.0.0 ONAP VNF SDK
+NAME CHART VERSION APP VERSION DESCRIPTION
+local/onap 8.0.0 Honolulu Open Network Automation Platform (ONAP)
+local/aaf 8.0.0 ONAP Application Authorization Framework
+local/aai 8.0.0 ONAP Active and Available Inventory
+local/appc 8.0.0 Application Controller
+local/cassandra 8.0.0 ONAP cassandra
+local/cds 8.0.0 ONAP Controller Design Studio (CDS)
+local/clamp 8.0.0 ONAP Clamp
+local/cli 8.0.0 ONAP Command Line Interface
+local/common 8.0.0 Common templates for inclusion in other charts
+local/consul 8.0.0 ONAP Consul Agent
+local/contrib 8.0.0 ONAP optional tools
+local/cps 8.0.0 ONAP Configuration Persistene Service (CPS)
+local/dcaegen2 8.0.0 ONAP DCAE Gen2
+local/dgbuilder 8.0.0 D.G. Builder application
+local/dmaap 8.0.0 ONAP DMaaP components
+local/log 8.0.0 ONAP Logging ElasticStack
+local/mariadb-galera 8.0.0 Chart for MariaDB Galera cluster
+local/mongo 8.0.0 MongoDB Server
+local/msb 8.0.0 ONAP MicroServices Bus
+local/multicloud 8.0.0 ONAP multicloud broker
+local/music 8.0.0 MUSIC - Multi-site State Coordination Service
+local/mysql 8.0.0 MySQL Server
+local/nbi 8.0.0 ONAP Northbound Interface
+local/network-name-gen 8.0.0 Name Generation Micro Service
+local/nfs-provisioner 8.0.0 NFS provisioner
+local/oof 8.0.0 ONAP Optimization Framework
+local/policy 8.0.0 ONAP Policy Administration Point
+local/pomba 8.0.0 ONAP Post Orchestration Model Based Audit
+local/portal 8.0.0 ONAP Web Portal
+local/postgres 8.0.0 ONAP Postgres Server
+local/robot 8.0.0 A helm Chart for kubernetes-ONAP Robot
+local/sdc 8.0.0 Service Design and Creation Umbrella Helm charts
+local/sdnc 8.0.0 SDN Controller
+local/sdnc-prom 8.0.0 ONAP SDNC Policy Driven Ownership Management
+local/sniro-emulator 8.0.0 ONAP Mock Sniro Emulator
+local/so 8.0.0 ONAP Service Orchestrator
+local/uui 8.0.0 ONAP uui
+local/vfc 8.0.0 ONAP Virtual Function Controller (VF-C)
+local/vid 8.0.0 ONAP Virtual Infrastructure Deployment
+local/vnfsdk 8.0.0 ONAP VNF SDK
===== ===== ====== ====================
.. note::
- Kubernetes supports a maximum of 110 pods per node - configurable in the --max-pods=n setting off the
- "additional kubelet flags" box in the kubernetes template window described in 'ONAP Development - 110 pod limit Wiki'
- - this limit does not need to be modified . The use of many small
- nodes is preferred over a few larger nodes (for example 14x16GB - 8 vCores each).
+ Kubernetes supports a maximum of 110 pods per node - configurable in the
+ --max-pods=n setting off the "additional kubelet flags" box in the kubernetes
+ template window described in 'ONAP Development - 110 pod limit Wiki'
+ - this limit does not need to be modified . The use of many small nodes is
+ preferred over a few larger nodes (for example 14x16GB - 8 vCores each).
Subsets of ONAP may still be deployed on a single node.
Cloud Installation
└── configs
The common section of charts consists of a set of templates that assist with
-parameter substitution (`_name.tpl`, `_namespace.tpl` and others) and a set of charts
-for components used throughout ONAP. When the common components are used by other charts they
-are instantiated each time or we can deploy a shared instances for several components.
+parameter substitution (`_name.tpl`, `_namespace.tpl` and others) and a set of
+charts for components used throughout ONAP. When the common components are used
+by other charts they are instantiated each time or we can deploy a shared
+instances for several components.
All of the ONAP components have charts that follow the pattern shown below:
to suit your deployment with items like the OpenStack tenant information.
.. note::
- Standard and example override files (e.g. `onap-all.yaml`, `openstack.yaml`) can be found in
- the `oom/kubernetes/onap/resources/overrides/` directory.
+ Standard and example override files (e.g. `onap-all.yaml`, `openstack.yaml`)
+ can be found in the `oom/kubernetes/onap/resources/overrides/` directory.
a. You may want to selectively enable or disable ONAP components by changing
the Robot Helm charts or Robot section of `openstack.yaml`
- c. Encrypt the OpenStack password using the java based script for SO Helm charts
- or SO section of `openstack.yaml`.
+ c. Encrypt the OpenStack password using the java based script for SO Helm
+ charts or SO section of `openstack.yaml`.
d. Update the OpenStack parameters that will be used by Robot, SO and APPC Helm
charts or use an override file to replace them.
- e. Add in the command line a value for the global master password (global.masterPassword).
+ e. Add in the command line a value for the global master password
+ (global.masterPassword).
> kubectl get pods -n onap -o=wide
.. note::
- While all pods may be in a Running state, it is not a guarantee that all components are running fine.
+ While all pods may be in a Running state, it is not a guarantee that all
+ components are running fine.
- Launch the healthcheck tests using Robot to verify that the components are healthy::
+ Launch the healthcheck tests using Robot to verify that the components are
+ healthy::
> ~/oom/kubernetes/robot/ete-k8s.sh onap health
> helm undeploy dev
-More examples of using the deploy and undeploy plugins can be found here: https://wiki.onap.org/display/DW/OOM+Helm+%28un%29Deploy+plugins
+More examples of using the deploy and undeploy plugins can be found here:
+https://wiki.onap.org/display/DW/OOM+Helm+%28un%29Deploy+plugins
> ./install-metallb-on-cluster.sh
-Configuration Ngninx ingress controller
-=======================================
+Configuration Nginx ingress controller
+======================================
After installation DNS server and ingress controller we can install and
configure ingress controller.
Binaries can be found here for Linux and Mac: https://github.com/rancher/rke/releases/tag/v1.0.6
.. note::
- There are several ways to install RKE. Further parts of this documentation assumes that you have rke command available.
+ There are several ways to install RKE. Further parts of this documentation
+ assumes that you have rke command available.
If you don't know how to install RKE you may follow the below steps:
* chmod +x ./rke_linux-amd64
NFS Master, and configure all Worker nodes a Kubernetes cluster to play
the role of NFS slaves.
-It is recommneded that a separate VM, outside of the kubernetes
+It is recommended that a separate VM, outside of the kubernetes
cluster, be used. This is to ensure that the NFS Master does not compete for
resources with Kubernetes Control Plane or Worker Nodes.
of k8s PaaS for ONAP operations and can be installed to provide
additional functionality for ONAP engineers.
-The versions of PaaS compoents that are supported by OOM are as follows:
+The versions of PaaS components that are supported by OOM are as follows:
.. table:: ONAP PaaS components
| Alternatives Considered:
- - Kubernetes port forwarding was considered but discarded as it would require
- the end user to run a script that opens up port forwarding tunnels to each of
- the pods that provides a portal application widget.
+ - Kubernetes port forwarding was considered but discarded as it would
+ require the end user to run a script that opens up port forwarding tunnels
+ to each of the pods that provides a portal application widget.
- Reverting to a VNC server similar to what was deployed in the Amsterdam
- release was also considered but there were many issues with resolution, lack
- of volume mount, /etc/hosts dynamic update, file upload that were a tall order
- to solve in time for the Beijing release.
+ release was also considered but there were many issues with resolution,
+ lack of volume mount, /etc/hosts dynamic update, file upload that were
+ a tall order to solve in time for the Beijing release.
Observations:
- - If you are not using floating IPs in your Kubernetes deployment and directly attaching
- a public IP address (i.e. by using your public provider network) to your K8S Node
- VMs' network interface, then the output of 'kubectl -n onap get services | grep "portal-app"'
+ - If you are not using floating IPs in your Kubernetes deployment and
+ directly attaching a public IP address (i.e. by using your public provider
+ network) to your K8S Node VMs' network interface, then the output of
+ 'kubectl -n onap get services | grep "portal-app"'
will show your public IP instead of the private network's IP. Therefore,
- you can grab this public IP directly (as compared to trying to find the floating
- IP first) and map this IP in /etc/hosts.
+ you can grab this public IP directly (as compared to trying to find the
+ floating IP first) and map this IP in /etc/hosts.
.. figure:: oomLogoV2-Monitor.png
:align: right
Here the Name column shows the RELEASE NAME, In our case we want to try the
scale operation on cassandra, thus the RELEASE NAME would be dev-cassandra.
-Now we need to obtain the chart name for casssandra. Use the below
+Now we need to obtain the chart name for cassandra. Use the below
command to get the chart name::
> helm search cassandra
local/sdc-cs 8.0.0 ONAP Service Design and Creation Cassandra
Here the Name column shows the chart name. As we want to try the scale
-operation for cassandra, thus the correponding chart name is local/cassandra
+operation for cassandra, thus the corresponding chart name is local/cassandra
Now we have both the command's arguments, thus we can perform the
-scale opeartion for cassandra as follows::
+scale operation for cassandra as follows::
> helm upgrade dev-cassandra local/cassandra --set replicaCount=3
-Using this command we can scale up or scale down the cassadra db instances.
+Using this command we can scale up or scale down the cassandra db instances.
The ONAP components use Kubernetes provided facilities to build clustered,
* [`OOM-514 <https://jira.onap.org/browse/OOM-514>`_] - Readiness prob fails sometimes even though the relevant pods are running
* [`OOM-539 <https://jira.onap.org/browse/OOM-539>`_] - Kube2MSB registrator doesn't support https REST service registration
* [`OOM-570 <https://jira.onap.org/browse/OOM-570>`_] - Wrong value is assigned to kube2msb AUTH_TOKEN environment variable
-* [`OOM-574 <https://jira.onap.org/browse/OOM-574>`_] - OOM configuration for robot doesnt copy heat templatese in dockerdata-nfs
+* [`OOM-574 <https://jira.onap.org/browse/OOM-574>`_] - OOM configuration for robot does not copy heat templatese in dockerdata-nfs
* [`OOM-577 <https://jira.onap.org/browse/OOM-577>`_] - Incorrect evaluation of bash command in yaml template file (portal-vnc-dep.yaml)
* [`OOM-578 <https://jira.onap.org/browse/OOM-578>`_] - Hard coded token in oom/kubernetes/kube2msb/values.yaml file
* [`OOM-589 <https://jira.onap.org/browse/OOM-589>`_] - Can not acces CLI in vnc-portal
* [`OOM-913 <https://jira.onap.org/browse/OOM-913>`_] - Consul agent pod is failing
* [`OOM-916 <https://jira.onap.org/browse/OOM-916>`_] - Used to fix testing issues related to usability
* [`OOM-918 <https://jira.onap.org/browse/OOM-918>`_] - Policy - incorrect configmap mount causes base.conf to disappear
-* [`OOM-920 <https://jira.onap.org/browse/OOM-920>`_] - Issue with CLAMP configuation
+* [`OOM-920 <https://jira.onap.org/browse/OOM-920>`_] - Issue with CLAMP configuration
* [`OOM-921 <https://jira.onap.org/browse/OOM-921>`_] - align onap/values.yaml and onap/resources/environments/dev.yaml - different /dockerdata-nfs
* [`OOM-926 <https://jira.onap.org/browse/OOM-926>`_] - Disable clustering for APP-C out-of-the-box
* [`OOM-927 <https://jira.onap.org/browse/OOM-927>`_] - Need a production grade configuration override file of ONAP deployment
* [`OOM-948 <https://jira.onap.org/browse/OOM-948>`_] - make vfc got an error
* [`OOM-951 <https://jira.onap.org/browse/OOM-951>`_] - Update APPC charts based on on changes for ccsdk and Nitrogen ODL
* [`OOM-953 <https://jira.onap.org/browse/OOM-953>`_] - switch aai haproxy/hbase repo from hub.docker.com to nexus3
-* [`OOM-958 <https://jira.onap.org/browse/OOM-958>`_] - SDC-be deployment missing environment paramter
+* [`OOM-958 <https://jira.onap.org/browse/OOM-958>`_] - SDC-be deployment missing environment parameter
* [`OOM-964 <https://jira.onap.org/browse/OOM-964>`_] - SDC Healthcheck failure on sdc-be and sdc-kb containers down
* [`OOM-968 <https://jira.onap.org/browse/OOM-968>`_] - warning on default deployment values.yaml
* [`OOM-969 <https://jira.onap.org/browse/OOM-969>`_] - oomk8s images have no Dockerfile's
* [`OOM-993 <https://jira.onap.org/browse/OOM-993>`_] - AAI model-loader.properties not in sync with project file
* [`OOM-994 <https://jira.onap.org/browse/OOM-994>`_] - DCAE cloudify controller docker image 1.1.0 N/A - use 1.2.0/1.3.0
* [`OOM-1003 <https://jira.onap.org/browse/OOM-1003>`_] - dcae-cloudify-manager chart references obsolete image version
-* [`OOM-1004 <https://jira.onap.org/browse/OOM-1004>`_] - aai-resources constantly fails due to cassanda hostname
+* [`OOM-1004 <https://jira.onap.org/browse/OOM-1004>`_] - aai-resources constantly fails due to cassandra hostname
* [`OOM-1005 <https://jira.onap.org/browse/OOM-1005>`_] - AAI Widgets not loading due to duplicate volumes
* [`OOM-1007 <https://jira.onap.org/browse/OOM-1007>`_] - Update dcae robot health check config
* [`OOM-1008 <https://jira.onap.org/browse/OOM-1008>`_] - Set default consul server replica count to 1
* [`OOM-1068 <https://jira.onap.org/browse/OOM-1068>`_] - Update SO with new AAI cert
* [`OOM-1076 <https://jira.onap.org/browse/OOM-1076>`_] - some charts still using readiness check image from amsterdam 1.x
* [`OOM-1077 <https://jira.onap.org/browse/OOM-1077>`_] - AAI resources and traversal deployment failure on non-rancher envs
-* [`OOM-1079 <https://jira.onap.org/browse/OOM-1079>`_] - Robot charts dont allow over ride of pub_key, dcae_collector_ip and dcae_collector_port
+* [`OOM-1079 <https://jira.onap.org/browse/OOM-1079>`_] - Robot charts do not allow over ride of pub_key, dcae_collector_ip and dcae_collector_port
* [`OOM-1081 <https://jira.onap.org/browse/OOM-1081>`_] - Remove component 'mock' from TOSCA deployment
* [`OOM-1082 <https://jira.onap.org/browse/OOM-1082>`_] - Wrong pv location of dcae postgres
* [`OOM-1085 <https://jira.onap.org/browse/OOM-1085>`_] - appc hostname is incorrect in url
class provisioner
* CPU and Memory limits in Helm Charts to improve Pod placement based on
- resource availablity in Kubernetes Cluster
+ resource availability in Kubernetes Cluster
* Support of Node Selectors for Pod placement
**Platform Resiliency**
-* Documenation of a Highly-Available Kubernetes Cluster Deployment
+* Documentation of a Highly-Available Kubernetes Cluster Deployment
* Availability of a Default Storage Class Provisioner for improved Persistent
Storage resiliency
* Availability of a CNI reference integration for Multi-site support
Summary
-------
-The focus of this release was on maintanence and as such no new features were
+The focus of this release was on maintenance and as such no new features were
delivered.
A list of issues resolved in this release can be found here: https://jira.onap.org/projects/OOM/versions/10726
-----------
- `<https://github.com/bitnami/bitnami-docker-mariadb-galera/issues/35>`_
- Workaround is to generate a password with "short" strenght or pregenerate
+ Workaround is to generate a password with "short" strength or pregenerate
passwords without single quote in it. Default deployment is using "short"
password generation for mariadb.
#. Update the CRD definition::
- > kubectl -n onap apply -f cmpv2-cert-provider/crds/cmpv2issuer.yaml
- #. Upgrade the component
+ > kubectl -n onap apply -f oom/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml
+ #. Upgrade the component::
+
+ > helm -n onap upgrade dev-platform oom/kubernetes/platform
#. Make sure that *cmpv2issuer* contains correct value for
*spec.updateEndpoint*. The value should be: *v1/certificate-update*.
If it's not, edit the resource::
-tox
-Sphinx
-doc8
-docutils
-setuptools
-six
-sphinx_rtd_theme>=0.4.3
-sphinxcontrib-blockdiag
+lfdocs-conf~=0.7.5
+funcparserlib~=1.0.0a0
+sphinxcontrib.blockdiag~=2.0.0
sphinxcontrib-needs<0.6.0
-sphinxcontrib-nwdiag
-sphinxcontrib-redoc
-sphinxcontrib-seqdiag
-sphinxcontrib-swaggerdoc
-sphinxcontrib-plantuml
-sphinx_bootstrap_theme
-lfdocs-conf
+sphinxcontrib.plantuml~=0.21
+sphinxcontrib.nwdiag~=2.0.0
+sphinxcontrib-seqdiag~=2.0.0
+sphinxcontrib-swaggerdoc~=0.1.7
+sphinx-rtd-theme~=1.0.0
-#!/bin/bash
+#!/bin/sh
usage () {
echo "Usage:"
AAF
AAI
+ACL
adaptor
Adaptor
adaptors
Financials
geocoder
Gerrit
+Git
Github
graphSON
guestOS
JUnit
Junits
JUnits
+Karaf
keypair
Keypair
keypairs
keyValue
Kibana
Kibibytes
+kubectl
Kubernetes
LF
lifecycle
MacAddress
macOS
Malware
+MariaDB
metadata
Metadata
microservice
Onboarding
online
OOF
+oom
OOM
OpenDaylight
+OpenFlow
openo
OpenO
Opensource
Openstack
OpenStack
OSS
+ovs
+ovsdb
Pandoc
partitionKey
Partitionkey
Refactored
registrator
Registrator
+releng
repo
Repo
repos
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- name: {{ include "common.fullname" . }}
mountPath: "/var/policy-management-service/database"
resources: {{ include "common.resources" . | nindent 10 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-policy-conf-input
configMap:
global:
nodePortPrefix: 302
persistence: {}
-
+
secrets:
- uid: controller-secret
type: basicAuth
echo "*** change ownership of certificates to targeted user"
chown -R 1000 .
-image: onap/ccsdk-oran-a1policymanagementservice:1.1.3
+image: onap/ccsdk-oran-a1policymanagementservice:1.2.1
userID: 1000 #Should match with image-defined user ID
groupID: 999 #Should match with image-defined group ID
pullPolicy: IfNotPresent
mountPath: /dockerdata-nfs
mountSubPath: nonrtric/policymanagementservice
-
+#Pods Service Account
+serviceAccount:
+ nameOverride: a1policymanagement
+ roles:
+ - read
so@so.onap.org|sdnc-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'localhost', 'sdnc-simulator'}|aaf_admin@osaaf.org|{'pkcs12'}
so@so.onap.org|so-apih|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30|{'mso-asdc-controller-svc', 'mso-bpmn-infra-svc', 'mso-catalog-db-adapter-svc', 'mso-openstack-adapter-svc', 'mso-request-db-adapter-svc', 'mso-sdnc-adapter-svc'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
so@so.onap.org|so-client|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30||mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-so@so.onap.org|so|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so.api.simpledemo.onap.org', 'so.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
+so@so.onap.org|so|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so.api.simpledemo.onap.org', 'so.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12', 'script'}
so@so.onap.org|so-vnfm-adapter|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so-vnfm-adapter', 'so-vnfm-adapter.onap'}|aaf_admin@osaaf.org|{'pkcs12'}
so@so.onap.org|so-vnfm-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so-vnfm-simulator', 'so-vnfm-simulator.onap'}|aaf_admin@osaaf.org|{'pkcs12'}
tester1@test.portal.onap.org|tester1|aaf|/||mailto:|org.onap.portal.test|root|30||@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
--- /dev/null
+server.port=9516
+{{ if ( include "common.needTLS" .) }}
+server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore
+server.ssl.client-auth=need
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
+
+server.servlet.context-path=/services/babel-service
+
+logging.config=${CONFIG_HOME}/logback.xml
+
+tosca.mappings.config=${CONFIG_HOME}/tosca-mappings.json
<property name="debugLogName" value="debug" />
<property name="errorLogPattern"
- value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%.-5level|%logger|%mdc{ClassName}|%msg%n" />
+ value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%.-5level|%logger|%mdc{ClassName}|%msg%n" />
<property name="auditLogPattern"
- value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" />
+ value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" />
<property name="metricsLogPattern"
- value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" />
+ value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" />
<!-- ============================================================================ -->
<!-- EELF Appenders -->
<!-- ============================================================================ -->
<appender name="EELF"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${generalLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip
from other components, or it can be eliminated to record these events as part of the application root log. -->
<appender name="EELFAudit"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip
</appender>
<appender name="EELFMetrics"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${metricsLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip
</appender>
<appender name="EELFDebug"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>
${logDirectory}/${debugLogName}.log
</file>
<!-- allow only events with a level below INFO, that is TRACE and DEBUG -->
<filter class="ch.qos.logback.core.filter.EvaluatorFilter">
<evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">
- <expression>
- e.level.toInt() < INFO.toInt()
- </expression>
+ <expression>
+ e.level.toInt() < INFO.toInt()
+ </expression>
</evaluator>
<OnMismatch>DENY</OnMismatch>
<OnMatch>NEUTRAL</OnMatch>
{
- "instanceGroupTypes": [
- "org.openecomp.groups.NetworkCollection",
- "org.openecomp.groups.VfcInstanceGroup",
- "org.openecomp.groups.ResourceInstanceGroup"
- ],
- "widgetTypes": [
- {
- "type": "SERVICE",
- "name": "service-instance",
- "deleteFlag": true,
- "modelVersionId": "46b92144-923a-4d20-b85a-3cbd847668a9",
- "modelInvariantId": "82194af1-3c2c-485a-8f44-420e22a9eaa4"
- },
- {
- "type": "VF",
- "name": "generic-vnf",
- "deleteFlag": true,
- "modelVersionId": "93a6166f-b3d5-4f06-b4ba-aed48d009ad9",
- "modelInvariantId": "acc6edd8-a8d4-4b93-afaa-0994068be14c"
- },
- {
- "type": "VFC",
- "name": "vnfc",
- "deleteFlag": true,
- "modelVersionId": "5761e0a7-c6df-4d8a-9ebd-b8f445054dec",
- "modelInvariantId": "96129eb9-f0de-4e05-8af2-73146473f766"
- },
- {
- "type": "VSERVER",
- "name": "vserver",
- "deleteFlag": true,
- "modelVersionId": "8ecb2c5d-7176-4317-a255-26274edfdd53",
- "modelInvariantId": "ff69d4e0-a8e8-4108-bdb0-dd63217e63c7"
- },
- {
- "type": "VOLUME",
- "name": "volume",
- "deleteFlag": true,
- "modelVersionId": "0fbe2e8f-4d91-4415-a772-88387049b38d",
- "modelInvariantId": "ddd739b4-2b25-46c4-affc-41a32af5cc42"
- },
- {
- "type": "FLAVOR",
- "name": "flavor",
- "deleteFlag": false,
- "modelVersionId": "36200fb5-f251-4f5d-a520-7c5ad5c2cd4b",
- "modelInvariantId": "bace8d1c-a261-4041-9e37-823117415d0f"
- },
- {
- "type": "TENANT",
- "name": "tenant",
- "deleteFlag": false,
- "modelVersionId": "abcc54bc-bb74-49dc-9043-7f7171707545",
- "modelInvariantId": "97c26c99-6870-44c1-8a07-1d900d3f4ce6"
- },
- {
- "type": "VOLUME_GROUP",
- "name": "volume-group",
- "deleteFlag": true,
- "modelVersionId": "99d44c90-1f61-4418-b9a6-56586bf38c79",
- "modelInvariantId": "fcec1b02-b2d0-4834-aef8-d71be04717dd"
- },
- {
- "type": "LINT",
- "name": "l-interface",
- "deleteFlag": true,
- "modelVersionId": "a32613fd-18b9-459e-aab8-fffb3912966a",
- "modelInvariantId": "cea0a982-8d55-4093-921e-418fbccf7060"
- },
- {
- "type": "L3_NET",
- "name": "l3-network",
- "deleteFlag": true,
- "modelVersionId": "9111f20f-e680-4001-b83f-19a2fc23bfc1",
- "modelInvariantId": "3d560d81-57d0-438b-a2a1-5334dba0651a"
- },
- {
- "type": "VFMODULE",
- "name": "vf-module",
- "deleteFlag": true,
- "modelVersionId": "c00563ae-812b-4e62-8330-7c4d0f47088a",
- "modelInvariantId": "ef86f9c5-2165-44f3-8fc3-96018b609ea5"
- },
- {
- "type": "IMAGE",
- "name": "image",
- "deleteFlag": false,
- "modelVersionId": "f6a038c2-820c-42ba-8c2b-375e24e8f932",
- "modelInvariantId": "3f4c7204-739b-4bbb-87a7-8a6856439c90"
- },
- {
- "type": "OAM_NETWORK",
- "name": "oam-network",
- "deleteFlag": true,
- "modelVersionId": "f4fb34f3-fd6e-4a8f-a3fb-4ab61a343b79",
- "modelInvariantId": "2851cf01-9c40-4064-87d4-6184a6fcff35"
- },
- {
- "type": "ALLOTTED_RESOURCE",
- "name": "allotted-resource",
- "deleteFlag": true,
- "modelVersionId": "7ad0915f-25c0-4a70-b9bc-185a75f87564",
- "modelInvariantId": "f6d6a23d-a1a9-48ff-8419-b6530da2d381"
- },
- {
- "type": "TUNNEL_XCONNECT",
- "name": "tunnel-xconnect",
- "deleteFlag": true,
- "modelVersionId": "e7cb4ca8-e1a5-4487-a716-4ae0bcd8aef5",
- "modelInvariantId": "50b9e2fa-005c-4bbe-b651-3251dece4cd8"
- },
- {
- "type": "CONFIGURATION",
- "name": "configuration",
- "deleteFlag": true,
- "modelVersionId": "5a175add-57e4-4a5d-8b02-c36f1d69c52b",
- "modelInvariantId": "166c050d-f69d-4305-943e-0bc58c3a26cf"
- },
- {
- "type": "CR",
- "name": "cr",
- "deleteFlag": true,
- "modelVersionId": "3f908abc-3a15-40d0-b674-2a639e52884d",
- "modelInvariantId": "8bac3599-9a1c-4b7f-80e5-c1838f744c23"
- },
- {
- "type": "INSTANCE_GROUP",
- "name": "instance-group",
- "deleteFlag": true,
- "modelVersionId": "8e6ee9dc-9017-444a-83b3-219edb018128",
- "modelInvariantId": "3bf1e610-45f7-4ad6-b833-ca4c5ee6a3fd"
- },
- {
- "type": "PNF",
- "name": "pnf",
- "deleteFlag": true,
- "modelVersionId": "e9f1fa7d-c839-418a-9601-03dc0d2ad687",
- "modelInvariantId": "862b25a1-262a-4961-bdaa-cdc55d69785a"
- }
- ],
- "widgetMappings": [
- {
- "prefix": "org.openecomp.resource.vfc",
- "type": "widget",
- "widget": "VSERVER",
- "deleteFlag": true
- },
- {
- "prefix": "org.openecomp.resource.cp",
- "type": "widget",
- "widget": "LINT",
- "deleteFlag": true
- },
- {
- "prefix": "org.openecomp.cp",
- "type": "widget",
- "widget": "LINT",
- "deleteFlag": true
- },
- {
- "prefix": "org.openecomp.resource.vl",
- "widget": "L3_NET",
- "deleteFlag": false
- },
- {
- "prefix": "org.openecomp.resource.vf",
- "widget": "VF",
- "deleteFlag": true
- },
- {
- "prefix": "org.openecomp.groups.vfmodule",
- "widget": "VFMODULE",
- "deleteFlag": true
- },
- {
- "prefix": "org.openecomp.groups.VfModule",
- "widget": "VFMODULE",
- "deleteFlag": true
- },
- {
- "prefix": "org.openecomp.resource.vfc.nodes.heat.cinder",
- "type": "widget",
- "widget": "VOLUME",
- "deleteFlag": true
- },
- {
- "prefix": "org.openecomp.resource.pnf",
- "widget": "PNF",
- "deleteFlag": true
- }
- ]
+ "instanceGroupTypes": [
+ "org.openecomp.groups.NetworkCollection",
+ "org.openecomp.groups.VfcInstanceGroup",
+ "org.openecomp.groups.ResourceInstanceGroup"
+ ],
+ "widgetTypes": [
+ {
+ "type": "SERVICE",
+ "name": "service-instance",
+ "deleteFlag": true,
+ "modelVersionId": "46b92144-923a-4d20-b85a-3cbd847668a9",
+ "modelInvariantId": "82194af1-3c2c-485a-8f44-420e22a9eaa4"
+ },
+ {
+ "type": "VF",
+ "name": "generic-vnf",
+ "deleteFlag": true,
+ "modelVersionId": "93a6166f-b3d5-4f06-b4ba-aed48d009ad9",
+ "modelInvariantId": "acc6edd8-a8d4-4b93-afaa-0994068be14c"
+ },
+ {
+ "type": "VFC",
+ "name": "vnfc",
+ "deleteFlag": true,
+ "modelVersionId": "5761e0a7-c6df-4d8a-9ebd-b8f445054dec",
+ "modelInvariantId": "96129eb9-f0de-4e05-8af2-73146473f766"
+ },
+ {
+ "type": "VSERVER",
+ "name": "vserver",
+ "deleteFlag": true,
+ "modelVersionId": "8ecb2c5d-7176-4317-a255-26274edfdd53",
+ "modelInvariantId": "ff69d4e0-a8e8-4108-bdb0-dd63217e63c7"
+ },
+ {
+ "type": "VOLUME",
+ "name": "volume",
+ "deleteFlag": true,
+ "modelVersionId": "0fbe2e8f-4d91-4415-a772-88387049b38d",
+ "modelInvariantId": "ddd739b4-2b25-46c4-affc-41a32af5cc42"
+ },
+ {
+ "type": "FLAVOR",
+ "name": "flavor",
+ "deleteFlag": false,
+ "modelVersionId": "36200fb5-f251-4f5d-a520-7c5ad5c2cd4b",
+ "modelInvariantId": "bace8d1c-a261-4041-9e37-823117415d0f"
+ },
+ {
+ "type": "TENANT",
+ "name": "tenant",
+ "deleteFlag": false,
+ "modelVersionId": "abcc54bc-bb74-49dc-9043-7f7171707545",
+ "modelInvariantId": "97c26c99-6870-44c1-8a07-1d900d3f4ce6"
+ },
+ {
+ "type": "VOLUME_GROUP",
+ "name": "volume-group",
+ "deleteFlag": true,
+ "modelVersionId": "99d44c90-1f61-4418-b9a6-56586bf38c79",
+ "modelInvariantId": "fcec1b02-b2d0-4834-aef8-d71be04717dd"
+ },
+ {
+ "type": "LINT",
+ "name": "l-interface",
+ "deleteFlag": true,
+ "modelVersionId": "a32613fd-18b9-459e-aab8-fffb3912966a",
+ "modelInvariantId": "cea0a982-8d55-4093-921e-418fbccf7060"
+ },
+ {
+ "type": "L3_NET",
+ "name": "l3-network",
+ "deleteFlag": true,
+ "modelVersionId": "9111f20f-e680-4001-b83f-19a2fc23bfc1",
+ "modelInvariantId": "3d560d81-57d0-438b-a2a1-5334dba0651a"
+ },
+ {
+ "type": "VFMODULE",
+ "name": "vf-module",
+ "deleteFlag": true,
+ "modelVersionId": "c00563ae-812b-4e62-8330-7c4d0f47088a",
+ "modelInvariantId": "ef86f9c5-2165-44f3-8fc3-96018b609ea5"
+ },
+ {
+ "type": "IMAGE",
+ "name": "image",
+ "deleteFlag": false,
+ "modelVersionId": "f6a038c2-820c-42ba-8c2b-375e24e8f932",
+ "modelInvariantId": "3f4c7204-739b-4bbb-87a7-8a6856439c90"
+ },
+ {
+ "type": "OAM_NETWORK",
+ "name": "oam-network",
+ "deleteFlag": true,
+ "modelVersionId": "f4fb34f3-fd6e-4a8f-a3fb-4ab61a343b79",
+ "modelInvariantId": "2851cf01-9c40-4064-87d4-6184a6fcff35"
+ },
+ {
+ "type": "ALLOTTED_RESOURCE",
+ "name": "allotted-resource",
+ "deleteFlag": true,
+ "modelVersionId": "7ad0915f-25c0-4a70-b9bc-185a75f87564",
+ "modelInvariantId": "f6d6a23d-a1a9-48ff-8419-b6530da2d381"
+ },
+ {
+ "type": "TUNNEL_XCONNECT",
+ "name": "tunnel-xconnect",
+ "deleteFlag": true,
+ "modelVersionId": "e7cb4ca8-e1a5-4487-a716-4ae0bcd8aef5",
+ "modelInvariantId": "50b9e2fa-005c-4bbe-b651-3251dece4cd8"
+ },
+ {
+ "type": "CONFIGURATION",
+ "name": "configuration",
+ "deleteFlag": true,
+ "modelVersionId": "5a175add-57e4-4a5d-8b02-c36f1d69c52b",
+ "modelInvariantId": "166c050d-f69d-4305-943e-0bc58c3a26cf"
+ },
+ {
+ "type": "CR",
+ "name": "cr",
+ "deleteFlag": true,
+ "modelVersionId": "3f908abc-3a15-40d0-b674-2a639e52884d",
+ "modelInvariantId": "8bac3599-9a1c-4b7f-80e5-c1838f744c23"
+ },
+ {
+ "type": "INSTANCE_GROUP",
+ "name": "instance-group",
+ "deleteFlag": true,
+ "modelVersionId": "8e6ee9dc-9017-444a-83b3-219edb018128",
+ "modelInvariantId": "3bf1e610-45f7-4ad6-b833-ca4c5ee6a3fd"
+ },
+ {
+ "type": "PNF",
+ "name": "pnf",
+ "deleteFlag": true,
+ "modelVersionId": "e9f1fa7d-c839-418a-9601-03dc0d2ad687",
+ "modelInvariantId": "862b25a1-262a-4961-bdaa-cdc55d69785a"
+ }
+ ],
+ "widgetMappings": [
+ {
+ "prefix": "org.openecomp.resource.vfc",
+ "type": "widget",
+ "widget": "VSERVER",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.resource.cp",
+ "type": "widget",
+ "widget": "LINT",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.cp",
+ "type": "widget",
+ "widget": "LINT",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.resource.vl",
+ "widget": "L3_NET",
+ "deleteFlag": false
+ },
+ {
+ "prefix": "org.openecomp.resource.vf",
+ "widget": "VF",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.groups.vfmodule",
+ "widget": "VFMODULE",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.groups.VfModule",
+ "widget": "VFMODULE",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.resource.vfc.nodes.heat.cinder",
+ "type": "widget",
+ "widget": "VOLUME",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.resource.pnf",
+ "widget": "PNF",
+ "deleteFlag": true
+ }
+ ]
}
{{- if eq .Values.service.type "NodePort" }}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else }}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- end }}
selector:
#################################################################
# application image
-image: onap/babel:1.8.0
+image: onap/babel:1.9.1
flavor: small
flavorOverride: small
service:
type: NodePort
- portName: babel
+ portName: http
externalPort: 9516
internalPort: 9516
nodePort: 79
# this could come from siteconfig.pl?
aai.config.nodename=AutomaticallyOverwritten
+{{ if ( include "common.needTLS" .) }}
aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+{{ else }}
+aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
+aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
+{{ end }}
-{{ if .Values.global.config.basic.auth.enabled }}
+{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }}
aai.tools.enableBasicAuth=true
aai.tools.username={{ .Values.global.config.basic.auth.username }}
aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
{{ end }}
+{{ if ( include "common.needTLS" .) }}
aai.truststore.filename={{ .Values.global.config.truststore.filename }}
aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }}
aai.keystore.filename={{ .Values.global.config.keystore.filename }}
aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }}
+{{ end }}
aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
aai.notificationEvent.default.status=UNPROCESSED
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-spring.profiles.active={{ .Values.config.profiles.active }}
+spring.profiles.active={{ .Values.config.profiles.active }}{{ (eq "true" (include "common.needTLS" .)) | ternary ",one-way-ssl" "" }}
spring.jersey.application-path=${schema.uri.base.path}
#The max number of active threads in this pool
server.tomcat.max-threads=200
server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8449
+{{ if ( include "common.needTLS" .) }}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
server.ssl.client-auth=want
server.ssl.key-store-type=JKS
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
# JMS bind address host port
jms.bind.address=tcp://localhost:61649
-dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905
-dmaap.ribbon.transportType=https
+dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
+dmaap.ribbon.transportType={{ include "common.scheme" . }}
# Schema related attributes for the oxm and edges
# Any additional schema related attributes should start with prefix schema
schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
schema.translator.list={{ .Values.global.config.schema.translator.list }}
-schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
schema.service.nodes.endpoint=nodes?version=
schema.service.edges.endpoint=edgerules?version=
schema.service.versions.endpoint=versions
-schema.service.client={{ .Values.global.config.schema.service.client }}
+schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
+{{ if ( include "common.needTLS" .) }}
schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+{{ end }}
aperture.rdbmsname=aai_relational
-aperture.service.client={{ .Values.global.config.schema.service.client }}
+aperture.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
+
aperture.service.base.url=http://localhost:8457/aai/aperture
+{{ if ( include "common.needTLS" .) }}
aperture.service.ssl.key-store=${server.local.startpath}etc/auth/{{ .Values.global.config.keystore.filename }}
aperture.service.ssl.trust-store=${server.local.startpath}etc/auth/{{ .Values.global.config.truststore.filename }}
aperture.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
aperture.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+{{ end }}
aperture.service.timeout-in-milliseconds=300000
*/}}
-->
<configuration>
- <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
- <appender name="ACCESS"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}
- </fileNamePattern>
- </rollingPolicy>
- <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">
- <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>
- </encoder>
- </appender>
- <appender-ref ref="ACCESS" />
+ <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
+ <appender name="ACCESS"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">
+ <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>
+ </encoder>
+ </appender>
+ <appender-ref ref="ACCESS" />
</configuration>
-<!--
+<!--
%a - Remote IP address
%A - Local IP address
%b - Bytes sent, excluding HTTP headers, or '-' if no bytes were sent
<property name="AJSC_HOME" value="${AJSC_HOME:-.}"/>
<property name="logDirectory" value="${AJSC_HOME}/logs"/>
<!-- Old patterns
- <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
- <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
- <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
- <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
- <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
<property name="eelfTransLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{partnerName}:%m%n"/>
- -->
+ -->
<property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
<property name="p_lvl" value="%level"/>
<property name="p_log" value="%logger"/>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>
- %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}
- </pattern>
+ %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}
+ </pattern>
</encoder>
</appender>
<appender name="SANE" class="ch.qos.logback.core.rolling.RollingFileAppender">
<fileNamePattern>${logDirectory}/rest/sane.log.%d{yyyy-MM-dd}</fileNamePattern>
</rollingPolicy>
<encoder>
- <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
- </pattern>
+ <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n</pattern>
</encoder>
</appender>
<appender name="asyncSANE" class="ch.qos.logback.classic.AsyncAppender">
<appender name="METRIC" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/rest/metrics.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd}
- </fileNamePattern>
+ <fileNamePattern>${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd}</fileNamePattern>
</rollingPolicy>
<encoder>
<pattern>${metricPattern}</pattern>
<file>${logDirectory}/rest/audit.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/rest/audit.log.%d{yyyy-MM-dd}
- </fileNamePattern>
+ </fileNamePattern>
</rollingPolicy>
<encoder>
<pattern>${auditPattern}</pattern>
</filter>
<file>${logDirectory}/rest/translog.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/rest/translog.log.%d{yyyy-MM-dd}
- </fileNamePattern>
+ <fileNamePattern>${logDirectory}/rest/translog.log.%d{yyyy-MM-dd}</fileNamePattern>
</rollingPolicy>
<encoder>
<pattern>${transLogPattern}</pattern>
</filter>
<File>${logDirectory}/dmaapAAIEventConsumer/error.log</File>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd}
- </fileNamePattern>
+ <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd}</fileNamePattern>
</rollingPolicy>
<encoder>
<pattern>${"errorPattern"}</pattern>
</filter>
<File>${logDirectory}/dmaapAAIEventConsumer/debug.log</File>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd}
- </fileNamePattern>
+ <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
</rollingPolicy>
<encoder>
<pattern>${debugPattern}</pattern>
<File>${logDirectory}/dmaapAAIEventConsumer/metrics.log</File>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd}
- </fileNamePattern>
+ </fileNamePattern>
</rollingPolicy>
<encoder>
<pattern>${metricPattern}</pattern>
<file>${logDirectory}/external/external.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/external/external.log.%d{yyyy-MM-dd}
- </fileNamePattern>
+ </fileNamePattern>
</rollingPolicy>
<encoder>
<pattern>${debugPattern}</pattern>
<logger name="ajsc.UserDefinedJarService" level="WARN"/>
<logger name="ajsc.UserDefinedBeansDefService" level="WARN"/>
<logger name="ajsc.LoggingConfigurationService" level="WARN"/>
- <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet
- logging) -->
+ <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet logging) -->
<logger name="org.codehaus.groovy" level="WARN"/>
<logger name="com.att.scamper" level="WARN"/>
<logger name="ajsc.utils" level="WARN"/>
<logger name="org.apache.commons" level="WARN"/>
<logger name="org.apache.coyote" level="WARN"/>
<logger name="org.apache.jasper" level="WARN"/>
- <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
- May aid in troubleshooting) -->
+ <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. May aid in troubleshooting) -->
<logger name="org.apache.camel" level="WARN"/>
<logger name="org.apache.cxf" level="WARN"/>
<logger name="org.apache.camel.processor.interceptor" level="WARN"/>
<!-- logback jms appenders & loggers definition starts here -->
<appender name="auditLogs" class="ch.qos.logback.core.rolling.RollingFileAppender">
<filter class="ch.qos.logback.classic.filter.ThresholdFilter"/>
- <file>${logDirectory}/perf-audit/Audit-${lrmRVer}-${lrmRO}-${Pid}.log
- </file>
+ <file>${logDirectory}/perf-audit/Audit-${lrmRVer}-${lrmRO}-${Pid}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/perf-audit/Audit-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip
- </fileNamePattern>
+ <fileNamePattern>${logDirectory}/perf-audit/Audit-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip</fileNamePattern>
<minIndex>1</minIndex>
<maxIndex>9</maxIndex>
</rollingPolicy>
</appender>
<appender name="perfLogs" class="ch.qos.logback.core.rolling.RollingFileAppender">
<filter class="ch.qos.logback.classic.filter.ThresholdFilter"/>
- <file>${logDirectory}/perf-audit/Perform-${lrmRVer}-${lrmRO}-${Pid}.log
- </file>
+ <file>${logDirectory}/perf-audit/Perform-${lrmRVer}-${lrmRO}-${Pid}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/perf-audit/Perform-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip
- </fileNamePattern>
+ <fileNamePattern>${logDirectory}/perf-audit/Perform-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip</fileNamePattern>
<minIndex>1</minIndex>
<maxIndex>9</maxIndex>
</rollingPolicy>
</filter>
<file>${logDirectory}/auth/auth.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/auth/auth.log.%d{yyyy-MM-dd}
- </fileNamePattern>
+ <fileNamePattern>${logDirectory}/auth/auth.log.%d{yyyy-MM-dd}</fileNamePattern>
</rollingPolicy>
<encoder>
<pattern>%d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n</pattern>
{{ end }}
restartPolicy: {{ .Values.restartPolicy }}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ - name: {{ include "common.namespace" . }}-docker-registry-key
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/bash
- - docker-entrypoint.sh
- - dataSnapshot.sh
+ - -c
+ - |
+ bash docker-entrypoint.sh dataSnapshot.sh ;
+ {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/bash
- - docker-entrypoint.sh
- - createDBSchema.sh
+ - -c
+ - |
+ bash docker-entrypoint.sh createDBSchema.sh ;
+ {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
{{ end }}
restartPolicy: Never
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ - name: {{ include "common.namespace" . }}-docker-registry-key
{{ end }}
command:
- /bin/bash
- -c
- - bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges
+ - |
+ bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges ;
+ {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/bash
- - docker-entrypoint.sh
- - dataSnapshot.sh
+ - -c
+ - |
+ bash docker-entrypoint.sh dataSnapshot.sh ;
+ {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
{{- end}}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
- clusterIP: None
# Schema specific properties that include supported versions of api
schema:
# Specifies if the connection should be one way ssl, two way ssl or no auth
+ # will be set to no-auth if tls is disabled
service:
client: one-way-ssl
# Specifies which translator to use if it has schema-service, then it will
version:
# Current version of the REST API
api:
- default: v21
+ default: v24
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24
# Specifies from which version related link should appear
related:
link: v11
# application image
-image: onap/aai-graphadmin:1.8.0
+image: onap/aai-graphadmin:1.9.1
pullPolicy: Always
restartPolicy: Always
flavor: small
# Specify the profiles for the graphadmin microservice
profiles:
- active: "dmaap,one-way-ssl"
+ # one way ssl profile will be set unless tlsEnabled is set to false or serviceMesh is enabled and
+ # serviceMesh.tls is set to tru
+ active: dmaap #,one-way-ssl"
# Specifies the timeout limit for the REST API requests
timeout:
service:
type: ClusterIP
# REST API port for the graphadmin microservice
- portName: aai-graphadmin-8449
+ portName: http
internalPort: 8449
- portName2: aai-graphadmin-5005
+ portName2: tcp-5005
internalPort2: 5005
terminationGracePeriodSeconds: 120
<property name="debugLogName" value="debug" />
<property name="errorLogPattern"
- value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|ModelLoader|%mdc{PartnerName}|%logger||%.-5level|%msg%n" />
+ value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|ModelLoader|%mdc{PartnerName}|%logger||%.-5level|%msg%n" />
<property name="auditMetricPattern" value="%m%n" />
<property name="logDirectory" value="${logDir}/${componentName}" />
log -->
<appender name="EELF"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${generalLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
</appender>
<appender name="EELFAudit"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
</appender>
<appender name="EELFMetrics"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${metricsLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
</appender>
<appender name="EELFDebug"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${debugLogName}.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
# Model Loader Distribution Client Configuration
*/}}
ml.distribution.ACTIVE_SERVER_TLS_AUTH=false
+{{ if ( include "common.needTLS" .) }}
ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8443
-ml.distribution.CONSUMER_GROUP=aai-ml-group
-ml.distribution.CONSUMER_ID=aai-ml
-ml.distribution.ENVIRONMENT_NAME=AUTO
+ml.distribution.ASDC_USE_HTTPS=true
ml.distribution.KEYSTORE_PASSWORD=
ml.distribution.KEYSTORE_FILE=asdc-client.jks
ml.distribution.PASSWORD=OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp
+{{ else }}
+ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8080
+ml.distribution.ASDC_USE_HTTPS=false
+{{ end }}
+ml.distribution.CONSUMER_GROUP=aai-ml-group
+ml.distribution.CONSUMER_ID=aai-ml
+ml.distribution.ENVIRONMENT_NAME=AUTO
ml.distribution.POLLING_INTERVAL=30
ml.distribution.POLLING_TIMEOUT=20
ml.distribution.USER=aai
ml.distribution.MSG_BUS_ADDRESSES=message-router.{{.Release.Namespace}}
# Model Loader AAI REST Client Configuration
+{{ if ( include "common.needTLS" .) }}
ml.aai.BASE_URL=https://aai.{{.Release.Namespace}}:8443
+ml.aai.KEYSTORE_FILE=aai-os-cert.p12
+ml.aai.KEYSTORE_PASSWORD=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
+{{ else }}
+ml.aai.BASE_URL=http://aai.{{.Release.Namespace}}:8080
+{{ end }}
ml.aai.MODEL_URL=/aai/v*/service-design-and-creation/models/model/
ml.aai.NAMED_QUERY_URL=/aai/v*/service-design-and-creation/named-queries/named-query/
ml.aai.VNF_IMAGE_URL=/aai/v*/service-design-and-creation/vnf-images
-ml.aai.KEYSTORE_FILE=aai-os-cert.p12
-ml.aai.KEYSTORE_PASSWORD=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
+
ml.aai.AUTH_USER=ModelLoader
ml.aai.AUTH_PASSWORD=OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw
# Model Loader Babel REST Client Configuration\r
-ml.babel.BASE_URL=https://aai-babel.{{.Release.Namespace}}:9516
+ml.babel.BASE_URL={{ include "common.scheme" . }}://aai-babel.{{.Release.Namespace}}:9516
ml.babel.GENERATE_ARTIFACTS_URL=/services/babel-service/v1/app/generateArtifacts
+{{ if ( include "common.needTLS" .) }}
ml.babel.KEYSTORE_FILE=babel-client-cert.p12
ml.babel.KEYSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
ml.babel.TRUSTSTORE_FILE=tomcat_keystore
ml.babel.TRUSTSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+{{ end }}
# application image
-image: onap/model-loader:1.8.0
+image: onap/model-loader:1.9.1
pullPolicy: Always
restartPolicy: Always
flavor: small
service:
type: NodePort
- portName: aai-modelloader
+ portName: http
externalPort: 8080
internalPort: 8080
nodePort: 10
- portName2: aai-modelloader-ssl
+ portName2: https
externalPort2: 8443
internalPort2: 8443
nodePort2: 29
# this could come from siteconfig.pl?
aai.config.nodename=AutomaticallyOverwritten
+{{ if ( include "common.needTLS" .) }}
aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+{{ else }}
+aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
+aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
+{{ end }}
{{ if .Values.global.config.basic.auth.enabled }}
aai.tools.enableBasicAuth=true
aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
{{ end }}
+{{ if ( include "common.needTLS" .) }}
aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD}
aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
aai.keystore.passwd.x=${KEYSTORE_PASSWORD}
+{{ end }}
aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
aai.notificationEvent.default.status=UNPROCESSED
spring.main.allow-bean-definition-overriding=true
server.servlet.context-path=/
-spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration
-spring.profiles.active={{ .Values.global.config.profiles.active }}
+spring.profiles.active={{ .Values.global.config.profiles.active }}{{ .Values.global.aafEnabled | ternary ",aaf-auth" "" }}
spring.jersey.application-path=${schema.uri.base.path}
#The max number of active threads in this pool
server.tomcat.max-threads=200
server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8447
+{{ if ( include "common.needTLS" .) }}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
server.ssl.key-store-password=${KEYSTORE_PASSWORD}
server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
server.ssl.client-auth=want
server.ssl.key-store-type=JKS
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
# JMS bind address host port
jms.bind.address=tcp://localhost:61647
-dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905
-dmaap.ribbon.transportType=https
+dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
+dmaap.ribbon.transportType={{ include "common.scheme" . }}
# Schema related attributes for the oxm and edges
# Any additional schema related attributes should start with prefix schema
schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
schema.translator.list={{ .Values.global.config.schema.translator.list }}
-schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
schema.service.nodes.endpoint=nodes?version=
schema.service.edges.endpoint=edgerules?version=
schema.service.versions.endpoint=versions
-schema.service.client={{ .Values.global.config.schema.service.client }}
+schema.service.client={{ (eq "true" ( include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
+{{ if ( include "common.needTLS" .) }}
schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD}
schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
+{{ end }}
{{ if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
{{- end }}
migration:
enabled: false
+ aafEnabled: false
+
config:
# Specifies that the cluster connected to a dynamic
# cluster being spinned up by kubernetes deployment
# Active spring profiles for the resources microservice
profiles:
- active: production,dmaap,aaf-auth #,keycloak
+ # aaf-auth profile will be automatically set if aaf enabled is set to true
+ active: production,dmaap #,aaf-auth
# Notification event specific properties
notification:
version:
# Current version of the REST API
api:
- default: v21
+ default: v24
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24
# Specifies from which version related link should appear
related:
link: v11
chown -R 1000 {{ .Values.credsPath }}
# application image
-image: onap/aai-resources:1.8.2
+image: onap/aai-resources:1.9.1
pullPolicy: Always
restartPolicy: Always
flavor: small
service:
type: ClusterIP
- portName: aai-resources-8447
+ portName: http
internalPort: 8447
- portName2: aai-resources-5005
+ portName2: tcp-5005
internalPort2: 5005
terminationGracePeriodSeconds: 120
# ============LICENSE_END=========================================================
*/}}
+{{ if ( include "common.needTLS" .) }}
aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+{{ else }}
+aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
+aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
+{{ end }}
-{{ if .Values.global.config.basic.auth.enabled }}
+{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }}
aai.tools.enableBasicAuth=true
aai.tools.username={{ .Values.global.config.basic.auth.username }}
aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
{{ end }}
+{{ if ( include "common.needTLS" .) }}
aai.truststore.filename={{ .Values.global.config.truststore.filename }}
aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }}
aai.keystore.filename={{ .Values.global.config.keystore.filename }}
aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }}
+{{ end }}
aai.default.api.version={{ .Values.global.config.schema.version.api.default }}
server.basic.auth.location=${server.local.startpath}/etc/auth/realm.properties
server.port=8452
+{{ if ( include "common.needTLS" .) }}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
server.ssl.client-auth=want
server.ssl.key-store-type=JKS
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
schema.configuration.location=N/A
schema.source.name={{ .Values.global.config.schema.source.name }}
-->
*/}}
<configuration>
- <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
- <appender name="ACCESS"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}
- </fileNamePattern>
- </rollingPolicy>
- <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">
- <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>
- </encoder>
- </appender>
- <appender-ref ref="ACCESS" />
+ <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
+ <appender name="ACCESS"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">
+ <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>
+ </encoder>
+ </appender>
+ <appender-ref ref="ACCESS" />
</configuration>
{{/*
-<!--
+<!--
%a - Remote IP address
%A - Local IP address
%b - Bytes sent, excluding HTTP headers, or '-' if no bytes were sent
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
- {{- end}}
+ {{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
- clusterIP: None
version:
# Current version of the REST API
api:
- default: v23
+ default: v24
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24
# Specifies from which version related link should appear
related:
link: v11
- aai_keystore
# application image
-image: onap/aai-schema-service:1.8.6
+image: onap/aai-schema-service:1.9.2
pullPolicy: Always
restartPolicy: Always
flavorOverride: small
service:
type: ClusterIP
- portName: aai-schema-service-8452
+ portName: http
internalPort: 8452
- portName2: aai-schema-service-5005
+ portName2: tcp-5005
internalPort2: 5005
ingress:
#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config
oxm.schemaServiceTranslatorList=config
# The end point for onap is https://<hostname>:<port>/onap/schema-service/v1/
+{{ if ( include "common.needTLS" .) }}
oxm.schemaServiceBaseUrl=https://<schema-service/config>/aai/schema-service/v1/
oxm.schemaServiceKeystore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
oxm.schemaServiceTruststore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
oxm.schemaServiceKeystorePassword=${KEYSTORE_PASSWORD}
oxm.schemaServiceTruststorePassword=${TRUSTSTORE_PASSWORD}
-
+{{ else }}
+oxm.schemaServiceBaseUrl=http://<schema-service/config>/aai/schema-service/v1/
+{{ end }}
# Schema Service need this variable for the time being
*/}}
resources.hostname=aai
+{{ if ( include "common.needTLS" .) }}
resources.port=8443
resources.authType=SSL_BASIC
resources.basicAuthUserName=aai@aai.onap.org
resources.trust-store-password=${TRUSTSTORE_PASSWORD}
resources.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
resources.client-cert-password=${KEYSTORE_PASSWORD}
+{{ else }}
+resources.port=8080
+resources.authType=HTTP_NOAUTH
+{{ end }}
# limitations under the License.
server.port=8000
+{{ if ( include "common.needTLS" .) }}
server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
server.ssl.key-store-password=${KEYSTORE_PASSWORD}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
# and in the values.yaml change the internalPort to 9517
#
-spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,aai-proxy
+spring.profiles.active=camel,fe-prod,oxm-schema-prod,oxm-default,resources,aai-proxy,{{ ( eq "true" ( include "common.needTLS" .)) | ternary "ssl" "http" }}
portal.cadiFileLocation={{.Values.config.cadiFileLocation}}
searchservice.hostname={{.Values.global.searchData.serviceName}}
searchservice.port=9509
+{{ if ( include "common.needTLS" .) }}
searchservice.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
searchservice.client-cert-password=${KEYSTORE_PASSWORD}
searchservice.truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
searchservice.truststore-password=${TRUSTSTORE_PASSWORD}
+{{ end }}
schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties
name: {{ include "common.name" . }}
spec:
initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ {{- if ( include "common.needTLS" .) }}
- command:
- sh
args:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+ {{- end }}
- command:
- /app/ready.py
args:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
+ name: {{ .Values.service.portName }}{{ ternary "s" "" (eq "true" (include "common.needTLS" .)) }}
+ {{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
service:
type: NodePort
- portName: aai-sparky-be
+ portName: http
internalPort: 8000
nodePort: 20
# this could come from siteconfig.pl?
aai.config.nodename=AutomaticallyOverwritten
+{{ if ( include "common.needTLS" .) }}
aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+{{else}}
+aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
+aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
+{{ end }}
-{{ if .Values.global.config.basic.auth.enabled }}
+{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }}
aai.tools.enableBasicAuth=true
aai.tools.username={{ .Values.global.config.basic.auth.username }}
aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
{{ end }}
+{{ if ( include "common.needTLS" .) }}
aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD}
aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
aai.keystore.passwd.x=${KEYSTORE_PASSWORD}
+{{ end }}
aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
aai.notificationEvent.default.status=UNPROCESSED
spring.main.allow-bean-definition-overriding=true
server.servlet.context-path=/
-spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-
-spring.profiles.active={{ .Values.global.config.profiles.active }}
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration
+spring.profiles.active={{ .Values.global.config.profiles.active }}{{ (eq "true" (include "common.needTLS" .)) | ternary ",one-way-ssl" "" }}
spring.jersey.application-path=${schema.uri.base.path}
#The max number of active threads in this pool
server.tomcat.max-threads=200
server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8446
+{{ if ( include "common.needTLS" .) }}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
server.ssl.key-store-password=${KEYSTORE_PASSWORD}
server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
server.ssl.client-auth=want
server.ssl.key-store-type=JKS
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
# JMS bind address host port
jms.bind.address=tcp://localhost:61647
-dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:3905
-dmaap.ribbon.transportType=https
+dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
+dmaap.ribbon.transportType={{ include "common.scheme" . }}
# Schema related attributes for the oxm and edges
# Any additional schema related attributes should start with prefix schema
schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
schema.translator.list={{ .Values.global.config.schema.translator.list }}
-schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
schema.service.nodes.endpoint=nodes?version=
schema.service.edges.endpoint=edgerules?version=
schema.service.versions.endpoint=versions
schema.service.custom.queries.endpoint=stored-queries
-schema.service.client={{ .Values.global.config.schema.service.client }}
+schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
+{{ if ( include "common.needTLS" .) }}
schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD}
schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
+{{ end }}
<jmxConfigurator />
<property name="logDirectory" value="${AJSC_HOME}/logs" />
<!-- Old patterns
- <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
- <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
- <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
- <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
<property name="eelfTransLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{partnerName}:%m%n"/>
-->
<property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}" />
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>
- %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}
+ %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}
</pattern>
</encoder>
</appender>
- bash
- "-c"
- |
- set -x
- if [ ! -d /opt/aai/logroot/AAI-GQ/misc ]; then mkdir -p /opt/aai/logroot/AAI-GQ/misc; fi
- until nc -w10 -z -v aai.{{.Release.Namespace}} 8443; do echo "Retrying to reach aai on port 8443"; done;
- bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh
+ set -x
+ if [ ! -d /opt/aai/logroot/AAI-GQ/misc ]; then mkdir -p /opt/aai/logroot/AAI-GQ/misc; fi
+ {{- if (include "common.needTLS" .) }}
+ until nc -w10 -z -v aai.{{.Release.Namespace}} 8443; do echo "Retrying to reach aai on port 8443"; done;
+ bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh
+ {{- else }}
+ until nc -w10 -z -v aai.{{.Release.Namespace}} 80; do echo "Retrying to reach aai on port 80"; done;
+ bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh ;
+ {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
+ {{- end }}
env:
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
- {{- end}}
+ {{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
# Active spring profiles for the resources microservice
profiles:
- active: production,dmaap,aaf-auth #,keycloak
+ active: production,dmaap #,aaf-auth ,keycloak
# Notification event specific properties
notification:
version:
# Current version of the REST API
api:
- default: v21
+ default: v24
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24
# Specifies from which version related link should appear
related:
link: v11
chown -R 1000 {{ .Values.credsPath }}
# application image
-image: onap/aai-traversal:1.8.0
+image: onap/aai-traversal:1.9.1
pullPolicy: Always
restartPolicy: Always
flavor: small
service:
type: ClusterIP
- portName: aai-traversal-8446
+ portName: http
internalPort: 8446
- portName2: aai-traversal-5005
+ portName2: tcp-5005
internalPort2: 5005
terminationGracePeriodSeconds: 120
#######################
-#DEFAULT BACKEND 847###
+#DEFAULT BACKEND 8447##
#######################
backend IST_Default_8447
log global
mode http
option httplog
+{{- if ( include "common.needTLS" .) }}
option ssl-hello-chk
+{{- end }}
option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ QUFJOkFBSQ==
default-server init-addr none
# option dontlognull
timeout http-keep-alive 30000
+frontend IST_8080
+ mode http
+ bind 0.0.0.0:8080
+ log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
+ option httplog
+ log global
+ option logasap
+ option forwardfor
+ capture request header Host len 100
+ capture response header Host len 100
+ option log-separate-errors
+ option forwardfor
+ http-request set-header X-Forwarded-Proto http
+ reqadd X-Forwarded-Proto:\ http
+ reqadd X-Forwarded-Port:\ 8080
+
+#######################
+#ACLS FOR PORT 8446####
+#######################
+
+ acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$
+ acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$
+ acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$
+ acl is_dsl path_reg -i ^/aai/v[0-9]+/dsl$
+ acl is_named-query path_beg -i /aai/search/named-query
+ acl is_search-model path_beg -i /aai/search/model
+ use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model or is_dsl
+
+ default_backend IST_Default_8447
+
+{{- if ( include "common.needTLS" .) }}
frontend IST_8443
mode http
bind 0.0.0.0:8443 name https ssl crt /opt/app/osaaf/local/certs/fullchain.pem
http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)]
reqadd X-Forwarded-Proto:\ https
reqadd X-Forwarded-Port:\ 8443
+{{- end }}
#######################
#ACLS FOR PORT 8446####
default_backend IST_Default_8447
-
#######################
-#DEFAULT BACKEND 847###
+#DEFAULT BACKEND 8447##
#######################
backend IST_Default_8447
balance roundrobin
http-request set-header X-Forwarded-Port %[src_port]
http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+{{- if ( include "common.needTLS" .) }}
server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
-
+{{- else }}
+ server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447
+{{- end }}
#######################
# BACKEND 8446#########
balance roundrobin
http-request set-header X-Forwarded-Port %[src_port]
http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+{{- if ( include "common.needTLS" .) }}
server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
-
+{{- else }}
+ server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446
+{{- end }}
{{- include "common.certInitializer.volumeMount" . | nindent 8 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPlainPort }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
httpGet:
path: /aai/util/echo
- port: {{ .Values.service.internalPort }}
- scheme: HTTPS
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ #scheme: HTTPS
+ scheme: {{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}
httpHeaders:
- name: X-FromAppId
value: OOM_ReadinessCheck
heritage: {{ .Release.Service }}
spec:
ports:
- {{if eq .Values.service.type "NodePort" -}}
- - name: {{ .Values.service.portName }}
- port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
+ - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort .Values.service.externalPlainPort }}
+ targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ {{- if eq .Values.service.type "NodePort" }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
+ {{- end }}
type: {{ .Values.service.type }}
selector:
app: {{ include "common.name" . }}
passwd: AAI
# Active spring profiles for the resources microservice
+ # aaf-auth profile will be automatically set if aaf enabled is set to true
profiles:
- active: production,dmaap,aaf-auth
+ active: production,dmaap #,aaf-auth
# Notification event specific properties
notification:
# Schema specific properties that include supported versions of api
schema:
# Specifies if the connection should be one way ssl, two way ssl or no auth
+ # will be set to no-auth if tls is disabled
service:
client: one-way-ssl
# Specifies which translator to use if it has schema-service, then it will make a rest request to schema service
version:
# Current version of the REST API
api:
- default: v23
+ default: v24
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24
# Specifies from which version related link should appear
related:
link: v11
service:
type: NodePort
- portName: aai-ssl
+ portName: http
externalPort: 8443
internalPort: 8443
nodePort: 33
# POLICY hotfix - Note this must be temporary
# See https://jira.onap.org/browse/POLICY-510
aaiServiceClusterIp:
+ externalPlainPort: 80
+ internalPlainPort: 8080
+ nodeport: 33
ingress:
enabled: false
- baseaddr: "aai.api"
name: "aai"
port: 8443
- config:
- ssl: "redirect"
+ config:
+ ssl: "redirect"
resources:
small:
*/}}
# Host definition
-ip: 0.0.0.0
-port: {{.Values.service.internalPort}}
+ip: 0.0.0.0
+port: {{.Values.service.internalPort}}
# Security (controls use of TLS encrypton and RestServer authentication)
-tls: no
-auth: no
+tls: no
+auth: no
# TLS certificates (must be built on application host)
-priv: provide_privated_key.pem
-pub: provide_public_key.pem
+priv: provide_privated_key.pem
+pub: provide_public_key.pem
# Mysql
-host: {{.Values.config.mariadbGaleraSVCName}}
+host: {{.Values.config.mariadbGaleraSVCName}}
# Playbooks
-from_files: yes
-ansible_path: /opt/onap/ccsdk/Playbooks
-ansible_inv: Ansible_inventory
-ansible_temp: PlaybooksTemp
-timeout_seconds: 60
+from_files: yes
+ansible_path: /opt/onap/ccsdk/Playbooks
+ansible_inv: Ansible_inventory
+ansible_temp: PlaybooksTemp
+timeout_seconds: 60
# Blocking on GetResults
-getresults_block: yes
+getresults_block: yes
-#!/bin/bash -x
+#!/bin/sh -x
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
-#!/bin/bash -x
-{{/*
+#!/bin/sh -x
+{{/*
###
# ============LICENSE_START=======================================================
# APPC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
+#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
###
*/}}
-### ###
+### ###
### Properties for demo ###
-### ###
+### ###
appc.demo.poolMembers=message-router.{{.Release.Namespace}}:3904
appc.demo.topic.read=APPC-CL
appc.demo.topic.write=APPC-CL
org.onap.appc.db.pass.sdnctl=${SDNC_DB_PASSWD}
-### ###
+### ###
### OpenStack credentials (these properties also are used in appc-rest-adapter-bundle, appc-chef-adapter-bundle, appc-iaas-adapter-bundle) ###
-### ###
+### ###
provider1.type={{.Values.config.openStackType}}
provider1.name={{.Values.config.openStackName}}
provider1.identity={{.Values.config.openStackKeyStoneUrl}}
provider1.tenant1.userid={{.Values.config.openStackUserName}}
provider1.tenant1.password={{.Values.config.openStackEncryptedPassword}}
-### ###
-### Properties that are not covered or being replaced from default.properties files. Default value for DMaaP IP is 10.0.11.1:3904 ###
+### ###
+### Properties that are not covered or being replaced from default.properties files. Default value for DMaaP IP is 10.0.11.1:3904 ###
### which is what the Master HEAT Template to instantiate OpenECOMP is pointing to (version R1). All other default values are ###
### left there since these are pre-defined as part of APP-C/OpenECOMP default instantiation with Master HEAT Template ###
-### ###
+### ###
# Property below is valid in appc-command-executor-core, appc-license-manager-core, appc-lifecycle-management-core,
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
+#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#!/bin/bash
+#!/bin/sh
+
{{/*
###
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
+#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
subPath: org.onap.appc.keyfile
resources:
{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
+ {{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end -}}
- name: serviceAccount
version: ~8.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
+
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- command:
- sh
args:
value: {{ if (gt (int (.Values.replicaCount)) 2) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }}
- name: CLUSTER_ID
value: {{ .Values.cluster.clusterName }}
+ - name: AAF_CREDSPATH
+ value: {{ .Values.certInitializer.credsPath }}
- name: CLUSTER_NODE_ID
valueFrom:
fieldRef:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
sdncOamService: sdnc-oam
sdncOamPort: 8282
+ #AAF is enabled by default
+ #aafEnabled: true
+
+ #enable importCustomCerts to add custom CA to blueprint processor pod
+ #importCustomCertsEnabled: true
+
+ #use below configmap to add custom CA certificates
+ #certificates with *.pem will be added to JAVA truststore $JAVA_HOME/lib/security/cacerts in the pod
+ #certificates with *.crt will be added to /etc/ssl/certs/ca-certificates.crt in the pod
+ #customCertsConfigMap: onap-cds-blueprints-processor-configmap
+
#################################################################
# Secrets metaconfig
#################################################################
password: '{{ .Values.config.sdncDB.dbRootPass }}'
passwordPolicy: required
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: cds-blueprints-processor-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: sdnc-cds
+ fqi: sdnc-cds@sdnc-cds.onap.org
+ public_fqdn: sdnc-cds.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ fqi_namespace: org.onap.sdnc-cds
+ #enable below if we need custom CA to be added to blueprint processor pod
+ #importCustomCertsEnabled: true
+ #truststoreMountpath: /opt/onap/cds
+ #truststoreOutputFileName: truststoreONAPall.jks
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh;
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-blueprintsprocessor:1.1.5
+image: onap/ccsdk-blueprintsprocessor:1.2.0
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-commandexecutor:1.1.5
+image: onap/ccsdk-commandexecutor:1.2.0
pullPolicy: Always
# application configuration
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-py-executor:1.1.5
+image: onap/ccsdk-py-executor:1.2.0
pullPolicy: Always
# default number of instances
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-sdclistener:1.1.5
+image: onap/ccsdk-sdclistener:1.2.0
name: sdc-listener
pullPolicy: Always
{{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
# application image
-image: onap/ccsdk-cds-ui-server:1.1.5
+image: onap/ccsdk-cds-ui-server:1.2.0
pullPolicy: Always
# application configuration
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: lighttpd
configMap:
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: cli
+ roles:
+ - read
-#!/bin/bash
+#!/bin/sh
set -e
print_usage ()
{
- echo "NAME"
- echo " Script to restore Cassandra database from Nuvo/Cain snapshot"
- echo "SYNOPSIS"
- echo " $me [--help|-h] [--base_db_dir|-b] [--snapshot_dir|-s] [--keyspace|-k] [--tag|-t]"
- echo " MUST OPTIONS: base_db_dir, snapshot_dir, keyspace_name"
- echo "DESCRIPTION"
- echo " --base_db_dir, -b"
- echo " Location of running Cassandra database"
- echo " --snapshot_dir, -s"
- echo " Snapshot location of Cassandra database taken by Nuvo/Cain"
- echo " --keyspace, -k"
- echo " Name of the keyspace to restore"
- echo "EXAMPLE"
- echo " $me -b /var/lib/cassandra/data -s /root/data.ss -k DISCOVERY_SERVER -t 1234567"
- exit
+ echo "NAME"
+ echo " Script to restore Cassandra database from Nuvo/Cain snapshot"
+ echo "SYNOPSIS"
+ echo " $me [--help|-h] [--base_db_dir|-b] [--snapshot_dir|-s] [--keyspace|-k] [--tag|-t]"
+ echo " MUST OPTIONS: base_db_dir, snapshot_dir, keyspace_name"
+ echo "DESCRIPTION"
+ echo " --base_db_dir, -b"
+ echo " Location of running Cassandra database"
+ echo " --snapshot_dir, -s"
+ echo " Snapshot location of Cassandra database taken by Nuvo/Cain"
+ echo " --keyspace, -k"
+ echo " Name of the keyspace to restore"
+ echo "EXAMPLE"
+ echo " $me -b /var/lib/cassandra/data -s /root/data.ss -k DISCOVERY_SERVER -t 1234567"
+ exit
}
if [ $# -eq 0 ]
then
- print_usage
+ print_usage
fi
while [ $# -gt 0 ]
shift
case $key in
- -h|--help)
- print_usage
- ;;
- -b|--base_db_dir)
- base_db_dir="$1"
- shift
- ;;
- -s|--snapshot_dir)
- ss_dir="$1"
- shift
- ;;
- -k|--keyspace)
- keyspace_name="$1"
- ;;
- -t|--tag)
- tag_name="$1"
- ;;
- --default)
- DEFAULT=YES
- shift
- ;;
- *)
- # unknown option
- ;;
+ -h|--help)
+ print_usage
+ ;;
+ -b|--base_db_dir)
+ base_db_dir="$1"
+ shift
+ ;;
+ -s|--snapshot_dir)
+ ss_dir="$1"
+ shift
+ ;;
+ -k|--keyspace)
+ keyspace_name="$1"
+ ;;
+ -t|--tag)
+ tag_name="$1"
+ ;;
+ --default)
+ DEFAULT=YES
+ shift
+ ;;
+ *)
+ # unknown option
+ ;;
esac
done
# Validate inputs
if [ "$base_db_dir" = "" ] || [ "$ss_dir" = "" ] || [ "$keyspace_name" = "" ]
then
- echo ""
- echo ">>>>>>>>>>Not all inputs provided, please check usage >>>>>>>>>>"
- echo ""
- print_usage
+ echo ""
+ echo ">>>>>>>>>>Not all inputs provided, please check usage >>>>>>>>>>"
+ echo ""
+ print_usage
fi
# Remove commit logs from current data dir
-/u3+7QAAAAIAAABrAAAAAgAYdmVyaXNpZ25jbGFzczJnMmNhIFtqZGtdAAABVsJJxYQABVgu
-NTA5AAADBzCCAwMwggJsAhEAuS9gzIifoXpGCbhbcGyKrzANBgkqhkiG9w0BAQUFADCBwTEL
-MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTwwOgYDVQQLEzNDbGFzcyAy
-IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIxOjA4BgNVBAsT
-MShjKSAxOTk4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAd
-BgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmswHhcNOTgwNTE4MDAwMDAwWhcNMjgwODAx
-MjM1OTU5WjCBwTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTwwOgYD
-VQQLEzNDbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g
-RzIxOjA4BgNVBAsTMShjKSAxOTk4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQg
-dXNlIG9ubHkxHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmswgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAKeIASF0LOcaA/CY4Zc8DyEI8Zzbl+ma/MIEBhO+X1LIzB4sElYs
-uAFpLMyZH62wlq55BPITOcF7mLoILOjChBMsqmnpCfTHqQKkQsIjT0rY8A6i+zFsyeZvmScH
-9eb0THiebetGhvq5hslU8rLEr9RGHFrJFTD/DWz1LQ5tzn93AgMBAAEwDQYJKoZIhvcNAQEF
-BQADgYEAci75f9HxcfvEnvbFXlGKQJi4aPibHIPY4p29/+2h5mbqLwn0ytfqpSuV9iRghk1E
-LoOlxC2g0654aW9y2myuCPBjkjfmu8QwF613zEk1qs/Yj9G+txiWR3NqVCI0ZC22FptZW7RR
-WTqzCxT0Et9noPStMmResUZyJ4wSe8VEtK4AAAACABlkaWdpY2VydGFzc3VyZWRpZGczIFtq
-ZGtdAAABVsJI3zgABVguNTA5AAACSjCCAkYwggHNoAMCAQICEAuhWvod36C1SUSvzSSgbOww
-CgYIKoZIzj0EAwMwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcG
-A1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBS
-b290IEczMB4XDTEzMDgwMTEyMDAwMFoXDTM4MDExNTEyMDAwMFowZTELMAkGA1UEBhMCVVMx
-FTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIG
-A1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IEczMHYwEAYHKoZIzj0CAQYFK4EEACID
-YgAEGee8rERl7c24P1j7jbFXqUQtBRXy7wv/EHSftWJSX2Z+H+XcG0V5C8zGUwqdjV0C2alZ
-3gJa9pUqDo04SopJxrzGAzgHX1Xafglu4n9e0EUgD1l2ENagJPAt3jbybCk5o0IwQDAPBgNV
-HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUy9C9qeGYBVGhTTeig3nO
-jR0q5IQwCgYIKoZIzj0EAwMDZwAwZAIwJaSBRQJrEkt1dE/II+Nw8nVy3nyJ8M+RcmGeXhCS
-WVa5g8cQ5zjpWCY2fdXkNIY5AjB8NlPwMOViYzqZ4rajO5s0+h7aEJJxXpETp92kbpLMMtb1
-IWbHL+qWY2plRZKVAbQAAAACAB12ZXJpc2lnbnVuaXZlcnNhbHJvb3RjYSBbamRrXQAAAVbC
-SX1uAAVYLjUwOQAABL0wggS5MIIDoaADAgECAhBAGsRkIbMTIQMOu+QSGsUdMA0GCSqGSIb3
-DQEBCwUAMIG9MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNV
-BAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWdu
-LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVu
-aXZlcnNhbCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDQwMjAwMDAwMFoX
-DTM3MTIwMTIzNTk1OVowgb0xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5j
-LjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDgg
-VmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE4MDYGA1UEAxMvVmVy
-aVNpZ24gVW5pdmVyc2FsIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHYTdesQE022LXFZv/WFqMIyPWYI6R15CYg3rmWBk4
-jMX25WSFtKJx++29udrNTQC0yC1zpcdpcZUfOTyyRAec6A76TUrEId8pYY8yImGCxYcfbox8
-XxYgUUTRcE9X6uMc48x57ljYDsKzRZPALOeaFyt7ADd6QTN44TPi8xAaf4csvvb190Li5b+H
-YolfAEvfxd3kdUQyQToecW5pywt1RgjRytIrldDP+7lAa2SMV038ExF5hO1eVPY0nwgB8xAl
-BhdK2vEdemZrmGBmpNnv0i6C8fDvCepEyRVq4gNuM9Osn1UAx/YIapS5X9zgM/GEYPlbJxG0
-/Bbyu1ZqgCWNAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
-bQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XT
-GoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5n
-aWYwHQYDVR0OBBYEFLZ3+mlIR59TEtXC6gcydgfRlwcZMA0GCSqGSIb3DQEBCwUAA4IBAQBK
-+PiwA+YsZ3vklHdjzG5M+X0ODdzIuTW5cE9j+iT6bIOMR507Y/Oa+XYylZGxd7ysmr6x5DEh
-xoGVVloOscLUsaZZrPFjy7hMHVmQSu+QFigfWq4Q+4FQOAxszPE9w/Vj47PjIckkOen9FWZG
-9BsR0E1zo31G+T3tqF9i1PE/+OB0VysYnYG0xCjalJelcOusHb4HEfDV293ljPDVMrCD5lfi
-j7++oaq/PR211Djq17BcOk9qP4/AZmxjqunZpBb0gdGVFA59zZU02dKPcHOBe5x+vZhh2EWH
-mJDF64YwxjW/8P/DVYiDS+8FkgZx8riYk7fszYJh8TjmT5eYKlqNAAAAAgAbZGlnaWNlcnR0
-cnVzdGVkcm9vdGc0IFtqZGtdAAABVsJJT9kABVguNTA5AAAFlDCCBZAwggN4oAMCAQICEAWb
-G1eejiEy4jkHvad3dVwwDQYJKoZIhvcNAQEMBQAwYjELMAkGA1UEBhMCVVMxFTATBgNVBAoT
-DERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGln
-aUNlcnQgVHJ1c3RlZCBSb290IEc0MB4XDTEzMDgwMTEyMDAwMFoXDTM4MDExNTEyMDAwMFow
-YjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRp
-Z2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3RlZCBSb290IEc0MIICIjANBgkq
-hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv+aQc2jeu+RdSjwwIjBpM+zCpyUuySE98orYWcLh
-Kac9WKt2ms2uexuEDcQwH/MbpDgW61bGl20dq7J58soR0uRf1gU8Ug9SH8aeFaV+vp+pVxZZ
-VXKvaJNwwrK6dZlqczKU0RBEEC7fgvMHhOZ0O21x4i0MG+4g1ckgHWMpLc7sXk7Ik/ghYZs0
-6wXGXuxbGrzryc/NrDRAX7F6Zu53yEioZldXn1RYjgwrt0+nMNlW7sp7XeOtyU9e5TXnMcva
-k17cjo+A2raRmECQecN4x7axxLVqGDgDEI3Y1DekLgV9iPWCPhCRcKtVgkEy19sEcypukQF8
-IUzUvK4bA3VdeGbZOjFEmjNAvwjXWkmkwuapoGfdpCe8oU85tRFYF/ckXEaPZPfBaYh2mHY9
-WV1CdoeJl2l6SPDgohIbZpp0yt5LHucOY67m1O+SkjqePdwA5EUlibaaRBkrfsCUtNJhbesz
-2cXfSwQAzH0clcOP9yGyshG3u3/y1YxwLEFgqrFjGESVGnZifvaAsPvoZKYz0YkH4b235kOk
-GLimdwHhD5QMIR2yVCkliWzlDlJRR3S+Jqy2QXXeeqxfjT/JvNNBERJb5RBQ6zHFynIWIgnf
-fEx1P2PsIV/EIFFrb7GrhotPwtZFX50g/KEexcCPorF+CiaZ9eRpL5gdLfXZqbId5RsCAwEA
-AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFOzX44LS
-cV1kTN8uZz/nupiuHA9PMA0GCSqGSIb3DQEBDAUAA4ICAQC7Ydl9qWy+F8SRG8OhogCN42Ro
-D1bPd65w+f2aSpm5yXhcDAxf5OYUKVYLNkldRGPgrZyWGGYbIw09eelta9ZU+NI8wUNArh1Q
-9VL8kDu7mJlpa8fBp6hopCfcnfknrjCFufZnTTo+j1k5IlNE68hdA8rtUHp9YiEKgMhzZtGg
-BWBf6KW0p6+o9201nHxaitaiOJnzeIv0TdIgC94E7oybR4FyDcAUMu8wWS6u4HHyVuRql2+S
-UG2WjWh6mrI2FHoG8iS5CRFQ1wixuIl6hCNhQinlo82iIEHX0Zxk2eomoYsU10wZslBBcT0/
-TXAjhgxK3IHSzDKUhA0ICZccT8DuayB0MNLgOTQQhSEVAQjoVTLecUnZKBdQTea+TdF1rNDK
-+0G4Q6Wq08MFRE8sNpvi+uJFuCNTbAZvZ1V/RrVMP24oWnkm0qSoYpfSHuLtSou8G/1HSg3f
-Z2Z+sltB0Dvk9Dv0BGPp78JUAFGgiirJznjM1eqHBBizzq9JiK/zkpm2s+ZhD9KFAOdQGuQb
-lZ0ZobmcsZuxAB7v0A9PQmzJCrzuQ/o6caXITSalNf2JXbyFYh0y0qArVO2aV8Hb+hDPGbeL
-ShuPAbYnlVPotoltW7xo1CPoi1GiVvnwpoCg1h6zvA8PU3UpquoTd+TejIEhrQcQRxGthz0H
-0XW8z/NmfgAAAAIAGHZlcmlzaWduY2xhc3MxZzNjYSBbamRrXQAAAVbCSfnFAAVYLjUwOQAA
-BB4wggQaMIIDAgIRAItbdVaEVIULAM+vOEjOsaQwDQYJKoZIhvcNAQEFBQAwgcoxCzAJBgNV
-BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1
-c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0
-aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMSBQdWJsaWMgUHJp
-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2
-MDcxNjIzNTk1OVowgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEf
-MB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVy
-aVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp
-Z24gQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcz
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3YTUubT5p9jzBHic3j3cbBMW2Xrd
-JFFmwMcmWQ2sBgjClNEzH/CDNR9uG8jeqm4VTlQn78RtGuwL4w7wRKVXx0BYHqNHH3HsYPZt
-lMgYOe3+QhhW3+RMSRB4TgF2NWMSNt1mvAEENqNVaNWiNgmsqyEmVAatP8oU4KzKrQYdleL4
-nfHgYP/Cf3UrTMza/oeZIeq6/j5U19JZeNs8bs+gEwAauCeh5L5nlsqgxbOc3cl1nuswml+j
-zdmueBk/I+lc2ym9rVXIG1SMY/bopurHNxJcoykeAtnbHzu01w9WR4EVBEqvgyfRxViIwd32
-qqejGNpoqm0RUeG/ZWuflnbRPQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCrZo3Xs7rHmrbm
-VdAF8Z8xjVqq2apGJg9x7aWtU1ZiAUcqROn+P3QLE5u59E0bstFfsrbSiFyzn83L1KfZYJWE
-OvjBNx1hyuewxeWR2lSmrDGBrpfezQisuMCXgH9ucqTnaROVZR/Ekzz9eY8E1D5P6veezs1n
-fE9lAv+RhVRzx/8294Yt7NBeT/8Rn3IG1rga8UwNJmXiRIAex5/j3egK2uylIIBpaKFPfuFr
-zwdB+oOOvDjdsC4RsWuyQsyavPlIInlKGQ+yHD4gdNlqw77yKHgTVnlPbVDqG7C1V7E3Zlgj
-89wP3wqHxO+GBdU4FGCZo0veBpZxLPLbth+k7z/uAAAAAgAXaWRlbnRydXN0cHVibGljY2Eg
-W2pka10AAAFWwkjoQQAFWC41MDkAAAVqMIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAA
-AjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSow
-KAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1
-MzMyWhcNMzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0
-MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIiMA0GCSqG
-SIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7ekosMSqMjbCpwzFr
-qHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGyRBb06tD6Hi9e28tzQa68ALBK
-K0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlSbdsHyo+1W/CD80/HLaXIrcuVIKQxKFdY
-WuSNG5qrng0M8gozOSI5Cpcu81N3uURF/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3Lv
-dYDaBjMbXcjaY8ZNzaxmMc3R3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZ
-ZoY+rfGwyj4GD3vwEUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFn
-ol57plzy9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V
-GxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ2fjXctsc
-vG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsVWaFHVCkugyhfHMKi
-q3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gDW/3FKqD2cyOEEBsB5wIDAQAB
-o0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU43Hgntin
-QtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcNAQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiH
-VIyqZJnYWv6IAcVYpZmxI1Qjt2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4J
-aj0z8yGa5hV+rVHVDRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0f
-b7iAaJg9TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G
-lwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwWmhlQBJqy
-mm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4DfWN88uieW4oA0beOY
-02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5+bl53B/N66+rDt0b20XkeucC
-4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJtshquDDIajjDbp7hNxbqBWJMWxJH7ae0
-s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhAGaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dx
-VJCO2SCdUyt/q4/i6jC8UDfv8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLat
-t8o+Ae+cAAAAAgAadXRudXNlcmZpcnN0b2JqZWN0Y2EgW2pka10AAAFWwkkumAAFWC41MDkA
-AARqMIIEZjCCA06gAwIBAgIQRL4Mi1AAJLQR0zYt4LNfGzANBgkqhkiG9w0BAQUFADCBlTEL
-MAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwG
-A1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0
-cnVzdC5jb20xHTAbBgNVBAMTFFVUTi1VU0VSRmlyc3QtT2JqZWN0MB4XDTk5MDcwOTE4MzEy
-MFoXDTE5MDcwOTE4NDAzNlowgZUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UE
-BxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8G
-A1UECxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMR0wGwYDVQQDExRVVE4tVVNFUkZpcnN0
-LU9iamVjdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6qgT+jo2F4qjEAVZUR
-nicPHxzfOpuCaDDASmEd8S8O+r5596Uj71VRloTN2+O5bj4x2AogZ8f02b+U60cEPgLOKqJd
-hwQJ9jCdGIqXsqoc/EHSoTbL+z2RuufZcDX65OeQw5ujm9M89RKZd7G3CeBo5hy485RjiGpq
-/gt2yb70IuRnuasaXnfBhQfdDWy/7gbHd2pBnqcP1/vulBe3/IW+pKvEHDHd17bR5PDv3xaP
-slKT16HUiaEHLr/hARJCHhrh2JU022R5KP+6LhHC5ehbkkj7RwvCbNqtMoNB86XlQXD9ZZBt
-+vpRxPm9lisZBCzTbafc8H9vg2XiaquHhnUCAwEAAaOBrzCBrDALBgNVHQ8EBAMCAcYwDwYD
-VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU2u1kdBScFDyr3ZmpvVsoTYs8ydgwQgYDVR0fBDsw
-OTA3oDWgM4YxaHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VUTi1VU0VSRmlyc3QtT2JqZWN0
-LmNybDApBgNVHSUEIjAgBggrBgEFBQcDAwYIKwYBBQUHAwgGCisGAQQBgjcKAwQwDQYJKoZI
-hvcNAQEFBQADggEBAAgfUrE3RHjb/c652pWWmKpVZIC1WkDdIaXFwfNfLEzIR1pp6ujwNTX0
-0CXzyKakh0q9G7FzCL3Uw8q2NbtZhncxzaeAFK4T7/yxSPlrJSUtUbYsbUXBmMiKVl0+7kNO
-PmsnjtA6S4ULX9Ptaqd1y9Fahy85dRNacrACgZ++8A+EVCBibGnU4U3GDZlDAQ0Slox4nb9Q
-orFEqmrPF3rPbw/U+CRVX/A0FklmPlBGyWNxODFiuGK581OtbLUrohKqGU8J2l7nk8aOFAj+
-8DCAGKCGhU3IfdeLA/5u1fedFqySLKAj5ZyRUh+U3xeUc8OzwcFxBSAAeL0TUh2oPs0AH8gA
-AAACABlnZW90cnVzdHVuaXZlcnNhbGNhIFtqZGtdAAABVsJJG3gABVguNTA5AAAFbDCCBWgw
-ggNQoAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdl
-b1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0IFVuaXZlcnNhbCBDQTAeFw0wNDAzMDQw
-NTAwMDBaFw0yOTAzMDQwNTAwMDBaMEUxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVz
-dCBJbmMuMR4wHAYDVQQDExVHZW9UcnVzdCBVbml2ZXJzYWwgQ0EwggIiMA0GCSqGSIb3DQEB
-AQUAA4ICDwAwggIKAoICAQCmFVWgo8bgH4ydIVDXwb4rW7WknqHZcli9ABtMv2HJFB1FgqvG
-HYDWPesQnDqvbST4vHEBngb1fF8ewQ5VyoOaWTCuGcswSJXtIjeN9EqacmY+rZXA4BYA4BAf
-KzEO15RU00IzoDQdHkV23U/KGDfshRV6GQj81cec8PKpLhCpkuY9WD2pFmg8L3UhGH8od6Xh
-YRe3pun4Hpnbc270CqIhbO7aqoWSZq/2emuC2roiCDUPz0LxNfpq7n4rJcw6EeRtr3Oydh2t
-0LJ4ZxqkORxRC2dWg/04XQ3O3fC7K5Yf3nsyUv0du7UGobIhXqXWlWh/8Jme3EUIPufSCQ01
-lN2ATlOX17UJRCBkFhcDAkxTDWje1apyTZNtgg7bnL3PtPNcXVR6aQmW1tsRwY11qLTPOcjO
-PLwkfOZiyuG9fae9V2UL5P4l7bZpENwoGka9AR3Ql7XhmDvAN2TWPZTuC+H1KK4LVr9xiyMp
-QY6GxUtSe9hxqx+KFaY7g1rXWAFRxkxB2X/YQWdyoijfYIOpnsh7/FNzcln1k3oXdg7O9+Vc
-2QtVNKKqW7VqVOcTylfsl230XgYvRYtY1CMWkuQWbihjWTDfUAGcY4kan9sXlIJwN8MknppH
-1lrKTqhpiXIfkWzbfp4brccfc90sTxll/X+TQBAu0vDtPJ4uKD5pJjPFewIDAQABo2MwYTAP
-BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTauy6qsAy4iCZRdFxtA9PA2I961jAfBgNVHSME
-GDAWgBTauy6qsAy4iCZRdFxtA9PA2I961jAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEF
-BQADggIBADF45se137iUQMlxxKg17EYdwoXzKFiGsAv8jrI5j0RVq2SEXGmp0Jo4PPrlHzXl
-ROOAeZRopLvEnz3hNM0wRotUK5Wl7/c/mYT9NebPMcbcar+n1yMI4Zhew1oIdqmmr3cvt2C9
-REZq75f/c5XBjuiT+/0xt+xXERFFmzDxGog5wU88pwDVx/yrbYAicKUM4F0EKQL7y6CR0XzW
-w35Q1Z1YvkE467l1PBXZm8lKg1nA2lP9M7s2GJuFDxXd7i2sdpO52QGNSBCo+/U4hvHbCsa9
-hKMjQd7Wd2+F1IUcUOCuUYq6jT524rnKJ/Jfn+9uWQ0G2CsXpNJ8a7tfFBpIjxpM57NHHI5M
-RSsg7kjf590Jjhio2kCNkiYRU2FzXeu958RNKTdh66w5LWcuFtb1AIOFocx/dsR95LdLZu8D
-RWBptgxSlpKEXqajtaQ+K9nM2BtHqvJE2k/5A+jwFMs/84Pe0MFU47foCjdNiyBZAzAZoSzI
-vREf367JSsXzJ2Zmhqxokf/Z5lMcD4tcaWUKJsgeNMNdUXvXqZwGoTbd1YmUvNnkLQxeCWwI
-l3yjPXyT/z+hFKfPtV3r29scxHbfiLm9RQWVG678RmpMr0jjzq4P0n7r5mycT4FqemSsuz7V
-58t2LsWnSMFckA/LyD/65jLhjRtvpOaO2PkpSIrOc/4sAAAAAgAaZGlnaWNlcnRnbG9iYWxy
-b290ZzMgW2pka10AAAFWwkkPcwAFWC41MDkAAAJDMIICPzCCAcWgAwIBAgIQBVVWvPJepDU1
-w6QP1atFcjAKBggqhkjOPQQDAzBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
-SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9i
-YWwgUm9vdCBHMzAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYT
-AlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x
-IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYFK4EEACID
-YgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FGfp4tn+6OYwwX7Adw
-9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPOZ9wj/wMco+I+o0IwQDAPBgNV
-HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNp
-Yim8S8YwCgYIKoZIzj0EAwMDaAAwZQIxAK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj
-+Z4y3maTD/HMsQmP3Wyr+mt/oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqp
-isXRAL34VOKa5Vt8sycXAAAAAgAcZGV1dHNjaGV0ZWxla29tcm9vdGNhMiBbamRrXQAAAVbC
-SSebAAVYLjUwOQAAA6MwggOfMIICh6ADAgECAgEmMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNV
-BAYTAkRFMRwwGgYDVQQKExNEZXV0c2NoZSBUZWxla29tIEFHMR8wHQYDVQQLExZULVRlbGVT
-ZWMgVHJ1c3QgQ2VudGVyMSMwIQYDVQQDExpEZXV0c2NoZSBUZWxla29tIFJvb3QgQ0EgMjAe
-Fw05OTA3MDkxMjExMDBaFw0xOTA3MDkyMzU5MDBaMHExCzAJBgNVBAYTAkRFMRwwGgYDVQQK
-ExNEZXV0c2NoZSBUZWxla29tIEFHMR8wHQYDVQQLExZULVRlbGVTZWMgVHJ1c3QgQ2VudGVy
-MSMwIQYDVQQDExpEZXV0c2NoZSBUZWxla29tIFJvb3QgQ0EgMjCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAKsLozXgiykUsRSFrzwQ5DlvNV1Krt3qYY2VSfRvZKMaYGakqUAi
-hNnUpeV4kw5oAa25TVw6ztO4qEJA38+juoJZapIbrBya2ggrJSf5aSNH8eDrLHqb9RMC0H40
-fMKePABZq/XaDPUyPCusUNrWw96DlMqoDJkyDghIVltq+9rhWFgBSV9yQTwVBgGOXa2quJO0
-zZ7rp+hqLVI02zrvXHVR2tvzMfnucZgyxFQVRAz5m1Xtrd8YCKCjhopJ7lMFjxlM1d5YeZvS
-ahxCq8XVp89oD5bk4WGYdmHIkXzWPgDikVCH4Z0K5q2X0h3GOn3LvNoDNNWOWwH1age3FrZu
-Sn8CAwEAAaNCMEAwHQYDVR0OBBYEFDHDeRu69VPXF+CJei0XbAqzK50zMA8GA1UdEwQIMAYB
-Af8CAQUwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCUZFmtOWTnKesT/lrD
-ixNXyAQk8HR3wGDjZ/vpiaaDv5aCfG7Uwz3vnoBuuym0mHqxO1TrORdHfhqOC/wfMVkxBLLO
-F/Msx2I2VeIi2IlVtJhIqmT61hw22ER4WlojOleX9XowT66fakxLK46gA+M+4KnU0nvSs6ji
-cjytnv+AWeSbRbT2O7DNORmYMuXqIWGQ5DEhjjSx9y81SoUQ2ueKNyG+WWPg8oWIMVPUVBSF
-cHn0LgZ3J3UvH7iK+f7Futg25IPs52W3v2Na80avgZQ31EGM1iPWHs/1aBtEY6Jauqc1WaHl
-cAWbDiNXmZQKbbo5YyiGkvMYhNj70c8FVmRXAAAAAgAWZW50cnVzdHJvb3RjYWVjMSBbamRr
-XQAAAVbCSWH7AAVYLjUwOQAAAv0wggL5MIICgKADAgECAg0Apot5KQAAAABQ0JH5MAoGCCqG
+/u3+7QAAAAIAAACBAAAAAgAXZGlnaWNlcnRhc3N1cmVkaWRyb290Y2EAAAF8EFmtSAAFWC41
+MDkAAAO7MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGln
+aWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYx
+MTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGln
+aUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2Vy
+dCBBc3N1cmVkIElEIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt
+DhXO5EOAXLGH87dg+XESpa7cJpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qP
+kKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5
+a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4
+VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/AUaG9ih5
+yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMBAAGjYzBhMA4GA1Ud
+DwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF66Kv9JLLgjEtUYunpyGd
+823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkqhkiG9w0BAQUFAAOC
+AQEAog683+Lt8ONyc3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lF
+WJc1aRqoR+pWxnmrEthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJ
+Kusm7Xi+fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5Q
+Z7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8gAAAAIAFWFuZnNl
+Y3VyZXNlcnZlcnJvb3RjYQAAAXwQWa1IAAVYLjUwOQAABfMwggXvMIID16ADAgECAggN0+O8
+bPlrsTANBgkqhkiG9w0BAQsFADCBhDESMBAGA1UEBRMJRzYzMjg3NTEwMQswCQYDVQQGEwJF
+UzEnMCUGA1UEChMeQU5GIEF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uMRQwEgYDVQQLEwtB
+TkYgQ0EgUmFpejEiMCAGA1UEAxMZQU5GIFNlY3VyZSBTZXJ2ZXIgUm9vdCBDQTAeFw0xOTA5
+MDQxMDAwMzhaFw0zOTA4MzAxMDAwMzhaMIGEMRIwEAYDVQQFEwlHNjMyODc1MTAxCzAJBgNV
+BAYTAkVTMScwJQYDVQQKEx5BTkYgQXV0b3JpZGFkIGRlIENlcnRpZmljYWNpb24xFDASBgNV
+BAsTC0FORiBDQSBSYWl6MSIwIAYDVQQDExlBTkYgU2VjdXJlIFNlcnZlciBSb290IENBMIIC
+IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2+trK+ZkVJWCkKNypBkBnZwLgV9zSbqn
+rPMETnuWC+wR4FumHM4b0g2DHCu4nh1+RTJgDwfpd1h+n2rIYU62JsFMjf9M7zSyH2XYuXj1
+ralxue9PWB2l3nQgl6HtaEzekhdLvKv/ZZqe+0fZV3LzCaGudkQTbpwtRDm8+cc7pFg9Qb20
+wkmjyA3Sly8HZVIAp27Ir2js9BSWtlcfVsM5nytt5PM+9jVk2gwcoYRLL0tL4iwknW2TQOu1
+I44yym9F06iJex7PHvpbQ4vNzagPasoMXrmeR4/w2bYKC1hlFzO5I+R3GX3LSi6Se08vEHex
+jS9onGLM4FD47JGnVExXCdV2Y8XoZR7ubWrPCZ36fE+tYAj9VpkPFSx7qYCrjGGPSgd2Qt49
+9N2yJDNbuLWjRMmsf3c8HSPsgqmm4sgGTAL+rFyZmQsvEIqm9H/Vh3QNWUlF9vBxXDkp1r9K
+I4v1XwFj0odzKLVLCvX4q4IsfnMlMh0LYwoXgQD/tnZe57SxQMohu9WAUeVIUmcs0mGJBw0P
+zkJ3wERznERQoNsQCi2VHIGv5BzlFB7xNkEBAi99c6feQsxM6YkNVvefkdQDxmzJj9vYHOBA
+mF1mmZiAbi3/AcXOy0YfrALGQ+auooQ8xU4ePW3JFEzjLkG7yjm/NjwqGapBh06lzksyed2Q
+SX8CAwEAAaNjMGEwHwYDVR0jBBgwFoAUnF/QbGOjX5PKk5gIrYyHpSxcwTcwHQYDVR0OBBYE
+FJxf0Gxjo1+TypOYCK2Mh6UsXME3MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/
+MA0GCSqGSIb3DQEBCwUAA4ICAQBOHrmKxqCYP27DacBqXElSrMsrXXg4wdVUhJ+T8IcZPSxm
+iesNQvzM8HWFP4v0gF155RdnvTWC4vI8jn1bNstagAAp8s4rLPGPqm0Fk2xyx1br31AjKOVF
+ED3oZ6OvDlUPkAli70tZovZT8cA15C/BJL15L04gIjv9GiCwpA4scO10P7gTlQZRyOiHJsqk
+W2oWIZLdc2CeEBjePIHq6BjDfInyi1A+vRHiFQOoNn0zAWxIFdeIkJkExczmB/S89JDtE+Lq
+i8OPozMPwSlME07aFVZxc3KCUPaaM3yisagaNHRlXM7R66tT4BqA2Oo6SeQmMJvlHIqoqRUy
+hpmSChAjVhLg9s5M4ru+242ScwFmL2I+snInRTbtTVbjl5n/OjU+pVRKUllLYNvu/ngRf0rc
+FHlgtmtkA9sVg+GivvYjl1DwCTM2p3GWJfO5Qn3bOD8sWKzoQuEO2NM7TC6C6YMuazHZ3UeG
+T22XkS5P4ihxNRbR8nP+JSsHRyRjJ8j49tlr/BIxVgjAU0KvnNAzfvwG8DFEAxTxWOryag2p
+EbKDvsUavwfqWdyjiDXvnHYyPE0GIs4V5d2e2I/a3tLEOeUXgc84R+t/iG1ZG9+fQhSufs+o
+sGZl2jevn6o96ii23tUxWBaCW+q7GXUCcxrKSBohk5AKjpOEp307IxiSiaCNrAAAAAIAFWFm
+ZmlybXRydXN0Y29tbWVyY2lhbAAAAXwQWa1IAAVYLjUwOQAAA1AwggNMMIICNKADAgECAgh3
+dwYnJqmxfDANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJVUzEUMBIGA1UECgwLQWZmaXJt
+VHJ1c3QxHzAdBgNVBAMMFkFmZmlybVRydXN0IENvbW1lcmNpYWwwHhcNMTAwMTI5MTQwNjA2
+WhcNMzAxMjMxMTQwNjA2WjBEMQswCQYDVQQGEwJVUzEUMBIGA1UECgwLQWZmaXJtVHJ1c3Qx
+HzAdBgNVBAMMFkFmZmlybVRydXN0IENvbW1lcmNpYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQD2G09nByuhFfUGIssfAbLjc0UGREksu0klFNbOw7erLE/GQTKUV/oSp1sO
+4o8fHoYZp6q1LblfDYrCr4U1eTItuxxiN/KxW0o9ys1xX+lCvpToyN75IkhkxuWrxittrQXw
++tULz5rl8FCkiztHpSNbenr4Mz+475mX4yDB1iiJz5T7uUXt40AXEdR08Asx4ismaptMV66s
+ID66RXoF872baRWufU4gY8Q1djoHAsk3/cdH7ujxdh1zFfKXpLXIennZQqorf1z+ziZPo2aB
+Na9EulQeHDAyZZ3mPJNeUE564zrUbswa+/nSN64kKqtXAyIoDUl1f7co2nW/juPcDnkxAgMB
+AAGjQjBAMB0GA1UdDgQWBBSdk8ZTi17Krz+fHg/lmZW8JPaUjzAPBgNVHRMBAf8EBTADAQH/
+MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAWKz0BA7NwA3/Cv3UuhZfKb17
+aJlYSdK0HTdNfyd9RgZdQ8aGLj5zsiZ9T5OptsQqmqshlxSx3ozTq4kV2Gsk1PEWrtikXNR/
+UY7tGAGxk2O9vPhhgJqesc5CcOKpfQYlfSeh/m/ssx4k2uNLVRoAOzW0O9nXXTD9gROJ8sIG
+K+1nxI7JQ7JcaxWJArxi/E7ytTOqsm/TCqJQ4/Y76C5EwttmOKkzVkjxbRszjQ2MP2A3ndPK
+bX40fg2fcnaLG59y/VI1QUUCli8csppzSSGxSUdFR7TvajQRyU2azFm31gKeWk5ltZSuG98p
+sBbxvwCeBzoXZLUEtSMhmQqVO5d87wAAAAIALHRydXN0d2F2ZWdsb2JhbGVjY3AyNTZjZXJ0
+aWZpY2F0aW9uYXV0aG9yaXR5AAABfBBZrUgABVguNTA5AAACZDCCAmAwggIHoAMCAQICDA1q
+Xwg/KFw+UZXfXTAKBggqhkjOPQQDAjCBkTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCElsbGlu
+b2lzMRAwDgYDVQQHEwdDaGljYWdvMSEwHwYDVQQKExhUcnVzdHdhdmUgSG9sZGluZ3MsIElu
+Yy4xOjA4BgNVBAMTMVRydXN0d2F2ZSBHbG9iYWwgRUNDIFAyNTYgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwHhcNMTcwODIzMTkzNTEwWhcNNDIwODIzMTkzNTEwWjCBkTELMAkGA1UEBhMC
+VVMxETAPBgNVBAgTCElsbGlub2lzMRAwDgYDVQQHEwdDaGljYWdvMSEwHwYDVQQKExhUcnVz
+dHdhdmUgSG9sZGluZ3MsIEluYy4xOjA4BgNVBAMTMVRydXN0d2F2ZSBHbG9iYWwgRUNDIFAy
+NTYgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR+
++2zmI+NzMgjKYOZTnLp0jRiweJBSgN04wEod0ajMk6SXBjjKDRVixo4BKmWdqt80kS6BweQz
+kjHE/Qk6pj+to0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0O
+BBYEFKNBBqyQbdFK63WlShCZs7Ghi0r3MAoGCCqGSM49BAMCA0cAMEQCIAfmVNoOoFqyrhGf
+h8W2/2neJb74oLcI80TOKt8IIQw3AiAtJgOgBb1r0fZc+GXMhm2znDRIY4QJxY13GuLMnOF0
+ewAAAAIAGXQtdGVsZXNlY2dsb2JhbHJvb3RjbGFzczMAAAF8EFmtSAAFWC41MDkAAAPHMIID
+wzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM
+IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVt
+cyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMw
+HhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNV
+BAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lz
+dGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNz
+IDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4
+t/zN8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyT
+PWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMz
+VNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNz
+kQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIx
+O0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsF
+AAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp
+4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3
+wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT91Q+
+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuImle9eiPZaGzPIm
+NC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4pTpPDpFQUWwAAAAIAGXQt
+dGVsZXNlY2dsb2JhbHJvb3RjbGFzczIAAAF8EFmtSAAFWC41MDkAAAPHMIIDwzCCAqugAwIB
+AgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVt
+cyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD
+ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAx
+MTA0MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz
+dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVz
+dCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nz
+HoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTN
+uUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzp
+esVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfF
+mPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14
+np+GPgNeGYtEotXHAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
+MB0GA1UdDgQWBBS/WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOi
+YQsfdOhyNsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC
+uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVwIEoHNN/q
+/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6g1XqfMIpiRvpb7PO
+4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN9noHV8cigwUtPJslJj0Ys6lD
+fMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6FuwgAAAAIAH2NvbW9kb2VjY2Nl
+cnRpZmljYXRpb25hdXRob3JpdHkAAAF8EFmtSAAFWC41MDkAAAKNMIICiTCCAg+gAwIBAgIQ
+H0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
+EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RP
+IENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkwHhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZ
+BgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
+Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlIL
+Bs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8v
+CVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUfflMRId5nT
+eTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA
+7wNbeqy3eApyt4jf/7VGFAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8
+SaczepBGR7NjfRObTrdvGDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdYAAAACABRzd2lz
+c3NpZ25zaWx2ZXJjYS1nMgAAAXwQWa1IAAVYLjUwOQAABcEwggW9MIIDpaADAgECAghPG9Qv
+VLsvSzANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWdu
+IEFHMSEwHwYDVQQDExhTd2lzc1NpZ24gU2lsdmVyIENBIC0gRzIwHhcNMDYxMDI1MDgzMjQ2
+WhcNMzYxMDI1MDgzMjQ2WjBHMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFH
+MSEwHwYDVQQDExhTd2lzc1NpZ24gU2lsdmVyIENBIC0gRzIwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQDE8Yd/03gx9zjJ+MOZQ7zH97w3505xukuPpXMdXG6YrgNXrjg3Qy8X
+PR/IzmgQwXiuGQMrEPoseYP26LlouVXyBESnOfn8BIse8aJNJ/lhe7q35aITtuthPtBs0eb7
++l7tHbSeoDVboZLL8EmS/oUKBT7m2QviT7vclTf8kekyNSLRHzpOJ4WdsBWUMtphDUdNYEKu
+kkfog1pQWOmKi7ldodzdmUofNme7SOSDtjfrSDqvD2ePFwfoBMrvajGH1MC2+ZRxe2dkuLaR
+SkJ7ZS4wagz1kO6V5vLNguzZoUrs9rJL5UWF5m14kwQunIJtNqnEMWQfhoMLKvQ1CnjJVc9B
+sEfpMJ+ZvmGoBoS5KHpfONkbqTiwg39zwcM7SCqCDyGbuMyoNcOEG4OzPr6klWkBOokAeATZ
+yfSZGatWfluLhjkVkaQQLAkygGCzk8AqthgLnX6NSfIQSn/51UYvGZKjmacmrLuMPOYOvEcH
+3HNR8XBkLwj5tEcdMGxE6ik3hZJoZryDOP57OS7TUPAf+15gtqmm+idB8ZsYcvL1hHRKyWfE
+VK5IZN+M0W6wHeEHjwgemZxx6UzYpfdHEh900VGehvPCoiNAC3PbS6bncwaMwaDpwVmsRvrm
+L/jPcZxGbbnEFY04eQNFSO/EXdcI7oc5IoayDQ9YQ/dxqUgu/erWHwIDAQABo4GsMIGpMA4G
+A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQXoM3B5EG2Ols7y0Wd
+vRzCmPqGWDAfBgNVHSMEGDAWgBQXoM3B5EG2Ols7y0WdvRzCmPqGWDBGBgNVHSAEPzA9MDsG
+CWCFdAFZAQMBATAuMCwGCCsGAQUFBwIBFiBodHRwOi8vcmVwb3NpdG9yeS5zd2lzc3NpZ24u
+Y29tLzANBgkqhkiG9w0BAQUFAAOCAgEAc8aB4CfSLQ/glTDimkF/UCxfX2JhqYZqaRgMdEnW
+XYTqQVIYb1itUFYgasa9KGlYkdyRETWpOh28GqVgntgff0WRadl+u3hywQYPKs6PhXBhrKDN
+C7g5KVaEMk6Guz3EKtnXH3Lu/lGhIkGxcQJjGoKwYqteVxIf38vddaDAXXmQjBvgUObeMf6Y
+e3BfpZDYrfgCtm/TYN1ASyLFPa06ep8aGkeReTO6gtwyaQOWbh9L8HH+42dyoLG/XIvk+pki
+x4S5G40jlz/tJeDPZbv1YQTv3R6yWkEiWqGfXSzoW8ltqQwMeKpgxlaPAVoMaLxpGXnEH36X
+Bb/F6SRRXtTVS1Pt2SNaNgNlo8EDrUEw80YbhZCvZbXVseQWW3h1HZd6bVmpKo973sOHiRCZ
+SXN4yD29UTV0KtXxfmkbKrs7vSW4mlo9cmGQZofuDNZN1BF0C2r+CwP8o1VXif5Ky65bFwXI
+8o0jMVM40i1qP4K5jQhq915BdG7DEX4HrClgkT84ylcQDb0wL8el5kGg2q4Fh5qgpGVsTAkM
+ibq407nAk4ow+o3lmmsVAU5nqtpiVj6ECGbSxDZ9pz4Q/Ijg1IDlAL2q804Go3pq+WJy4wlP
+65sOASPxn7t83NxsEZclsvK0YxTSBipnjIP1zuoH2JpqHuzkCrsqTOsJYDnOymLYLm4AAAAC
+AA1jYWRpc2lncm9vdHIyAAABfBBZrUgABVguNTA5AAAFbTCCBWkwggNRoAMCAQICCQCSuIjb
+sIrBYzANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJTSzETMBEGA1UEBxMKQnJhdGlzbGF2
+YTETMBEGA1UEChMKRGlzaWcgYS5zLjEZMBcGA1UEAxMQQ0EgRGlzaWcgUm9vdCBSMjAeFw0x
+MjA3MTkwOTE1MzBaFw00MjA3MTkwOTE1MzBaMFIxCzAJBgNVBAYTAlNLMRMwEQYDVQQHEwpC
+cmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNpZyBSb290
+IFIyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoqPEAAnWhV0tbRT2wsNznjXC
+cVV+gfurRlDgwXxJeOareVg82v98HJ/YlwJ4PmtBBOlBvb4DLEX2L2TUq12jRz1km+lomsbM
+Gz+6vrKLNAIumFUZ/Ixvql/aTM5NAyGj2NI0k1aWy0wMABY8XxrNyMdspq3TMae86OXhZtbS
++wO0QWXJEK4OBWPGgGppMP3S7pDvDSffn5Vz9OEl2mwW3kE4NOqL/NHoBBRhLUF+rMd3TstR
+VPtekhgbBFpoxsnE+rcToJi3ESu31lfMfJ4X0csl/oZOJC5WDHhNngESpiunAWVufGIdhITf
+6sBrtaUqlYPDUxEMcx0LskaQ0UI6zkBula3/xpStbpeEjn1vnoqADUltc+J7kh7D88Hz6y4F
+b9kbzzd2BMi0WuQXp8vddh/QGXboLAWz1pw02JbcYYeRBeRECDPB2rkIZdSusjYN67o4ugzl
+m57rjWbdmc/WiUH2BJKKKSltazoc53V9AnEO88DnvcsZ3Z1gssJmYLaxBO7J5oa5mmZAqOcR
+7YFFA4v2Z1nowQYRvd3PgAJPZUB4XEdQyJvmH4F75ESoW4Wa4t5a1cf5OkRmS+QyVHzkbJyz
+Dj0XorI0EtZ+sqhJu9F6KEC+ohYf3+Q3HxFz+5AKZUOiDXz4BgFVM32wDbj09a6lQld8NhGM
+e17EA52MeZ0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
+VR0OBBYEFLWZ+K+wlPXjINYKrc5OVqQubkLtMA0GCSqGSIb3DQEBCwUAA4ICAQAmBl5w52Uz
+yIJu2ZwXOht6ZrIB9ng7aV4v6v9O+SjDmCphTLQkEop9bREU95y1yua8nieOTBnIqb16wNc2
+Dm2Fcm6oxqJt9vpzY3+8bnkIHJ2KnxqKU6bYu9k1VbERxakDs1Y7uYSTIl5+wfYSUovqLGe8
+/jZM9bjP0bNJkjvTKQ6ZG5b3Ybg7xCu2eGy0I2/w/dOyXnUfmZWorPba4cUxe/vRRrPSvGe0
+YlS6CfdjsJOimvnpUi6LYBKr/PVgVu8QXIvEGkLcg1tkDsu1vNZPwXw8bo0Tbft76zDQ3E2v
+xdW2pUxbccnoMb7oOAZIoRri6tLeEjlYGv+ADoJ15rfJB2wO7/848ZhxxLd/DhXQJWm9Ip0r
+7QX2Rkes7cDw1Dvi7O6WW5ATTh5WOuuw75a7liMRuvJDhnRklcgodd8dNbrSN4M4Uzg2O89s
+6flrDtD7BOhPd9dlAXiGDHo+IWLxf2NxDMmfRNuoJ6J1vm6BPtfA6xuYD3BcNLKKzMCFGOtu
+erP3WqEHv6lCkvNgIpfkFKEHm052wI59/aQlx0ft/x9zrMzDpelvCo6bZcJQhbWjoFMSzFWH
+YfOBrhBGYb1EIbjCPXTPfiQ1+hwHDps9IsrvMS+MrBK970Ao/Clnn7ITT2YkxFMZ6R4pFe/m
+bbB/LWf982wbdUaj5UoX6aTXCwAAAAIADXNlY3VyZXRydXN0Y2EAAAF8EFmtSAAFWC41MDkA
+AAO8MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBIMQsw
+CQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNVBAMT
+DlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5T
+ZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2
+FI7CT8rU4niVWJxB4Q2ZQCQXOZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjG
+nx29vo6pQT64lO0pGtSO0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLI
+XgGZbf2IzIaowW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2
+pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS8kvN
+U3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjATBgkrBgEEAYI3
+FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUQjK2
+FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2NybC5zZWN1cmV0
+cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEB
+ADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh
+/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fii
+u1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvn
+ZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR3ItH
+uuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jEAAAACAAlhY2N2cmFp
+ejEAAAF8EFmtSAAFWC41MDkAAAfXMIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcN
+AQEFBQAwQjESMBAGA1UEAwwJQUNDVlJBSVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQK
+DARBQ0NWMQswCQYDVQQGEwJFUzAeFw0xMTA1MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIx
+EjAQBgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwHUEtJQUNDVjENMAsGA1UECgwEQUNDVjEL
+MAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCbqau/YUqXry+X
+Zpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gMjmoYHtiP2Ra8EEg2XPBjs5Ba
+XCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWoG2ioPej0RGy9ocLLA76MPhMAhN9K
+SMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpAlHPrzg5XPAOBOp0KoVdDaaxXbXmQeOW1tDvY
+vEyNKKGno6e6Ak4l0Squ7a4DIrhrIA8wKFSVf+DuzgpmndFALW4ir50awQUZ0m/A8p/4e7MC
+QvtQqR0tkw8jq8bBD5L/0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDGWuzndN9w
+rqODJerWx5eHk6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs78yM2
+x/474KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMOm3WR
+5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpacXpkatcnYGMN
+285J9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPluUsXQA+xtrn13k/c4LOs
+OxFwYIRKQ26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYIKwYBBQUHAQEEcTBvMEwGCCsGAQUF
+BzAChkBodHRwOi8vd3d3LmFjY3YuZXMvZmlsZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRv
+cy9yYWl6YWNjdjEuY3J0MB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1Ud
+DgQWBBTSh7Tj3zcnk1X2VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaA
+FNKHtOPfNyeTVfZW6oHlNsyMHj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCC
+ASIGCCsGAQUFBwICMIIBFB6CARAAQQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUAcgB0
+AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBhAO0AegAgAGQAZQAgAGwAYQAgAEEAQwBDAFYAIAAo
+AEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUAYwBuAG8AbABvAGcA7QBhACAAeQAgAEMAZQBy
+AHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBjAHQAcgDzAG4AaQBjAGEALAAgAEMASQBG
+ACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAAQwBQAFMAIABlAG4AIABoAHQAdABwADoALwAv
+AHcAdwB3AC4AYQBjAGMAdgAuAGUAczAwBggrBgEFBQcCARYkaHR0cDovL3d3dy5hY2N2LmVz
+L2xlZ2lzbGFjaW9uX2MuaHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly93d3cuYWNjdi5l
+cy9maWxlYWRtaW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2MV9kZXIuY3JsMA4G
+A1UdDwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZIhvcNAQEFBQAD
+ggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdpD70ER9m+27Up
+2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gUJyCpZET/LtZ1qmxNYEAZ
+SUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+mAM/EKXMRNt6GGT6d7hmKG9Ww7Y49
+nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepDvV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt
+3OAJTS+xJlsndQAJxGJ3KQhfnlmstn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4n
+Qeit2hW3sCPdK6jT2iWH7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBg
+vgW1m54ERL5hI6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG
+7szAh1xA2syVP1XgNce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xFd3+Y
+J5oyXSrjhO7FmGYvliAd3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2HpPVWQxaZLPSk
+VrQ0uGE3ycJYgBugl6H8WY3pEfbRD0tVNEYqi4Y7AAAAAgAhZW50cnVzdHJvb3RjZXJ0aWZp
+Y2F0aW9uYXV0aG9yaXR5AAABfBBZrUgABVguNTA5AAAElTCCBJEwggN5oAMCAQICBEVrUFQw
+DQYJKoZIhvcNAQEFBQAwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMu
+MTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZl
+cmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1
+c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcyMDIzNDJaFw0yNjEx
+MjcyMDUzNDJaMIGwMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjE5MDcG
+A1UECxMwd3d3LmVudHJ1c3QubmV0L0NQUyBpcyBpbmNvcnBvcmF0ZWQgYnkgcmVmZXJlbmNl
+MR8wHQYDVQQLExYoYykgMjAwNiBFbnRydXN0LCBJbmMuMS0wKwYDVQQDEyRFbnRydXN0IFJv
+b3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC2lbZDQvrGbSpvSN+UTDlXBe7DeRFBaDbt7P6aAY+hOCj89xBGZi5NHhqxGk7G0cCV
+iLDJ/zGLMwPbt4N7PiCEXu2yViin+OC5QHE3xctHDpcqaMAilWIV20fZ9dAr/4JLya0+3kzb
+kIBQPwmKhADsMAo9GM37/SpZmiOVFyxFnh9uQ3ltDFyY/kinxSNHXF79bucetPZoRdGGg1ui
+io2x4ymA/iVxiK2+vI+sUpZLqlGN5BMxGehOTZ/brLNq1bw5VHHKenp/kN19HYDZgbtZJsIR
+/uaT4veA5GX7NDcOKYBwTa84hi6ef1evnheu6xzLKCFfthzY56IEIvnT2tjLAgMBAAGjgbAw
+ga0wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wKwYDVR0QBCQwIoAPMjAwNjEx
+MjcyMDIzNDJagQ8yMDI2MTEyNzIwNTM0MlowHwYDVR0jBBgwFoAUaJDkZ6SmU4DHhmak8fdL
+Q/uEvW0wHQYDVR0OBBYEFGiQ5GekplOAx4ZmpPH3S0P7hL1tMB0GCSqGSIb2fQdBAAQQMA4b
+CFY3LjE6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEAk9QwsNcDICrQ+WPokQwFIKlfGcp7
+ck7UsdvQlvtUWhksDAj3sryFqJ1/bTtSsyrb59SEjGP2D8smAZFQbPRfFOKTdMATnjA6UOO0
+YMUc8CJEjXFHrMgayembmgBgE/9wfl8RTUkbsxVSe8lU2r+dla9rmtie6fHkQ43iEUQ6v6+9
+g0JzUouqu6cpz/VkHApN0byqrJ8q0P9/f9p96rHtMCXBhNo00lt4g1bsnDbDJuIR9mdJHZKr
+jPvr/3ruhUqnUIDwp1xKlC5fBZk8UkHgzbRjzwFDupyD3I9gO/NatLR7rtoLkDh174EdZtL3
+V3A2s7/8KK9xJYVbE/4ef1q0PAAAAAIAHGlkZW50cnVzdHB1YmxpY3NlY3RvcnJvb3RjYTEA
+AAF8EFmtSAAFWC41MDkAAAVqMIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkq
+hkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQD
+EyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN
+MzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYD
+VQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7ekosMSqMjbCpwzFrqHd2hCa2
+rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGyRBb06tD6Hi9e28tzQa68ALBKK0CyrOE7
+S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlSbdsHyo+1W/CD80/HLaXIrcuVIKQxKFdYWuSNG5qr
+ng0M8gozOSI5Cpcu81N3uURF/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3LvdYDaBjMb
+XcjaY8ZNzaxmMc3R3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZZoY+rfGw
+yj4GD3vwEUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFnol57plzy
+9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9VGxyhLrXH
+Fub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ2fjXctscvG29ZV/v
+iDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsVWaFHVCkugyhfHMKiq3IXAAaO
+ReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gDW/3FKqD2cyOEEBsB5wIDAQABo0IwQDAO
+BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFr
+lJPrw6PRFKMwDQYJKoZIhvcNAQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnY
+Wv6IAcVYpZmxI1Qjt2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa
+5hV+rVHVDRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9
+TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8GlwmEKYBh
+Hfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwWmhlQBJqymm9li1Jf
+PFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4DfWN88uieW4oA0beOY02QnrEh+
+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5+bl53B/N66+rDt0b20XkeucC4pVd/Gnw
+U2lhlXV5C15V5jgclKlZM57IcXR5f1GJtshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nz
+fxJoCTFx8G34Tkf71oXuxVhAGaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCd
+Uyt/q4/i6jC8UDfv8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c
+AAAAAgAkZW50cnVzdC5uZXRwcmVtaXVtMjA0OHNlY3VyZXNlcnZlcmNhAAABfBBZrUgABVgu
+NTA5AAAELjCCBCowggMSoAMCAQICBDhj3vgwDQYJKoZIhvcNAQEFBQAwgbQxFDASBgNVBAoT
+C0VudHJ1c3QubmV0MUAwPgYDVQQLFDd3d3cuZW50cnVzdC5uZXQvQ1BTXzIwNDggaW5jb3Jw
+LiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5l
+dCBMaW1pdGVkMTMwMQYDVQQDEypFbnRydXN0Lm5ldCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eSAoMjA0OCkwHhcNOTkxMjI0MTc1MDUxWhcNMjkwNzI0MTQxNTEyWjCBtDEUMBIGA1UEChML
+RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBpbmNvcnAu
+IGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0
+IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+ICgyMDQ4KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK1NS6kShrLqoyAHFRZk
+KitL0b8LSk2O7YB2pWe3eEDAc0LIaMDbUyvdXrh2mDWTixqdfBM6Dh9btx7P5SQUHrGBqY19
+uMxrSwPxAgzcq6VAJAB/dJShnQgps4gL9Yd3nVXN5MN+12pkq4UUhpVblzJQbz3IumYM4/y9
+uEnBdolJGf3AqL2Jo2cvxp+8cRlguC3pLMmQdmZ7lOKveNZlU1081pyyzykD+S+kULLUSM4F
+MlWK/bJkTA7kmAd123/fuQhVYIUwKfl7SKRphuM1Px6GXXp6Fb3vAI4VIlQXAJAmk7wOSWiR
+v/hH052VQsEOTd9vJs/DGCFiZkNw1tXAB+ECAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8G
+A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFXkgdERgL7YibkIozH5oSQJFrlwMA0GCSqGSIb3
+DQEBBQUAA4IBAQA7m49WmzDnU5l8enmnTZfXGZWQ+wYfyjN8RmOPlmYk+kAbISfK5nJz8k/+
+MZn9yAxMaFPGgIITmPq2rdpdPfHObvYVEZSCDO4/la8Rqw/XL94fA49XLB7Ju5oaRJXrGE+m
+H819VxAvmwQJWoS1btgdOuHWntFseV55HBTF49BMkztlPO3fPb6m5ZUaw7UZw71eW7v/I+9o
+GcsSkydcAy1vMNAethqs3lr30aqoJ6b+eYHEeZkzV7oSsKngQmyTylbe/m2ECwiLfo3q15gh
+xvPnPHkvXpzRTBWN4ewiN8yaQwuX3ICQjbNnm29ICBVWz7/xK3xemnbpWZDFfIM1EWVRAAAA
+AgAOc2VjdXJlZ2xvYmFsY2EAAAF8EFmtSAAFWC41MDkAAAPAMIIDvDCCAqSgAwIBAgIQB1Yi
+pOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMX
+U2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcN
+MDYxMTA3MTk0MjI4WhcNMjkxMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMX
+U2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ
+iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa/FHtaMbQ
+bqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJjnIFHovdRIWCQtBJ
+wB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnIHmX5k/Wq8VLcmZg9pYYaDDUz
++kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgb
+EplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0wgZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P
+BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmk
+MDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3Js
+MBAGCSsGAQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L
+URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXOH0jOZvQ8
+QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9MmI50mD1hp/Ed+stCN
+i5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbYiNE6KTCEztI5gGIbqMdXSbxq
+VVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xcf8LDmBxrThaA63p4ZUWiABqvDA1VZDRI
+uJK58bRQKfJPIx/abKwfROHdI3hRW8cWAAAAAgAgbmV0bG9ja2FyYW55KGNsYXNzZ29sZClm
+dGFuc3R2bnkAAAF8EFmtSAAFWC41MDkAAAQZMIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqG
+SIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoM
+DE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZp
+Y2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkg
+RsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCBpzEL
+MAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRMb2NrIEtmdC4x
+NzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
+cykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6c8OtdHbD
+oW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBF
+HjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw
+/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaae
+VtAkH3B5r9s5VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8f
+xmRGILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr
++UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEEMA4G
+A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2MU9+D15YwDQYJKoZIhvcN
+AQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2Ik
+gYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY
+0fsFskZ1FSNqb4VjMIDw1Z4fKRzCbLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+
+pRVjodSVh/GeufOJ8z2FuLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aUL
+NmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7EAAAAC
+ABN0ZWxpYXNvbmVyYXJvb3RjYXYxAAABfBBZrUgABVguNTA5AAAFPDCCBTgwggMgoAMCAQIC
+EQCVvhag9y5G8Xs5gnL6i82WMA0GCSqGSIb3DQEBBQUAMDcxFDASBgNVBAoMC1RlbGlhU29u
+ZXJhMR8wHQYDVQQDDBZUZWxpYVNvbmVyYSBSb290IENBIHYxMB4XDTA3MTAxODEyMDA1MFoX
+DTMyMTAxODEyMDA1MFowNzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlh
+U29uZXJhIFJvb3QgQ0EgdjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDCvusn
+8CGj82kmVX6dxVUWkVz97yG/U4B6LdKRjGMx8Owk8MOl0nJ8EG30N7fl5nx56oy1gouuSLas
+ANxldewqTV/Bh/UgZSuBqEc+iSOVMBaQf+hXB0jnGa6/RWexNxsGKv7e+ax9g/teuuSPl2e+
+S46NZAdXOFVpNDY9E0jvT+LTZh6kzxq3XjYz1LQGvRgB/XeEUABF9Yxd6CO8fv414e1Qe6kw
+jRnTCY5oZ12/PJcYU7spYsXKXnLBx5bU2y2gtB9pA+zq4lDxDDzwrPNTLfAc9e1sOTlzgBbI
+UrAjzeA+3N08R6C7NYrimGiLvuW/cu7S+qXtEu38mBipJnbcKEsQIBzTfxZ3Le1vgPdJu1MF
+u11ox9TIdRY/iVqL9xdH1Ezx0ol5Pk09mKhh3joe0vheA+DByRyM041N05U2szdfY2ObMxTw
+LSZrU3yJjDLCbuw9IQA5yaFo4lCDLrA6K/M2oKwv5G9hwlEJOT6LU7m7Z9rcU7l2WTadQ+Ug
+4D0yYIUiUbfHM7vdFS+keKYHe4FGNgSG3Xk1x5UsO7CjFzXlcx+0XFnv2uoQZXt60H+fs7Qq
+Nztwi5tbuSu37LJREpdTKVrU8BIQ3E8CuxKSL2LUP2lDfA3W/Fh1AYidWBZL3rqQ/0cBiQZq
+9l+ykGqzAqYCiL+zR34q2dX6aHg1TQIDAQABoz8wPTAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud
+DwQEAwIBBjAdBgNVHQ4EFgQU8I9ZOACz9Y+algzV6/p7qhfoExIwDQYJKoZIhvcNAQEFBQAD
+ggIBAL7kXGJOJPQMCP/w0wxo5JNJIj9EJ2+7bd6DZs6ozA389ZoG5XcUkeudQXuZKoTl//wh
+wV3w5B9Xt3WpoV8CJv/Xx/dO3k/49xxGwHpPQCwiNfAZsdBrZyywqODAQDc19oRcXOOvQnj+
+p8kNUOoNhHb2Ue+DU8Z6/w5WSS6PetYM5idU400KYHJizZEH1qW/yJlr7cQZ5qtMETjFbzHi
+bknIP3aAJgMmKeA29vYgU+MXcDQXnWNoHmvsw02GuBMwL11GDUdD1RuqWQ65XI0GSK10h1/H
+/DFUQRPixyEOnuAeDeHAe0OFkMWKWMZlCnhX8sYjDwHZIEveD/uShXUqXHONbXslkcruRa4G
+SwDM07FZUNo6iDspQ0ZelytUzlNvjUrnlvq/cQ5Ci3z9KKDQSMraxIFMu6JzkybI6wzWJoi2
+wCTPu71b63V96QiOhjMseXcJaaWJ/LNwkId2j9Miu0LOvXMLICYq0Js9cB4kbM2HdqkXlrfP
+DZL7jhipmEnRnv5gRHIhuRntwvUx8TlIiJAkdVQWrc70+GkUZDn7o7i6cEDHJxy/xFZT+mNl
+0PMcDhb1a4ZYTRjU5A2OpZ1bkdx2JFA/xir72bectdbm0NnoGYsVcUitt+rYWYjUkL8Ws9np
+rFlhVMgcusrByuG5IEyPOpOJpaDMv9P2daR1lm1WAAAAAgA0YXV0b3JpZGFkZGVjZXJ0aWZp
+Y2FjaW9uZmlybWFwcm9mZXNpb25hbGNpZmE2MjYzNDA2OAAAAXwQWa1IAAVYLjUwOQAABhgw
+ggYUMIID/KADAgECAghT7Dvu+7JIXzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJFUzFC
+MEAGA1UEAww5QXV0b3JpZGFkIGRlIENlcnRpZmljYWNpb24gRmlybWFwcm9mZXNpb25hbCBD
+SUYgQTYyNjM0MDY4MB4XDTA5MDUyMDA4MzgxNVoXDTMwMTIzMTA4MzgxNVowUTELMAkGA1UE
+BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVz
+aW9uYWwgQ0lGIEE2MjYzNDA2ODCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMqW
+a47q+PvxojXgf0za4MNS1322EMgCXrNDKsRParLKHF0omngRGmlZV6+1IELkiw/m31umA5Iv
+9RHkYtcycTjZBAxxqz1Rfg8H32MFXOm/lG/BKYLAtNpRsME8u603SlzK8Us2DiSrv8OEd/2o
+UPSx58Yv0i1ZjXoKTpZpUgKqNpjs/PoUgww3H8mSN3/XgS3lxLngPjT+Z/Q+ZtHT9EDPXmI0
+D3AGPiAYWs73chslbJN0FJOjc7EOqocQI1lfIAUZR+1ojpISyl381iuykjwgz+FfryC+oHZ/
+duXsGoZhMz7ne7Q/oA+Oorlqb7mHJm9BbIimUP1qYwv1kxYbGY+y7ZubyZD1AQzfGT0PPjgj
+yS+PDNEC/htV1k7QjTyvT6Tz/q8q0wWdeQihy1cxtJzIkLJn9BgWkzr8R9jReJYxH7orDF9d
+ma1jiVokIHbY3/2rTqYiqp1e5ieKfWgpo+eKuNoRuxctmZ0TJEb3xeLYn45/x490bVqy6HL1
+rO4kEK0vFNr/LZpGcUe+Qt+7Adv0f9MojzFZW9PJAqa0Uspul/tDxQgmb4r0u/2fKKoN1UXz
+Ezod2MB4j0FnPB6UZK57C8Xo2QGIORqXhmRB1TuHDG76D8a9SBS/OU3UnkG2j5YdY5aT2ZUG
+eDFonjcGO4CJRWE5I8cbRKMV5Rz4kjC7AgMBAAGjge8wgewwEgYDVR0TAQH/BAgwBgEB/wIB
+ATAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFGXN66s1HgA+ftV0wBy0c0cOGmQvMIGmBgNV
+HSAEgZ4wgZswgZgGBFUdIAAwgY8wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuZmlybWFwcm9m
+ZXNpb25hbC5jb20vY3BzMFwGCCsGAQUFBwICMFAeTgBQAGEAcwBlAG8AIABkAGUAIABsAGEA
+IABCAG8AbgBhAG4AbwB2AGEAIAA0ADcAIABCAGEAcgBjAGUAbABvAG4AYQAgADAAOAAwADEA
+NzANBgkqhkiG9w0BAQUFAAOCAgEAF32g+bTdxcXrrUsktaECq92liEqyD1VLK1eMO+Ux3f7E
+MvHnW2SWNjIY7KUyd9fjRLbAESqAuT1qbnyb0638w9aj5mQpfNHhOB6CK/8nZa/7FhXELnGE
+5bX/+qRHvWQyu/YlhKInQvUgsMITEBHNEBW6QpAq0kThlibrMUgS/SrayQbPdB6pS9WHKPl5
+NJI+LkTo9o9PjzU/JbM53GMqkGsgX8RSEk6XLCqsnZfeSPKjZtvC0oOVpmanniUP6QszkWUK
+WsPZVBLdr8NODh8mXg3cs43s1YFw3tJPJAXzbE71TElmjdH/0gslQUj+UYTGQq+ABM/QfmRJ
+5PLfouyxTMAqHee0sWWixLzxmPSqcAdjtLjaO0z6QCIwWxGm8AUOxgIDSKuGm4Xd293qonaA
+c331nATERY3nuRyLnurXddFysd51ROdCfeJXa33cmbw9gyjqgJONxUxlwXCBuDj8QzGy9gM0
+R7Ks+yIGyx7dF0ccX2a50xqi2hGxpLwjyeS+h/+5lLb4XSBK1F/nvWh7ZfIVHtI6qS3p2Gsk
+rJdYREetWRjxIWVw3s40YKhA8fM8pMMoI4z+JzNDQKAXPOvqO7BypqO5SkteFkj0srzIjJLF
+nZ+scja8NIA0a6mLksC4F+3sdlP1JAGMsyLoS3xVxp36oxS7ZYVubk8Sfgo8nZUAAAACAA5h
+Y3JhaXpmbm10LXJjbQAAAXwQWa1IAAVYLjUwOQAABYcwggWDMIIDa6ADAgECAg9dk40wZzbI
+Bh0ax1SEaQcwDQYJKoZIhvcNAQELBQAwOzELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQt
+UkNNMRkwFwYDVQQLDBBBQyBSQUlaIEZOTVQtUkNNMB4XDTA4MTAyOTE1NTk1NloXDTMwMDEw
+MTAwMDAwMFowOzELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQtUkNNMRkwFwYDVQQLDBBB
+QyBSQUlaIEZOTVQtUkNNMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAunGAekyG
+bn/IE23Axn0cAJePLAwjuxCaQKkat4eI+JtWavvme46Lko6nJV1ZEds2LrdRFx+pCB8EFyRY
+qjdKGN/lOdRX/dfBLJEBkeIi1APAWPx3R+yPPnRDuqw0jU04dmeOsMhvMDNYcVy09Wtu1AFQ
+uBN+bEqjSdEgGe68wCkYZafe/u/dCpAh5xpnkkIQmF9PMLw+HEW0ENdoQBTAQPrndxd65guP
+ZVs82ZpS27W9nkbPPeuRBQLAlrJ2TE0QljuS+px/D5nfviM1RR4CXP61qJuZJdpe8yLDOfXk
+Ki7Txh/EbKrFHGoBBUov0sXBqDQmXWal0gIh+Ri3BvVOmW+oq0xR6M9QGMV3yDkJLEmSMpmo
+uxcXebBaxeajxFllRzWDXqnoNQuZu+TNIMabSgY5tWj8IrruVYwrTurzseP8tpma1UL6cU0I
+z4ceanF9+dO06aVxgXvCTkeWpfZ2haMoj+mAboFTpW1fuEj5wvk2pi5J/7iWwowHs5uIWPzr
+GxzeLXDil5IwoYnjvFWoJ9ZL7ZCti/pjJVktqDXdypczvOXNx53R7O9eDkqQBiZjrbnZNS0H
+unZlLKxXj330B5TXgQKWXaMHSdV60Ff5G+dTRnWqsHlCy2hxCOlgvTlpzvSvw1ZAx61Sognk
+b4ZHih/rKCddgyCvBMlsVpqLRvUCAwEAAaOBgzCBgDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBBjAdBgNVHQ4EFgQU933F/cTomht3ZKf1HaDMv4dgmm0wPgYDVR0gBDcwNTAz
+BgRVHSAAMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cuY2VydC5mbm10LmVzL2RwY3MvMA0G
+CSqGSIb3DQEBCwUAA4ICAQAHkErf8yNO8MOcUWWbnCKiigyF83Mpa03+AeKpDGMBvwRnpZ2Y
+X/0BE/rsmmLphv62YtJuTJT7wHVFfGUM+LI3z6wPz41v+Rn3j+we8nCe8Mq477f/djd2W/Zu
+iPOvYjIikw06ao4UZgwtU3RXZR7Vst0jgTulZiMnZwmP4XeqQ81lUQjtUVj+5jn5y0eEpBXx
+druk7qQ7xF/vsjOWERi3yWW+GOGjpNz6GPnTvBObOXo0utNB+/oyiiq3K4YLaYM4vs2KLgtw
+rY0mku4e9QErCtnWl5tu4KgZHDohiwweQK0D591mfvW5IA0D6Jb5gkXUOeCgAF3XmOZ9nmdz
+w5oq96uLoToU7zS8Ug6JmJoEQIQdfkVpk1fO6874UHxPHG4EQ5v51jsjGOnqjtFNRo3xO+Rq
+yrr7I7eb+pkBKVpYWi3j+dRtDiatwW40vDL4DAX6ZaPbOzeDIunW3HIz/V3yIL12PCPaKPf5
+G+tZZNXcX3J+IPzNibWQZ01iej9OrR3DOf569CgW30H2SIAF1w9ReawQq9TsA2bmarC6MZJC
+QGq+OtNy4Wo3VbysHZW3aWHyQ5F05qDTCiRGoQiv1tpFGZbUUx1bhHnwwPdH74uPxQaunUxi
+nf9GBPjTybYQJUB1/haqyUpghi+67zB35FTiuISZWICqE4tROk9I9ou2swAAAAIAE2dkY2F0
+cnVzdGF1dGhyNXJvb3QAAAF8EFmtSAAFWC41MDkAAAWMMIIFiDCCA3CgAwIBAgIIfQmX/vBH
+6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcg
+Q0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVU
+SCBSNSBST09UMB4XDTE0MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMC
+Q04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQu
+MR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEFAAOC
+Ag8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJjDp6L3TQsAlFR
+wxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBjTnnEt1u9ol2x8kECK62p
+OqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+uKU49tm7srsHwJ5uu4/Ts765/94Y9
+cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEjqcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfm
+iJqwTTQJ9Cy5WmYqsBebnh52nUpmMUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+
+ahsmUPI2JgaQxXABZG12ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7
+ng/Wi64HtloPzgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLM
+c3GkL30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeCjGHe
+uLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoAHQBUlwbgsQfZ
+xw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkCAwEAAaNCMEAwHQYDVR0O
+BBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfgp8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9
+nesLqjJHdtJnJO29fDMylyrHBYZmDRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueB
+ihhXOYV0GkLH6VsTX4/5COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/
+HipzcEYwv1ryL3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR
+8gPfJWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svgIHZ6
+uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io2c9Si1vIY9RC
+PqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV09tL7ECQ8s1uV9JiDnxX
+k7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQXR4EzzffHqhmsYzmIGrv/EhOdJhC
+rylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrqT8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaAp
+JUqlyyvdimYHFngVV3Eb7PVHhPOeMTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0gAAAAIA
+Cml6ZW5wZS5jb20AAAF8EFmtSAAFWC41MDkAAAX1MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/h
+y/WL1xnmfTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBF
+IFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgy
+NzI1WjA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6
+ZW5wZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq
+scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaOxdgmlOHZ
+SOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6HLmYRY2xU+zydcsC8
+Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFXuaOKmMPsOzTFlUFpfnXCPCDF
+YbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQDyCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxT
+OTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieF
+UCbKF7jJeodWLBoBHmy+E60QrLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUb
+Qc/hhqfK0GqfvEyNBjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnv
+mfzAuU8Lhij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB
+QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+HMh3/1ua
+D7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2luZm9AaXplbnBlLmNv
+baSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYgQTAxMzM3MjYwLVJNZXJjLlZp
+dG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBBBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJy
+YW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAxMCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0G
+CSqGSIb3DQEBCwUAA4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHz
+P7MOeIWblaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56
+awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwoJNu0FXWu
+DYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lwLDXWrzY0tM07+DKo
+7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCTVyvehQP5aTfLnnhqBbTFMXiJ
+7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGkLhObNA5me0mrZJfQRsN5nXJQY6aYWwa9
+SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJbUjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQ
+yVB1/OpaFs4R1+7vUIgtYf8/QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy
+2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z
+WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxwAAAAIAGm9pc3Rl
+d2lzZWtleWdsb2JhbHJvb3RnY2NhAAABfBBZrUgABVguNTA5AAACbTCCAmkwggHvoAMCAQIC
+ECEqVgyu2gyrQEW/K6ItOuowCgYIKoZIzj0EAwMwbTELMAkGA1UEBhMCQ0gxEDAOBgNVBAoT
+B1dJU2VLZXkxIjAgBgNVBAsTGU9JU1RFIEZvdW5kYXRpb24gRW5kb3JzZWQxKDAmBgNVBAMT
+H09JU1RFIFdJU2VLZXkgR2xvYmFsIFJvb3QgR0MgQ0EwHhcNMTcwNTA5MDk0ODM0WhcNNDIw
+NTA5MDk1ODMzWjBtMQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZ
+T0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i
+YWwgUm9vdCBHQyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABEzpUMDGD3IYvNjxurOJ4nlK
+oxana1Qk21H/6vQJJMMLIp/LaieCgQ3SwK8x5HSCbsol2Yx1nfHb0JqiSyF+FqdjkNI51LGH
+eF8Ylg9QGzU3D2rG3NkTTaSOkDfmvVsxkaNUMFIwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
+/wQFMAMBAf8wHQYDVR0OBBYEFEiHFKzjw56QYDrXyonu062MtFBmMBAGCSsGAQQBgjcVAQQD
+AgEAMAoGCCqGSM49BAMDA2gAMGUCMCbHaVvc1eey58gMjIzD3XmMG2PVyVKUTk2CSnMesoCE
+qSXATFptSSlgeBPifkjrZAIxANs0IDII/5pJAraI3hSvXWyZcY0aP4vX4KI2hhwHgjp2U/3C
+ou3ve7CAT1gPS1M5vQAAAAIAHWUtdHVncmFjZXJ0aWZpY2F0aW9uYXV0aG9yaXR5AAABfBBZ
+rUgABVguNTA5AAAGTzCCBkswggQzoAMCAQICCGpoPpxRm8tTMA0GCSqGSIb3DQEBCwUAMIGy
+MQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMUAwPgYDVQQKDDdFLVR1xJ9yYSBFQkcg
+QmlsacWfaW0gVGVrbm9sb2ppbGVyaSB2ZSBIaXptZXRsZXJpIEEuxZ4uMSYwJAYDVQQLDB1F
+LVR1Z3JhIFNlcnRpZmlrYXN5b24gTWVya2V6aTEoMCYGA1UEAwwfRS1UdWdyYSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTAeFw0xMzAzMDUxMjA5NDhaFw0yMzAzMDMxMjA5NDhaMIGyMQsw
+CQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMUAwPgYDVQQKDDdFLVR1xJ9yYSBFQkcgQmls
+acWfaW0gVGVrbm9sb2ppbGVyaSB2ZSBIaXptZXRsZXJpIEEuxZ4uMSYwJAYDVQQLDB1FLVR1
+Z3JhIFNlcnRpZmlrYXN5b24gTWVya2V6aTEoMCYGA1UEAwwfRS1UdWdyYSBDZXJ0aWZpY2F0
+aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOL1P5MFUR6F
+YlReegv1GAeDrn6vfPfUimulY0M5uUv3w8ZkiT2ULlSAUjk5B0tL3YUHdofMvy+VTMx9pz28
+Rw+YcPiMhR50jpJtG0DRmQ27dW7IqWuawIQxr8pDy+srNOiPl2sBm9UOSgiqW5J0hUPTgK6h
+iFuus+peyxaad0TIofZUaM7ej5crultAAgxkF8C1k83h8RNmzgx579GRKKtfoBJSMHMZjo/h
+jAeiw7tK8OofFajuJcykRvgbIu+zDkO6LCS4xSxc1Bz4XWS9w5NeKKc/J/GOHtMqUAWjVdnL
+5zlTwJiejFRiiyaw932NfOTGnmZCVYJH57JYjWb3B3wuNuZQHD/bQyTFv4ZHebN5HPda9BPs
+bPg/4lkfle5CPrmtqDKFSZdG/ksxj1rLrXRHH+mRt98oBCKg1A9d4nlP6myFhr2ops7k+sPh
+s67ePFHuyxN8AX+EDl1RlJ4TDLYupUz5OXA2b5bKLgxEVcXK+l0Co9/WZIxaswEKqbUKRxf/
+75FAKo6hRjoxmOUR/My7SVaK/LnQYZpvZWzmw8s+dUn+j6fiicVn151GE04xdjsks54RZYar
+f+8d1Pi856xaXLdaR1xVzlW0InFbWwvwz9ygYWTqqddoCmOn4A0/oK/TqtJ+71Gg5lErVZIV
+F1PLt2YOZkz4+XVMkOcScMdFAgMBAAGjYzBhMB0GA1UdDgQWBBQu49uySdCcVHlc+icq/sxO
+0uhOVDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFC7j27JJ0JxUeVz6Jyr+zE7S6E5U
+MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEABTc69E23ReJFdSSPtndS6BzY
+EJNl8/JZBqQ+HinsXdHQq3zgCpBIeO1OmAOZ/ihgkR0wHbhjfKjmNbX602F25tYHS8ppmrKE
+eneTRRcVnyTQmBMS/7ugLv1OTIf4zlyqmBsF4ABGSoKApTOLKNztONPf5T7p/vtZ3WGET9JU
+lhNhEz6PgGm+k0e1NUPSWrs9XO+zQkfNO1UTBrAJ2/1j9jqICplvfuHOG1NqRGYjUQh7vFtS
+ov0GNzhAYY9KlriQN/hmx3iQABUui61RNVMHqGtorvlOPAcmzQgFcMw5P3a9pdNnJgGGplPS
+YDt8Q39ViryVGsEoOUwfQ9KR9HJZirlW/D+0ndpwnHZajENQ7o4wck3f/0n3xqln2W2sAhHi
+OhYlp1gIy29TQZxIOEdoM9HXx4/UdCHUwwWQev/OloixFSldI6vQYKEST970F80y5cm/yEOt
+/S6O8a/i9Jj6Eh8g2MCnDIXFkPQ7LZYmsSy+TKvrsdKKydt4Ew8eCZ1tjwCfAtrB+h96egnE
+SuaIKpefiYv9N19fOs44WYZLr3ELtNjycE+fMhPjsKdX5draQ8uENPIoxOpt9CrvwWt22vt+
+u4U80lPCTb5x4UXR/SNnDRN1+89lZyKdrrAJ0Qn/HTS//iOXN9I5+j0NBgu02zujq29cHbZ+
+6LOCNO0GXCQAAAACAA9xdW92YWRpc3Jvb3RjYTMAAAF8EFmtSAAFWC41MDkAAAahMIIGnTCC
+BIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1
+b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMzAeFw0wNjExMjQx
+OTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRp
+cyBMaW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDMV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0C
+SzGrvI2RaNggDhoB4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2
+/7FWeUUrH556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd
+8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9CabwvvWhDFlaJ
+Kjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLTmZw67mtaa7ONt9XO
+nMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhebtfZFG4ZM2mnO4SJk8RTVROh
+UXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjcT5EOE7zelaTfi5m+rJsziO+1ga8bxiJT
+yPbH7pcUsMV8eFLI8M5ud2CEpukqdiDtWAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgi
+c6aIDFUhWMXhOp8q3crhkODZc6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUeva
+PwV/izLmE1xr/l9A4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCC
+AZEwDwYDVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG
+CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0aXR1dGVz
+IGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0aWZpY2F0ZSBQb2xp
+Y3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudC4wLQYIKwYBBQUHAgEWIWh0
+dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2NwczALBgNVHQ8EBAMCAQYwHQYDVR0OBBYE
+FPLAE+CCQz777i9nMpY1XNu4ywLQMG4GA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQ
+oUmkRzBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UE
+AxMSUXVvVmFkaXMgUm9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv
+92ZVqyM07ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem
+d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd+LJ2w/w4
+E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B4f/xI4hROJ/yZlZ2
+5w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadNt54CrnMAyNojA+j56hl0YgCU
+yyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6xDYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8n
+by1dqnuH/grdS/yO9SbkbnBCbjPsMZ57k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs
+9ZgC06DYVYoGmRmioHfRMJ6szHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgW
+QgRecCocIdiP4b0jWy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUq
+KLsRixeTmJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK
+4SVhM7JZG+Ju1zdXtg2pEtoAAAACAA9xdW92YWRpc3Jvb3RjYTIAAAF8EFmtSAAFWC41MDkA
+AAW7MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAX
+BgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMjAe
+Fw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQK
+ExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDIwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCaGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXz
+L4GtMh6QRr+jhiYaHv5+HBg6XJxgFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrG
+sxDp3MJGF/hd/aTa/55JWpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/
++NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF
+60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1ksOR
+1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/iUcw6UwxI5g69
+ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIizPtGo/KPaHbDRsSNU30R2
+be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOhD7osFRXql7PSorW+8oyWHhqP
+HWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR
+2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwID
+AQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8
+SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcw
+RTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1
+b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2fBluornFdLwUv
+Z+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzng/iN/Ae42l9NLmeyhP3Z
+RPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/nJrP3MpCYUNQ3cVX2kiF495V5
++vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zs
+l0Q80m/DShcK+JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0u
+RY/W6ZM/57Es3zrWIozchLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gN
+NWQjrLhVoQPRTUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+
+XIWDmbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0ZohEU
+GW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOTHcyKJloJ
+ONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza8eOx79+Rj1QqCyXBJhnE
+UhAFZdWCEOrCMc0uAAAAAgAlZW50cnVzdHJvb3RjZXJ0aWZpY2F0aW9uYXV0aG9yaXR5LWVj
+MQAAAXwQWa1IAAVYLjUwOQAAAv0wggL5MIICgKADAgECAg0Apot5KQAAAABQ0JH5MAoGCCqG
SM49BAMDMIG/MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UE
CxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIg
RW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTMwMQYDVQQDEypFbnRy
qUcHPswgo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
t2PnGt2N6QimVYOk4GpQQWURQkkwCgYIKoZIzj0EAwMDZwAwZAIwYXnY5UJH3xyuU5kXtm8c
feG/EZTRA4h15I2JpIp3Rt5tYe8C9fu138z+Tv/+qeanAjBbmdeFNwa1ewj96yeLSpT54fqn
-jiYI6HySaG1z2G8mrCECuJm3JkFbJWCu0Ega7gYAAAACABRzZWNvbXNjcm9vdGNhMSBbamRr
-XQAAAVbCSXcNAAVYLjUwOQAAA14wggNaMIICQqADAgECAgEAMA0GCSqGSIb3DQEBBQUAMFAx
-CzAJBgNVBAYTAkpQMRgwFgYDVQQKEw9TRUNPTSBUcnVzdC5uZXQxJzAlBgNVBAsTHlNlY3Vy
-aXR5IENvbW11bmljYXRpb24gUm9vdENBMTAeFw0wMzA5MzAwNDIwNDlaFw0yMzA5MzAwNDIw
-NDlaMFAxCzAJBgNVBAYTAkpQMRgwFgYDVQQKEw9TRUNPTSBUcnVzdC5uZXQxJzAlBgNVBAsT
-HlNlY3VyaXR5IENvbW11bmljYXRpb24gUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBALOz/n/TbbHvFnxXpQxtdoovS79k+0zuivDzKXz1/+4q4OnpultkIpqabyw6
-JmlRBZkm3NUcanHGmn0end18bMaMZ2dKPvhxsBknqQkMppW/S4wM+lWYO9joIqFLcTh5rJeS
-abOJfuohaAaYFJaH0mE2vG0nVp5X7sDAVv0yz6TZjsIj142o89glrJfkcDj0tjq0nTuXJkOj
-obxJWXJMIzCHAVj2Tr4caFZmr81BXcizTSpVRqsf2h7iQD3bzX25koCcN90MlmSd3CL3ZIvf
-Yd4VlFIVoH1SyUuoIcnGse3Lw5Vg0Q/wq3D438tNfuzW+qvZvX9U8qXpefrZ1nYkKHMCAwEA
-AaM/MD0wHQYDVR0OBBYEFKBzSZlo3IVbZeObKC9Xn70zvAdIMAsGA1UdDwQEAwIBBjAPBgNV
-HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBoQKmou+RPXXmzBbUXs2AT68aSXeDR
-02r++76bbb/HBW1ZIMQc8LfahFgCY/pIFu9PpQv3SpjyP54brUdrY84IR+tSP3icr02u+NVP
-z5qYKhBBOVLE3dmbDu+TAa6yLspoQiRCbLCzOj7N6dpIxBXL6fkHD5JQSYrdMZdfyek3qjtZ
-ZZeUMsmznz46YljFSa1iDnGlMqovxol2Q0ATE2c9olQlEMvxOvLZ+ttJVrum/qdBNcPgiGHJ
-iMffNhAimFnqsEr7VhZzbqxN9yKhT60dei1FJ+UwwV7y2hPLJUJRlUcDjGwhzHRC7VP/M4uP
-D1cBFi/Ppu7JcCIUvf2+bAsDAAAAAgAUZ2xvYmFsc2lnbnIyY2EgW2pka10AAAFWwkmAowAF
-WC41MDkAAAO+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEg
-MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24x
-EzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1MDgwMDAwWjBM
-MSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2ln
-bjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPLv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe
-+3t+c4isUoh7SqbKSaZeqKeMWhG8eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTos
-vNYSuetZfeLQBoZfXklqtTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnT
-lEnLJGKRILzdC9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpR
-l4pazq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCBmTAO
-BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IHV2ccHsBqBt5Z
-tJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9iYWxzaWduLm5ldC9y
-b290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjANBgkqhkiG9w0B
-AQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4GsJ0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbB
-uOmDAGJFtqkIk7mpM0sYmsL4h4hO291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yi
-PqFbQfXf5WRDLenVOavSot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG7
-9G+dwfCMNYxdAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRu
-JQ/7TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLgAAAAIA
-FGlkZW50cnVzdGRzdHgzIFtqZGtdAAABVsJI1HsABVguNTA5AAADTjCCA0owggIyoAMCAQIC
-EESvsIDWoye6iTA5hi74QGswDQYJKoZIhvcNAQEFBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBT
-aWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0wMDA5MzAy
-MTEyMTlaFw0yMTA5MzAxNDAxMTVaMD8xJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRy
-dXN0IENvLjEXMBUGA1UEAxMORFNUIFJvb3QgQ0EgWDMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQDfr+mXUAiDV7TMYmX2kILsx9MsazDKW+zZw33HQMEYFIvg6DN2SSrjPyFJ
-k6xODq8+SMtl7vzTIQ9l0irZMo+M5fd3sBJ7tZXAiaOpuu1zLnoMBjKDon6KFDDNEaDhKji5
-eQox/VC9gGXft1Fjg8jiiGHqS2GB7FJruaLiSxoon0ijngzaCY4+Fy4e3SDfW8YqiqsuvXCt
-xQsaJZB0csV7aqs01jCJ/+VoE3tUC8jWruxanJIePWSzjMbfv8lBcOwWctUm7DhVOUPQ/P0Y
-XEDxl+vVmpuNHbraJbnG2N/BFQI6q9pu8T4u9VwInDzWg2nkEJsZKrYpV+PlPZuf8AJdAgMB
-AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTEp7Gk
-eyxx+tvhS5B1/8QVYIWJEDANBgkqhkiG9w0BAQUFAAOCAQEAoxosmxcAXKke7ihmNzq/g8c/
-S8MJoJUgXePZWUTSPg0+vYpLoHQfzhCCnHQaHX6YGt3LE0uzIETkkenM/H2l22rl/ub94E7d
-twA6tXBJr/Ll6wLx0QKLGcuUOl5IxBgeWBlfHgJa8Azxsa2p3FmGi27pkfWGyvq5ZjOqWVvO
-4qcWc0fLK8yZsDdIz+NWS/XPDwxyMofG8ES7U3JtQ/UmSJpSZ7dYq/5ndnF42w2iVhQTOSQx
-haKoAlowR+HdUAe8AgmQAOtkY2CbFryIyRLm0n2Ri/k9Mo1ltOl8sVd26sW2KDm/FWUcyPZ3
-lmoKjXcL2JELBI4H2ym2Cu6dgjU1EAAAAAIAEWNvbW9kb2VjY2NhIFtqZGtdAAABVsJKBzwA
-BVguNTA5AAACjTCCAokwggIPoAMCAQICEB9Hr6piAHBQVEwBnptjmSowCgYIKoZIzj0EAwMw
-gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcT
-B1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8g
-RUNDIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA4MDMwNjAwMDAwMFoXDTM4MDExODIz
-NTk1OVowgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
-BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJD
-T01PRE8gRUNDIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MHYwEAYHKoZIzj0CAQYFK4EEACID
-YgAEA0d7L3XJghWF+3XkkRbUq2KZ9T5SCwbOQQB/l+EKJDwdAQTuPdKNCZcM4HXk+vt3iir1
-A2BLNosWIxatCXH0SvQoULT+iBxuP2wvLwlZW6VbCzOZ4sM9iflqLO+y0wbpo0IwQDAdBgNV
-HQ4EFgQUdXGnGUgZvJ2d6kFH35TESHeZ03kwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
-MAMBAf8wCgYIKoZIzj0EAwMDaAAwZQIxAO8DW3qst3gKcreI3/+1RhQJCvqg5n0IxhqHvRio
-c70mymAMnc6Zn89cDzDhvhQx6gIwFPSTPEmnM3qQRkezY30Tm063bxg3gFP+3SDgNZo20ccB
-uebc3fP/HSw6FlfZkjnWAAAAAgAcYmFsdGltb3JlY29kZXNpZ25pbmdjYSBbamRrXQAAAVbC
-STqyAAVYLjUwOQAAA6owggOmMIICjqADAgECAgQCAAC/MA0GCSqGSIb3DQEBBQUAMGcxCzAJ
-BgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxLzAt
-BgNVBAMTJkJhbHRpbW9yZSBDeWJlclRydXN0IENvZGUgU2lnbmluZyBSb290MB4XDTAwMDUx
-NzE0MDEwMFoXDTI1MDUxNzIzNTkwMFowZzELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRp
-bW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEvMC0GA1UEAxMmQmFsdGltb3JlIEN5YmVyVHJ1
-c3QgQ29kZSBTaWduaW5nIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI
-cZoYEo562/ma/EGv2PL0CY6tP/5nNzzaySZQsbE+y+hOcwDystzzxUb7Ce8Yls6n4JyEXSAO
-eqCqNov6KLZ4LrPs6EfzBPCQI7Tqr+VTuAX3R10rhvGnpMY7NbbSDVJB1/SSdeGiClBWh76X
-C3szhRC5KBjuM+pIEddbkUd2ItTuz13nqE4cnZaR3Zy9dAmocmGqsCE68T0sA1YJ0sHcw7XH
-VDer5iaiskZxc8oRiO6852T30BEac0BayEksD7fvkH9ogAQ4CxsPO9T1oLPCjuE0tICZbZ52
-1JIpQLGV0jekZxJ/4GK7rjXFmTaCRLjmeBgzYXGTWy2Nn3iVguttAgMBAAGjWjBYMBMGA1Ud
-JQQMMAoGCCsGAQUFBwMDMB0GA1UdDgQWBBTIQTRcFRUE5UDy0auabySSeodCWjASBgNVHRMB
-Af8ECDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAUnSqlUsi
-jMc9lqT+Xfovtbzr8AvpVjgd0W0Nobxoi/DFgKUkNP3ylhgRhqE29TfnVEDVZB/DX3BCay05
-x55SBc7nanLSjXI/R1CDq8eNJcmw46dTFpWmalPqGJ2PeKl3dxr5tJdHWYgnKLXK4S7XPg6i
-DbgiRAPj0WOwQTqh9aQt93YeBFSZeDJA1yt8TbqmnLB5bge+jOzu1zhpW8EMVmif/uvR4ciI
-+fLNf76FtERnAFA+9CYDZOp3fehePhw3R8jW6qTzNjyXwjlyBZQZJcPXN0EPwR+Hiv2qvumx
-ZFfk25Khz+FJ6DsfkRNaw4/ZJVhJgEcPxgOurOO/t8CqKgAAAAIAE2VudHJ1c3QyMDQ4Y2Eg
-W2pka10AAAFWwknWHgAFWC41MDkAAAQuMIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0B
-AQUFADCBtDEUMBIGA1UEChMLRW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5l
-dC9DUFNfMjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChj
-KSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp
-ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3MjQxNDE1
-MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3LmVudHJ1c3QubmV0
-L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMcKGMp
-IDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQgQ2VydGlm
-aWNhdGlvbiBBdXRob3JpdHkgKDIwNDgpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-AQEArU1LqRKGsuqjIAcVFmQqK0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18
-EzoOH1u3Hs/lJBQesYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSr
-hRSGlVuXMlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT
-XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/HoZdenoV
-ve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH4QIDAQABo0IwQDAO
-BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVeSB0RGAvtiJuQij
-MfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADubj1abMOdTmXx6eadNl9cZlZD7Bh/KM3xG
-Y4+WZiT6QBshJ8rmcnPyT/4xmf3IDExoU8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv
-3h8Dj1csHsm7mhpElesYT6YfzX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89
-vqbllRrDtRnDvV5bu/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBC
-bJPKVt7+bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er
-fF6adulZkMV8gzURZVEAAAACABhhZGR0cnVzdGV4dGVybmFsY2EgW2pka10AAAFWwkm7JgAF
-WC41MDkAAAQ6MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJT
-RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRU
-UCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUz
-MDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRy
-dXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UE
-AxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBALf3GjPm8gAELTngTlvtH7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+Vt
-UFrWlymUWoCwSXrbLpX9uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYape
-FI+eh6FqUNzXmk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+7
-10LXa0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzNE0S3
-ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0WicCAwEAAaOB
-3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYDVR0PBAQDAgEGMA8GA1Ud
-EwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0Jvf6xCZU7wO94CTLVBqhc6RxMG8x
-CzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3Qg
-RXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJv
-b3SCAQEwDQYJKoZIhvcNAQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZl
-j7DYd7usQWxHYINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w
-/Rw56wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvCNr4T
-Dea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEXc4g/VhsxOBi0
-cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5amnkPIAou1Z5jJh5VkpTY
-ghdae9C8x49OhgQAAAACABtnbG9iYWxzaWduZWNjcm9vdGNhcjQgW2pka10AAAFWwkj3UwAF
-WC41MDkAAAHlMIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIw
-UDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpHbG9i
-YWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAz
-MTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQK
-EwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMFkwEwYHKoZIzj0CAQYIKoZIzj0D
-AQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJFspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO
-/8ch5RikqtlxP6jUuc6MHaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
-HQYDVR0OBBYEFFSwe61FuOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGg
-E6bPA7DmxCGXkPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe
-+pTsewv4n4QAAAACABR1c2VydHJ1c3Ryc2FjYSBbamRrXQAAAVbCSfZpAAVYLjUwOQAABeIw
-ggXeMIIDxqADAgECAhAB/W0w/KPKUagbvGQONQMtMA0GCSqGSIb3DQEBDAUAMIGIMQswCQYD
-VQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAc
-BgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IFJTQSBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDAyMDEwMDAwMDBaFw0zODAxMTgyMzU5NTla
-MIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5
-IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRy
-dXN0IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-ADCCAgoCggIBAIASZRc2DsPbCLPQrFcNdu3NJ9NMrVCDYeKqIE0JLWQJ3M6Jn8w9qez2z8Hc
-8dOx1ns3KBErR9o5xrw6GbRfpr19naNjQrZ28qk7K5H44m/Q7BYgkAk+4uh0yRi0kdRiZNt/
-owbxiBhqkCI8vP4T8IcUe/bkH47U5FHGEWdGCFHLhhRUP7wz/n5snP8WnRi9UY41pqdmyHJn
-2yFmsdSbeAPAUDrozPDcvJ5M/q8FljUfV1q3/875PbcstvZU3cjnEjpNrkyKt1yatLcgPcp/
-IjSufjtoZgFE5wFORlObM2D3lL5TN5BzQ/Myw1Pv26r+dE5px2uMYJPexMcM3+EyrsyTO1F4
-lWeL7j1W/gzQaQ8bD/MlJmszbfduR/pzQ+V+DqVmsSl8MoRjVYnEDcGTVDAZE6zTfTen6106
-bDVc20HXEtqpSQvf2ICKCZNijrVmzyWIzYS4sT+kOQ/ZAp7rEkyVfPNrBaleFoPMuGfi6BOd
-zFuC00yz7Vv/3uVzrCM7LQC/NVV0CUnYSVgaf5I25lGSDvMmfRxNF7zJ7EMm0L9BX0CpRET0
-medXh55QH1dUqD79dGMvsVBlCeZYQi5DGky08CVHWfoEHpPUJkZKUIGy3r54t/xnFeHJV4Qe
-D2PW6WK61l9VLupcxigIBCU5uA4rqfJMlxwHPw1S9e3vL4IPAgMBAAGjQjBAMB0GA1UdDgQW
-BBRTeb9aqitKz1SA4dibwJ3ysgNmyzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
-/zANBgkqhkiG9w0BAQwFAAOCAgEAXNR8Dc/3AX1BmWUMc8VSn8v4z5kGfxvaQxWfngJVV5YU
-8VI8J4eUKO0fOgE3onb8U1DAhJvGa066jCFPoo5VYpHzaRXYvIjjxKoL/e+o6UtVKgYgbVV4
-KRnuXzBcSyQRVf8kmm5eKivuC02ff/cBOJQUlUMHCftgqe4cqxKMoJpep5hqWW2LPwj7yNFF
-rxgVZJASD3MoLsXiJE78WOzw9EX+IrPrL47S2UVhBcGXb6h2co+LjDavvw0FznGN5qZvH2ym
-cWLF2NCDcgzxZxGJDJwTTHI037zVcd+qcd3huWyMPBJdZdq9VxK2Q2v/5d5NZhFRz5mu7Be2
-6HGRjN5J/t01caIVJ5Qcz2HjJrtvo2clIV3m3R0LLmgbO4Kv7INnhdSYUXSxuZmAif9/eBlc
-eUpgLpJArkw3KizJx2LIDl33NlvK4CUlAbTdGgecdwA/0NzV7D3U+rs/zIXWb3+pLd+5Avf1
-l5q1NdrDZ7CHSqkoniOO/1wna+GwT/MH7gAu1FmHy1JBler0R9fuZEFVfI1ZApXdYp3Cue5a
-KHSEpZu3kMcMB9/1iTZ0MtYowbCwC+CcTMMc1vzjabVHRoEvooKr02NEcMSN/y0zuq2Pe7Vw
-iK4+Gc9AKNj8yJC7XZki9VLmWMUfiDFD7ogd18aOPENqHacY3n09FvFi+cqQqP0AAAACAB1k
-aWdpY2VydGFzc3VyZWRpZHJvb3RjYSBbamRrXQAAAVbCSMVlAAVYLjUwOQAAA7swggO3MIIC
-n6ADAgECAhAM5+DlF9hG/o/lYPwb8DA5MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYTAlVT
-MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAi
-BgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0z
-MTExMTAwMDAwMDBaMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAX
-BgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQg
-Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0OFc7kQ4BcsYfzt2D5
-cRKlrtwmlIiq9M71IDkoWGAM+IDaqRWVMmE8tbEohIqK3J8KDIMXeo+QrIrneVNcMYQq9g+Y
-MjZ2zN7dPKii72r7IfJSYd+fINcf4rHZ/hhk0hJbX/lYGDW8R82hNvlrf9SwOD7BG8OMM9nY
-Lxj+KA+zp4PWw25EwGE1lhb+WZyLdm3X8aJLDSv/C3LanmDQjpA1xnhVhyChz+VtCshJfDGY
-M2wi6YfQMlqiuhOCEe05F52ZOnKh5vqk2dUXMXWuhX0irj8BRob2KHnIsdrkVxfEfhwOsLSS
-plazvbKX7aqn8LfFqD+VFtD/oZbrCF8Yd08CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8G
-A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEXroq/0ksuCMS1Ri6enIZ3zbcgPMB8GA1UdIwQY
-MBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqGSIb3DQEBBQUAA4IBAQCiDrzf4u3w43Jz
-emSUv/dyZtgy5EJ1Yq6H6/LV2d5Ws5/MzhQouQ2XYFwSTFjk0z2DSUVYlzVpGqhH6lbGeasS
-2GeBhN9/CTyU5rgmLCC9PbMoifdf/yLil4Qf6WXvh+DfwWdJs13rsgkq6ybteL59PyvztyY1
-bV+JAbZJW58BBZurPSXBzLZ/wvFvhsb6ZGjrgS2U60K3+owe3WLxvlBnt2y98/Efaww2BxZ/
-N3ypW2168RJGYIPXJwS+S86XvsNnKmgR34DnDDNmvxMNFG7zfx9jEB76jRslbWyPpbdhAbHS
-oyahEHGdreLD+cOZUbcrBwjOLuZQsqf6CkUvovDyAAAAAgAaZGlnaWNlcnRnbG9iYWxyb290
-ZzIgW2pka10AAAFWwkkSawAFWC41MDkAAAOSMIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSx
-HQn65TANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg
-SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9i
-YWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYT
-AlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x
-IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI2/Ou8jqJkTx65qsGGmvP
-rC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx1x7e/dfgy5SDN67sH0NO3Xss0r0u
-pS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQq2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ
-8zUtluNJbd134/tJS7SsVQepj5WztCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyM
-UNGPHgm+F6HmIcr9g+UQvIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQID
-AQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJU
-IBiV5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY1Yl9
-PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4NeF22d+mQrvH
-RAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NGFdtom/DzMNU+MeKNhJ7j
-itralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ918rGOmaFvE7FBcf6IKshPECBV1/MU
-ReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTepLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0D
-khvld1927jyNxF1WW6LZZm6zNTflMrYAAAACACFhY3RhbGlzYXV0aGVudGljYXRpb25yb290
-Y2EgW2pka10AAAFWwklGyAAFWC41MDkAAAW/MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJ
-KoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpB
-Y3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNh
-dGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UE
-BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUy
-MDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMIICIjANBgkq
-hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNvUTufClrJwkg4CsIcoBh/
-kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx4INRimlNAJZaby/ARH6j
-DuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9
-E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1f
-YVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+loce
-PGX2oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8
-Pu2Fbe8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxeKF+w
-6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4Fv6MGn8i1zeQf
-1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbnfpb2U8WANFAoWPASUHEX
-MLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7jPKxwV2dpAtMK9myGPW1n0sCAwEA
-AaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7YnzezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8w
-HwYDVR0jBBgwFoAUUtiIOsifeGbtifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqG
-SIb3DQEBCwUAA4ICAQALe3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07
-GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a
-2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4VSM0R
-FbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9jpwlCCRT8AKnC
-gHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyXX04fkZT6/iyj2HYauE2y
-OE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo2qN8xcL4dJIEG4aspCJT
-QLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+
-tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZv
-Beyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZ
-VEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlgAAAAIAGWRpZ2ljZXJ0
-YXNzdXJlZGlkZzIgW2pka10AAAFWwkjlOQAFWC41MDkAAAOaMIIDljCCAn6gAwIBAgIQC5Mc
-OtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
-RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdp
-Q2VydCBBc3N1cmVkIElEIFJvb3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAw
-WjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu
-ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSAn61UQbVH
-35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4HteccbiJVMWWXvdMX0h5i
-89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9HpEgjAALAcKxHad3A2m67OeYfc
-gnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lAbx3RvpO704gqu52/clpWcTs/1PPRCv4o
-76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6YuYjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3s
-LPr4/m3wOnyqi+RnlTGNAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
-AgGGMB0GA1UdDgQWBBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEA
-yqVVjOPIQW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I
-0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4GnilmwORGYQ
-RI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9B5yiutkBclzzTcHd
-DrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCvON9vvKO+KSAnq3T/EyJ43pdS
-VR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwoIhNzbM8m9Yop5wAAAAIAF3N3aXNzY29t
-cm9vdGV2Y2EyIFtqZGtdAAABVsJJmWYABVguNTA5AAAF5DCCBeAwggPIoAMCAQICEQDy+mTi
-dGPTjf0QHQQfdspYMA0GCSqGSIb3DQEBCwUAMGcxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhT
-d2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEeMBwGA1UE
-AxMVU3dpc3Njb20gUm9vdCBFViBDQSAyMB4XDTExMDYyNDA5NDUwOFoXDTMxMDYyNTA4NDUw
-OFowZzELMAkGA1UEBhMCY2gxETAPBgNVBAoTCFN3aXNzY29tMSUwIwYDVQQLExxEaWdpdGFs
-IENlcnRpZmljYXRlIFNlcnZpY2VzMR4wHAYDVQQDExVTd2lzc2NvbSBSb290IEVWIENBIDIw
-ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDE9x0vV+pXbPdwXWOwcVIJYEQoM6N6
-Tgr62Opsi1EWGlWuVCbEzEUHQU8QeX9x0npOPzhOswDGlcpbzcEqg9cnHzEOIxa3JcsctLmA
-Ml4anZPx6DxgLKdeVxlYUV68LFYLuNjvi4K0PLjCJKgTx6AhNht6Vykopy6/cSWQ80SDaVCk
-5OEbYhmUCaPzw7zv9L3s2xOdz51ICVJnwDcpER770hGnhRh0eeRPhRTrUjfisUXYzA1Df64T
-0msrP6fC4qhtdltDn760nbMmhjsff+Xy6GYoFiXQS5c4p+TPCdE2wwu+2jtEWI2+8Z4Jaz7z
-Mscrh8bsXpz2h2WtMynEL4nZucvJA537bJRRlxAbhgsaGz/2An571MVRZCid9dOsg4GI03S0
-WZ3B62EzWkXRyznQBmpTYB2v9vtpvGrcAc+9+Y/ZvVvBOl+O2g9LqZudKihrGgp8PKsiC+V3
-LXH2gjWBrvh7gebq/qz0Gpt0XOiPJPZdnUbELNIeKyFqgydnVUqk48gyl2aQctrj1GQuX+Oh
-avZg1Oc1zcrEaI3XccjTJDNzsWz5auEo21/GPei+VeY3G+0k2Q8Zj19jGFhQgVFlb/KffmoE
-5zQkcbp2S1geGb0VYEWqDBJAAZ0Q4sc4B3IKZcC2uyUp2haeizWLYe3lcVeDtTxxn+NPv34e
-gZ9BlwIDAQABo4GGMIGDMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSEEFjAUMBIGB2CFdAFTAgIG
-B2CFdAFTAgIwEgYDVR0TAQH/BAgwBgEB/wIBAzAdBgNVHQ4EFgQURdmlgW49iE2NcdJGwW5F
-HvPEgJ0wHwYDVR0jBBgwFoAURdmlgW49iE2NcdJGwW5FHvPEgJ0wDQYJKoZIhvcNAQELBQAD
-ggIBAJQ6cwafUkswXNT+sVwl+deOb/WHZJ/tFI64BI4oS4+qe445tNlY9nuhNQqhnYr3Y+Xr
-vTmC1ON6LW/fEzy6/n5WmAvzVJ/NRE5uPOE+Fb8GJp3k8JC21MKeMC4f78d6xFDH6nvaUMt6
-JssAtFqrtZMfgImEBJWNjX8Jk7/UqKjkY23ZZOS4KVoIv1DhhA9Ve18IIhv1vZkeFPbO9FgQ
-grMKPRnBv1urqpnY8jG95Thm3FgFx+1jGi4Kl3yHkyuyiuPx7BjldbYph+fcixp+tNjJ04oX
-bH0pRL6KqvV+Oi5oMZO5atqa4NvpLqWEzRwKuEoI+ZzxYSaYk7d7ZuyRXt1RP9tzD60EWAnd
-BAKVCj7Tdt+mEB6APejNpGTRM8eSx+JOROMJyU7CXYcOEp6/D8kFEN56o7E88j+lqid5rTF9
-H/38GWnF3bk/fM3GtMIwHn5uktd/YXZaj+uVTbwRbiF8WTeZ0Aa8+QZtMhal2Wmo4dw8gB5g
-UdzXVCEeymJ3T/rYj7MrOg14csloQVpHSsKj6xrXCqs8MlXIChGc33TW8EAVHci5j7U2xa/4
-IrjKHfPWthkPn2Flaup0yHyPw09dZYIf2Q2J2nVy++/xR2cTs8jRGYgnJpqZeX8e5Cw/e+7x
-3k2LlpfD1T98GyPtpLMdFnJDSyDhWX7C6K0mv6L3AAAAAgAXc3dpc3NzaWduZ29sZGcyY2Eg
-W2pka10AAAFWwknSxwAFWC41MDkAAAW+MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqG
-SIb3DQEBBQUAMEUxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNV
-BAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgz
-MDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT
-d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
-r+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/876LQwB8CJEoTlo8j
-E+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5CjCA12UNNhPqE21Is
-8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCW
-s2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIr
-fKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTy
-sybUa9oEVeXBCsdtMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuend
-jIj3o02yMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y
-FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59je88
-3WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxMgI93e2CaHt+28kge
-DrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYw
-DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0j
-BBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAs
-BggrBgEFBQcCARYgaHR0cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcN
-AQEFBQADggIBACe645R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5
-+OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5
-O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiH
-SycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yvGPUqUfA5hJeVbG4b
-wyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a77KwPJ+HbBIrZXAVUjEaJM9v
-MSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJkvC24JdVUorgG6q2SpCSgwYa1
-ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/G
-lHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8j
-s1WtciVORvnSFu+wZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+AC
-OzB2+httQc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJAAAAAgAVZW50cnVzdHJvb3Rj
-YWcyIFtqZGtdAAABVsJJAHAABVguNTA5AAAEQjCCBD4wggMmoAMCAQICBEpTjCgwDQYJKoZI
-hvcNAQELBQAwgb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYD
-VQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAw
-OSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVu
-dHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMB4XDTA5MDcwNzE3MjU1
-NFoXDTMwMTIwNzE3NTU1NFowgb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJ
+jiYI6HySaG1z2G8mrCECuJm3JkFbJWCu0Ega7gYAAAACABpvaXN0ZXdpc2VrZXlnbG9iYWxy
+b290Z2JjYQAAAXwQWa1IAAVYLjUwOQAAA7kwggO1MIICnaADAgECAhB2sSBSdPCFh0az+CMa
+9sLAMA0GCSqGSIb3DQEBCwUAMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIw
+IAYDVQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNl
+S2V5IEdsb2JhbCBSb290IEdCIENBMB4XDTE0MTIwMTE1MDAzMloXDTM5MTIwMTE1MTAzMVow
+bTELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxIjAgBgNVBAsTGU9JU1RFIEZvdW5k
+YXRpb24gRW5kb3JzZWQxKDAmBgNVBAMTH09JU1RFIFdJU2VLZXkgR2xvYmFsIFJvb3QgR0Ig
+Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYF7ccSiQq1pexyuIe+30475j1
+sjmYTie4EV170iWUiIIVJmobMbuoWyEhK9gPTp9a8bFa5HnWMiMr4VPMmUVce0+tvL+HSgtL
+l1qo9kjsfXsNzSEG354V/UGKSLcg9KF6G1fUXVD/umfYI5kfyD/j3v9vW3exa264yWT34cpB
+Rg4pcdC5I/zJgV9O92/fv4Stc2S7t0KOafbUdh1+nae4V4pRZ3LX1Ki4lVRAcwP26vTr/ihC
+dz+dIxuytj2AFAdMLk/31QoWDb1mQzd+I0N5w0CG9Uwp2o6arQ2lBIeIHoXj6VPVm8iLA2N4
+6+AZSm67L2szZFiTrWm/jxvvgkjHAgMBAAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBQ1D8g2Y17io+z5O2YVzlFS45GaPTAQBgkrBgEEAYI3FQEEAwIB
+ADANBgkqhkiG9w0BAQsFAAOCAQEAQEz7h7KZgZB+ncWwsCbNiHsrMo1uuCFxWJd9rjcUrz7n
+95riffZxmJkEqkN0eKPjSWE+c4xNlOD5ccS2Fg5TeB/WoocvAjmBKTyvFZghMP4okACM0eHL
++l7I/fgQRjuieEKRF3RVCt5QZ01m0af//dnAtaijis5m9Q9DzacrV3tjRmqqLlLY9O3hba0p
+kHhIuuEjqqOJ7LWrlsC0S6Idl5568m5Acd9o8WVNznwF31NlqaXwsZcEcBVGA5jU0r9UtKBY
+fVJv2lYmYtTY24kxbxzwIsLTYhw1zUxpFVQakJje6x5fynfHy449Q2mcmljQJDvfG0CWfjWt
+gcdOcbqIEwAAAAIAJW5hdmVyZ2xvYmFscm9vdGNlcnRpZmljYXRpb25hdXRob3JpdHkAAAF8
+EFmtSAAFWC41MDkAAAWmMIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJ
+KoZIhvcNAQEMBQAwaTELMAkGA1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBM
+QVRGT1JNIENvcnAuMTIwMAYDVQQDDClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTAeFw0xNzA4MTgwODU4NDJaFw0zNzA4MTgyMzU5NTlaMGkxCzAJBgNVBAYT
+AktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVTUyBQTEFURk9STSBDb3JwLjEyMDAGA1UEAwwp
+TkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3
+DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVAiQqrDZBbUGOukJR0F0Vy1ntlWilLp1agS7gv
+QnXp2XskWjFlqxcX0TM62RHcQDaH38dq6SZeWYp34+hInDEW+j6RscrJo+KfziFTowI2MMtS
+AuXaMl3Dxeb57hHHi8lEHoSTGEq0n+USZGnQJoViAbbJAh2+g1G7XNr4rRVqmfeSVPc0W+m/
+6imBEtRTkZazkVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2aacp+yPOiNgSnABI
+qKYPszuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4Yb8ObtoqvC8M
+C3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHfnZ3zVHbOUzoB
+ppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaGYQ5fG8Ir4ozVu53BA0K6
+lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo0es+nPxdGoMuK8u180SdOqcXYZai
+cdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3aCJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv
+8ejyYhbLgGvtPe31HzClrkvJE+2KAQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0Iw
+QDAdBgNVHQ4EFgQU0p+I36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7g
+yKoNqo0hV4/GPnrK21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatjcu3c
+vuzHV+YwIHHW1xDBE1UBjCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm+LUx5vR1yblT
+mXVHIloUFcd4G7ad6Qz4G3bxhYTeodoS76TiEJd6eN4MUZeoIUCLhr0N8F5OSza7OyAfikJW
+4Qsav3vQIkMsRIz75Sq0bBwcupTgE34h5prCy8VCZLQelHsIJchxzIdFV4XTnyliIoNRlwAY
+l3dqmJLJfGBs32x9SuRwTMKeuB330DTHD8z7p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzy
+qkn+Zvjp2DXrDige7kgvOtB5CTh8piKCk5XQA76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmW
+Ncf7I4GOODm4RStDeKLRLBT/DShycpWbXgnbiUSYqqFJu3FS8r/2/yehNq+4tneI3TqkbZs0
+kNwUXTC/t+sX5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oGI/hGoiLtk/bdmuYqh7GYVPEi92tF
+4+KOdh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmgkpzNNIaRkPpkUZ3+/uul9XXe
+ifdyAAAAAgAJZ3Rzcm9vdHI0AAABfBBZrUgABVguNTA5AAACDjCCAgowggGRoAMCAQICEG5H
+qciLlLbouzsq2KKywZkwCgYIKoZIzj0EAwMwRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdv
+b2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFI0MB4XDTE2MDYy
+MjAwMDAwMFoXDTM2MDYyMjAwMDAwMFowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2ds
+ZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFI0MHYwEAYHKoZIzj0C
+AQYFK4EEACIDYgAE83Rzp2iLYK5DuDXFgTB7S0md+8FhzubeRr1r1WEYNa5A3XP3iZEwWus8
+7oV8okB2O6nGuEfYKueSkWpz6bFyOZ8pn6KY019eWIZlD6GEZQbR3IvJx3PIjGov5cSr0R2K
+o0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUgEzW63T/
+STaj1dj8tT7FavCUHYwwCgYIKoZIzj0EAwMDZwAwZAIwalBSdAjEcNyeUHQh6I16IcNPlm4V
+0SI1YS36CDfuGW2t27LMfQc09WAZLLU02W8gAjADcbG6o2ALhu2aCGqVaJ/is+GTZHxek6bf
+eS2NheOUzyNdcczysE3W/pnIlKl1ouMAAAACAAlndHNyb290cjMAAAF8EFmtSAAFWC41MDkA
+AAIQMIICDDCCAZGgAwIBAgIQbkepx2ypcyRAiQ8DVd2NHTAKBggqhkjOPQQDAzBHMQswCQYD
+VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxML
+R1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQG
+EwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RT
+IFJvb3QgUjMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uF
+xh1MJ7x/JlFyb+Kf1qPKzEUURout736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSW
+RQmx1WyRRK2EE46ajA2ADDL24CejQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBTB8Sa6oC2uhYHP0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEA
+gFukfCPAlaUs3L6JbyO5o91lAFJekazInXJ0glMLfalAvWhgxeG4VDvBNhcl2MG9AjEAnjWS
+dIUlUfUk7GRSJFClH9voy8l27OyCbvWFGFPouOOaKaqW04MjyaR7YbPMAuhdAAAAAgAUZGln
+aWNlcnRnbG9iYWxyb290ZzMAAAF8EFmtSAAFWC41MDkAAAJDMIICPzCCAcWgAwIBAgIQBVVW
+vPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGln
+aUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2Vy
+dCBHbG9iYWwgUm9vdCBHMzAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJ
+BgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2Vy
+dC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF
+K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FGfp4tn+6O
+YwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPOZ9wj/wMco+I+o0Iw
+QDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUs9tIpPmhxdiu
+NkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIxAK288mw/EkrRLTnDCgmXc/SINoyIJ7vm
+iI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9O
+jIgrqJqpisXRAL34VOKa5Vt8sycXAAAAAgAJZ3Rzcm9vdHIyAAABfBBZrUgABVguNTA5AAAF
+XjCCBVowggNCoAMCAQICEG5HqcZas+cgxTCaP2hS8m8wDQYJKoZIhvcNAQEMBQAwRzELMAkG
+A1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMT
+C0dUUyBSb290IFIyMB4XDTE2MDYyMjAwMDAwMFoXDTM2MDYyMjAwMDAwMFowRzELMAkGA1UE
+BhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dU
+UyBSb290IFIyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzt79pvvs7BQ0PAcG
+WmxZ9xk13ffBnVWq0807pJNy7wr6bZ328IWAW6FIUp85xbfuKKzvy3ZoFLnfrQFsmR/EIh2f
+/nJ34Cxbr+QEv09yoBo0mOg5aOyVJXt2oeZpuYUZvYmM/q3tNupzvP+D4st9wdLOSrONBZ6L
+SZPfwVvQbl7wLjAugvz6vLQXCkjliJvFm2vesMq0A/Da9JC4ZWT3XEyt6H5mXpnXuMI+yNAT
+na3u5EV7iVX3ih9iUoQSs8JAl+OKH0eRpnRa0vixYygQuLMJuFZ3QKImmHnG/t8l7j7loH/U
+YQ9RSzw/jNrhcHTYwmih+cEM6aHif7tVPHYG7mpOzJKIME2avU8LSJqEtZij1ftzwVdh3ShW
+dROuh47nDFEJEHWITLyN+Xs81CJIHyrc62u7RLHLM3EyRq+tSvGM6HQ6rOcaInOA0jD3JULH
+Ijs7Eq2WLsbDdgeqILc1SVfpkknodhZyMWcrln6Ko8eUViK/akt+ASGyIzLf5JpEbVlbXfUA
+oBybxniXjZD/m8iqtK8RUTle2ftnrdVbEZ0ymhu91bpbpcnLJWlTVSdc4Mo2y4hh+x630Mvu
+FvvTpkzekqXU4t/1BlTeLp1LtJMwqoHO3RrcUXMNT3Dp5bYWIRl5suaJC3VkytWrvAnBGKH/
+1FShhTz9FCQDsofTpLcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
+Af8wHQYDVR0OBBYEFLv/yo4jn0+ZytviaKalFScXHtkOMA0GCSqGSIb3DQEBDAUAA4ICAQC2
+afCmd/6e7guBreHAqcf5NR1AgqvmBLTfy/cdD4PwfhNNjYzu4zMiwzn8QN9uQUtCU74WiPHS
+OF7EaJkcmFKTjOdo7Rtqc3oFQE1/ZTvWWPHOg0dg4/+XqZxgdxhVtX4Ik8/Q9jxnAxVhCfmB
+efXsU6SfyY8Bi3PEd3bcg6L1DEkaqHbekptk+LMsxSfTB8AIgKSYkuMBlgKqAu6PO8XRbQoz
+MHN4uU9UFr8LB6GkXObLyVyEjw/gFXcsfiZ+2sRL26cWdwewzXXockLWlYSdhoPy5JDNCUfU
+iwNw2lrGA0L07Tei8BtQVEsO2ITeGSiZgUeuCRs/SNHDb+KwYBf17iMCpdoAW22Qq+6i6Rs7
+6cdEJ0WOa5/1pIS8d/lrl6w+UUWiEabMhe4KaPI+UDh6JGIeFyA3bWpNtwmbyfykWPW2+5xO
+GLuVAuehrZsH7jZrJNI5hsGTg1DSgUaoX2JXLLtsZIgIbu8TVF/dLcRnY9PPiTe/nSD0+3qD
+m6AegQBQwuQMIllSEO1DVocA+BRSpx2Lk4yiTUZ/J8ZxmyTe5NqGiw1+ayDBwJ7hZdhqo6bo
+hYs6BwgcuvWPVZoYdX7l7IFm0SFzoTVEC4A9W5xebyoXltGDI4hmbeaG4nAyL1Ii58jnf8Qs
+YF0vw6+eRQXDhAK3/SwIUk+C3aPw1IYJAgAAAAIAEnN3aXNzc2lnbmdvbGRjYS1nMgAAAXwQ
+Wa1IAAVYLjUwOQAABb4wggW6MIIDoqADAgECAgkAu0AcQ/VeT7AwDQYJKoZIhvcNAQEFBQAw
+RTELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEfMB0GA1UEAxMWU3dpc3NT
+aWduIEdvbGQgQ0EgLSBHMjAeFw0wNjEwMjUwODMwMzVaFw0zNjEwMjUwODMwMzVaMEUxCzAJ
+BgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBH
+b2xkIENBIC0gRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCv5O5+iyQOEm6p
+UC0WRDuSklzKuF2EkkITKrxlV4JAPlckzVCLJSq3b/zvotDAHwIkShOWjyMT5ihYAKNHxwan
+hCMru72WK39VzIvBVx8OYmUP3T1WinParn5tuoEcfkKMIDXZQ02E+oTbUizzDid3C2u/ES9y
+eJ8u2D7mGDdaKnL52mKQkpXKH5zpszwry/MBE79az8G1CmC93bWZZFO4oJazb+Imd5GM4GIQ
+Ap80D6TVkjNR3r6NuoR6YDxq258r7N7eAT9uTeVQhsu0r+1EQMXKWoza0it8qO6+puUKqg6l
+3wVSt1XHIl0yapeXYxPbydt5NnuFOkrFUon5JOedd6mC/1UcpXFpK9ECJPKzJtRr2gRV5cEK
+x20wN5Aq5J4UM14WF1XFW7XLNImS8Z0mj6EH1MayeFDbDAwLfAuMQde56d2MiPejTbIyzNgX
+2s23zmad1P1e/72XPil1536nYlivJTSlQcc9vA1QygMDDwhaH5VzeGK/r3IUaQ6l5QMOeI4m
+KELwBwtiIBBnOUb6qQPMBDh6Zu8gg7WMSlaOkQD8jlyC3oigw+Jobn2N7zzdZfRdrFHvJICu
+qlaXb/mtfdphP5h3PKWRthyMJtplogltweJU47nKTEyAj3d7YJoe37bySB4Ouk5UbZjg4aIa
+ondQz8RjkuxHGZ3r5mvOwQIDAQABo4GsMIGpMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBRbJXuWpGVRfrg588B4Zl7oOufw7jAfBgNVHSMEGDAWgBRbJXuW
+pGVRfrg588B4Zl7oOufw7jBGBgNVHSAEPzA9MDsGCWCFdAFZAQIBATAuMCwGCCsGAQUFBwIB
+FiBodHRwOi8vcmVwb3NpdG9yeS5zd2lzc3NpZ24uY29tLzANBgkqhkiG9w0BAQUFAAOCAgEA
+J7rjlHzxrsDeF+bl2NX1VLCD9LvNXgV7T591Zq886FZ+/HJ4OAPZK2IbALn46WDNzM5RisdQ
+MW7hSn4YL2lZtj1kgSvjg4TmIoeOfeDuAplhuB70uCuIEhaEwjGTOJYxprk7Uz/DJJNWW2mS
+7MXBuzgA4+wXqbjcx3wBg58yR7pSIjQdMnoJVqd8JTapPUvawIJvCrsSyIdLJxH5Hi3Hkz+e
+218ma1LZLorxFMZEjRWpt7+93qYa7q4t+0h3F/677K8Y9SpR8DmEl5VsbhvDK8R0YHklsAon
+399e0jnPRX1CS9+zLB7Fxl3KVTqgnGmaj9rvsrA8n4dsEitlcBVSMRokz28xI1AfjE+PI8N0
+QWMcVagU3T7gUVDP8RswVg6SsIKF2IPLImS8Lbgl1VSiuAbqrZKkJKDBhrVKE2pHzy4LVpVU
+y86a22q0prLbQQiGJ3f3aqBCbAs4ztd1UDKSwt8rMCJI0NVBOCVdpOldn8aUddBF/TCXQ4+Q
+qwrHhnNgSmkt3qV41wbaap5LPnc6IBMiAdC/aJ5jYGs1TQttuqE9wJPgfyOzVa1yJU5G+dIW
+77BkwQGe6cqgapgOz9hg8i9JuORC4Tg1FvTIbk/3gVbouqO+I6+u/W8D4AI7MHb6G21BzwGx
+6bjJZvTbJvM6pHTySSRbybDQV8H6Pnrhl8kAAAACABVjb21vZG9hYWFzZXJ2aWNlc3Jvb3QA
+AAF8EFmtSAAFWC41MDkAAAQ2MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQsw
+CQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxm
+b3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
+YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEa
+MBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMMGEFBQSBDZXJ0aWZpY2F0ZSBT
+ZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL5AnfRu4ep2hxxNRUSO
+vkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70
+VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5
+YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4
+qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
+ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEKIz6W
+8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0f
+BHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2
+aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNl
+cnZpY2VzLmNybDANBgkqhkiG9w0BAQUFAAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMym
+trwUSWgEdujm7l3sAg9g1o1QGE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHC
+v8S5dIa2LX1rzNLzRt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8
+tqtlbgT2G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
+l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIs
+gtRqAEFQ8TmDn5XpNpaYbgAAAAIAFGRpZ2ljZXJ0Z2xvYmFscm9vdGcyAAABfBBZrUgABVgu
+NTA5AAADkjCCA44wggJ2oAMCAQICEAM68eanEamguyhksR0J+uUwDQYJKoZIhvcNAQELBQAw
+YTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRp
+Z2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xvYmFsIFJvb3QgRzIwHhcNMTMwODAx
+MTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNl
+cnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBH
+bG9iYWwgUm9vdCBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALs3zTTce2vJ
+smiQrUp1/0a6IQoIjfUZVMn7iNvzrvI6iZE8euarBhprz6wt6F4JJES6Ypp+1qOofuBUdSAF
+rFC3nGMabDDc2h8Zsdce3v3X4MuUgzeu7B9DTt17LNK9LqUv5Km4rTrUmaS2JembawBgkmD/
+TyFJGPdnkKthBpyP8rrptOmSMmu181foXRvNjB2rlQSVSfM1LZbjSW3dd+P7SUu0rFUHqY+V
+s7Qju0xtRfD2qbKVMLT9TFWMJ0pXFHyCnc1zktMWSgYMjFDRjx4Jvheh5iHK/YPlELyDpQrE
+Zyj2cxQUPUZ2w4cUiSE0Ta8PRQymSaG6u5zFsTODKYUCAwEAAaNCMEAwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFE4iVCAYlebjbuYP+vq5Eu0GF485MA0G
+CSqGSIb3DQEBCwUAA4IBAQBgZyiUbw5IY+sx3epnGNWJfTzFi0p/6b7bKxffsF9zdyoyEzmB
+Z0KEI/JFZzXsiL/4j7BhDDSkriBMhMbb+DXhdtnfpkK7x0QIhn82dCRa2mwNFFk1vfJJ3bYf
+ybMNRyo9mS+7XLu11CDhmV9TRhXbaJvw8zDVPjHijYSe44ra2pY+NROlX/D5cFBwR0ERVxlO
+wI+uBsSVExcvGyWfdfKxjpmhbxOxQXH+iCrITxAgVdfzFEXl4ET06oeVMpMO/lNG+iyd/4si
+uUvZCUWk3qS4mljdG31Sn45ZQ4iBpJ4m1W+t3Q3GN33tA5Ib5Xdfdu48jcRdVlui2WZuszU3
+5TK2AAAAAgAJZ3Rzcm9vdHIxAAABfBBZrUgABVguNTA5AAAFXjCCBVowggNCoAMCAQICEG5H
+qcVLRwwN7DPQibkc9OEwDQYJKoZIhvcNAQEMBQAwRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoT
+GUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIxMB4XDTE2
+MDYyMjAwMDAwMFoXDTM2MDYyMjAwMDAwMFowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdv
+b2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIxMIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAthECix7joXebO9y/lD63ladAPKH9gvl9MgaCcfb2
+jH/76Nu8ai6Xl6OMS/kr9rH5zoQdsfnFl97vufKj6bwSiV6nqlKr+CMny6SxnGPb15l+8Ape
+62im9MZaRw1NEDPjTrETo8gYbEvs/AmQ351kKSUjB6G00j0uYODP0gmHu81I8E3CwnqIiru6
+z1kZ1q+PsAewnjHxgsHA3y6mbWwZDrXYfiYaRQM9sHmklCitD38m5agI/pboPGiUU+6DOogr
+FZYJsuB6jC511pzrp1Zkj5ZPaK49l8KEj8C8QMALXL32h7M1bKwYUH+E4EzNktMg6TO8Upmv
+MrUpsyUqtEj5cuHKZPfmghCN6J3Cioj6OGaK/GP5Afl4/Xtcd/p2h/rs37EOeZVXtL0m79YB
+0esWCruOC7XFxYpVq9Os6pFLKcwZpDIlTirxZUTQAs6qzkm06p98g7BAe+dDq6dso499iYH6
+TKX/1Y7DzkvgtdizjkXPdsDtQCv9Uw+wp9U7DbGKogPeMa3Md+pvez7W35EiEua++tgy/BBj
+FFFy3l3WFpO9KWgz7zpm7AeKJt8T11dleCfeXkkUAKIAf5qoIbapsZWwpbkNFhHax2xIPEDg
+fg1azVY80ZcFuctL7TlLnMQ/0lUTbiSw1nH69MG6zO0b9f6BQdgAmD06yK56mDcYBZUCAwEA
+AaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOSvKyZx
+GitIJ4UvUmYs7/CJE3E+MA0GCSqGSIb3DQEBDAUAA4ICAQA4lgruPbSWHl/vnZwLM58r4Mr9
+0o4KH0F0pXyqhNTl8h7mN1IynAvRYR2/KMG2RCk1dXeYsnzZvXSsimjjqTEJKQFgc+NHfFOo
+kEon70vXn5PngjbOmmgMgufP1BAWb18OmVz2H3F97+97L37qNtaXcAsV7tdcVmozpeNJOAy4
+ffuNhaSxWV70auHdofZkRK7mUYMhZsYRPvPOR+6cKB8l2v+sZpXdNQ9c7yAsYv2RuqnM/Fqc
+k4GDKZdKfFpytDnQt3fLef1pOpI37W44ZUZ+6WC9eYiXXzgS9O6vW4LIhtXhmW2MBPJ2ukn2
+bultHl+g7yeCdkD4ptNYXA8sQtpCxnuINMfB2EWbwT7FYR3ZY1BJ9jSFauAYxW5Hq0FCKZv2
+YA3SMdNjmCOTWgCBSLTvzYrNyc+Z7tmeqjbhaEtxSRQ2KDo9Hc6ajyXmgHFhK7V7zPklFoHh
+MV+ho34WpJwWapcYvXZypQueHTbmL6EvvnCRD6jm2vjEkkBsJX57swncshetgETwaKWPlHX/
+dFroqAJ8DAniqUsLoIULYrnvoTGS++/2UQSJbOipdKG7F7O1/UkPfDzsgxggQ07Vk7q0NLEf
+FjYfDOZkORZM3OD+HcipYj1A6srFNAK0romIMzXcLBNz2Cfx0HLudTsi3phoZlvxxmNHVRy6
+pQhRdaZIJQAAAAIAC2RzdHJvb3RjYXgzAAABfBBZrUgABVguNTA5AAADTjCCA0owggIyoAMC
+AQICEESvsIDWoye6iTA5hi74QGswDQYJKoZIhvcNAQEFBQAwPzEkMCIGA1UEChMbRGlnaXRh
+bCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0wMDA5
+MzAyMTEyMTlaFw0yMTA5MzAxNDAxMTVaMD8xJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJl
+IFRydXN0IENvLjEXMBUGA1UEAxMORFNUIFJvb3QgQ0EgWDMwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDfr+mXUAiDV7TMYmX2kILsx9MsazDKW+zZw33HQMEYFIvg6DN2SSrj
+PyFJk6xODq8+SMtl7vzTIQ9l0irZMo+M5fd3sBJ7tZXAiaOpuu1zLnoMBjKDon6KFDDNEaDh
+Kji5eQox/VC9gGXft1Fjg8jiiGHqS2GB7FJruaLiSxoon0ijngzaCY4+Fy4e3SDfW8Yqiqsu
+vXCtxQsaJZB0csV7aqs01jCJ/+VoE3tUC8jWruxanJIePWSzjMbfv8lBcOwWctUm7DhVOUPQ
+/P0YXEDxl+vVmpuNHbraJbnG2N/BFQI6q9pu8T4u9VwInDzWg2nkEJsZKrYpV+PlPZuf8AJd
+AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTE
+p7Gkeyxx+tvhS5B1/8QVYIWJEDANBgkqhkiG9w0BAQUFAAOCAQEAoxosmxcAXKke7ihmNzq/
+g8c/S8MJoJUgXePZWUTSPg0+vYpLoHQfzhCCnHQaHX6YGt3LE0uzIETkkenM/H2l22rl/ub9
+4E7dtwA6tXBJr/Ll6wLx0QKLGcuUOl5IxBgeWBlfHgJa8Azxsa2p3FmGi27pkfWGyvq5ZjOq
+WVvO4qcWc0fLK8yZsDdIz+NWS/XPDwxyMofG8ES7U3JtQ/UmSJpSZ7dYq/5ndnF42w2iVhQT
+OSQxhaKoAlowR+HdUAe8AgmQAOtkY2CbFryIyRLm0n2Ri/k9Mo1ltOl8sVd26sW2KDm/FWUc
+yPZ3lmoKjXcL2JELBI4H2ym2Cu6dgjU1EAAAAAIACGNlcnRpZ25hAAABfBBZrUgABVguNTA5
+AAADrDCCA6gwggKQoAMCAQICCQD+3OMBD8lI/zANBgkqhkiG9w0BAQUFADA0MQswCQYDVQQG
+EwJGUjESMBAGA1UECgwJRGhpbXlvdGlzMREwDwYDVQQDDAhDZXJ0aWduYTAeFw0wNzA2Mjkx
+NTEzMDVaFw0yNzA2MjkxNTEzMDVaMDQxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90
+aXMxETAPBgNVBAMMCENlcnRpZ25hMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+yGjxydbWszR1JoIe7LS+6lzhJu0RR2HhonwWeEAh5GCeWshj4cSxlpL/GG1pI+ErYvfd4jYv
+kQe5SM8O7Hm2LOc0S3AIJaM8hxsZ8oEHDziQGdMR/oa08tFeHh6WzYBszjsxk7byoNCplRJ9
+pZrMa8iEVoozqeciFVMW8MwX7Fdf6aIKmAne41+cb9xI44ULFVqmup+sSOMJsvf0Mt5eNL4c
+eF1CW84OIo9NkNd9MhizCyxqv44/FBGJIA53FLU9lAiH9yUe1bJgAOxvKiglbio+GGMXJT8+
+RCAW9ibIJa4FSrTnYyzzjBZTflz7ERoIwUZinyK48cKNadz6OlgG3wIDAQABo4G8MIG5MA8G
+A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBrt/kE5kLQkWb4B8lLVRfZaOdwRMGQGA1UdIwRd
+MFuAFBrt/kE5kLQkWb4B8lLVRfZaOdwRoTikNjA0MQswCQYDVQQGEwJGUjESMBAGA1UECgwJ
+RGhpbXlvdGlzMREwDwYDVQQDDAhDZXJ0aWduYYIJAP7c4wEPyUj/MA4GA1UdDwEB/wQEAwIB
+BjARBglghkgBhvhCAQEEBAMCAAcwDQYJKoZIhvcNAQEFBQADggEBAIUDHpJx9kKv4aNhnuvz
+wA/ypdTalebWvmg2PX5uH0yK79EPIW1epVJjzhL47yrab+s3/hMCx8s7PiJr2mEuf9RyPd0w
+4R5MQBmMD9ec0YMwe5hZ3H3GuQwpTKEzoutnOmWE05bi7XZFcI+1K975I9ZJbjwUtcafNR5Q
+0MGPanBEAmLLrh1oQaeqV+hTqgfSBvbVFAYLkQN1LGxytWGVmg2LuQ3n9d9Uzd7m2NYJCJdj
+5cEusLdEJsAmwK9VMJ471TYqGQT0XB7/zyy3/9D9h0AR1REju0jAIamkKC39FfiwTiv0MFsh
+/BGRNL5B73udl3X/l5XAllgv6rtG17vk2S4AAAACAB1kaWdpY2VydGhpZ2hhc3N1cmFuY2Vl
+dnJvb3RjYQAAAXwQWa1IAAVYLjUwOQAAA8kwggPFMIICraADAgECAhACrFwmagtAm48LefKu
+RiV3MA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
+bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2gg
+QXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBs
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGln
+aWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxszlc+b71LvlLS0ypt/lgT/JzSVJ
+tnEqw9WUNGeiChywX2mmQLHEt7KP0JikqUFZOtPclNY823Q4pErMTSWC90qlUxI47vNJbXGR
+fmO2q6Zfw6SE+E9iUb74xezbOJLjBuUIkQzEKEFV+8taiRV+ceg1v01yCT2+OjhQW3cxG42z
+xyRFmqesbQAUWgS3uhPrUQqYQUEiTmVhh4FBUKZ5XIneGUpX1S7mXRxTLH6YzRoGFqRoc9A0
+BBNcoXHTWnxV215k4TeHMFYE5RG0KYAS8Xk5iKICEXwnZreIt3jyygqoOKsKZMK/Zl2VhMGh
+JR6HXRpQCyASzEG7bgtROLhLywIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/
+BAUwAwEB/zAdBgNVHQ4EFgQUsT7DaQP4v0cB1JgmGggC72NkK8MwHwYDVR0jBBgwFoAUsT7D
+aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQEFBQADggEBABwaBpfc15yfPIhmBghXIdsh
+R/gqZ6q/GDJ2QBBXwYrzetkRZY41+p78RbWe2UwxS7iR6EMsjrN4ztvjU3lx1uUhlAHaVYea
+JGT2imbM3pw3zag0sWmbI8ieeCIrcEPjVUcxYRnvWMWFL04w9qAxFiPI5+JlFjPLvxoboD34
+yl6LMYtgCIktDAZcUrfE+QqY0RVfnxK+fDZjOL1EpH/kJisKxJdpDemM4sAQV7jIdhKRVfJI
+adi8KgJbD0TUIDHb9LpwJl2QYJ68SxcJL7TLHkNoyQcnwdJc9+ohuWgSnDycv578gFybY83s
+R6olJ2egN/MAgn1U16n46S4To3foH0oAAAACACJ1c2VydHJ1c3Ryc2FjZXJ0aWZpY2F0aW9u
+YXV0aG9yaXR5AAABfBBZrUgABVguNTA5AAAF4jCCBd4wggPGoAMCAQICEAH9bTD8o8pRqBu8
+ZA41Ay0wDQYJKoZIhvcNAQEMBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVy
+c2V5MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3
+b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X
+DTEwMDIwMTAwMDAwMFoXDTM4MDExODIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+EwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJU
+UlVTVCBOZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw12
+7c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC
+tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQfjtTkUcYR
+Z0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9X
+Wrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND
+8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND
+5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjN
+hLixP6Q5D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ
+WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMa
+TLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX
+HAc/DVL17e8vgg8CAwEAAaNCMEAwHQYDVR0OBBYEFFN5v1qqK0rPVIDh2JvAnfKyA2bLMA4G
+A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4ICAQBc1HwN
+z/cBfUGZZQxzxVKfy/jPmQZ/G9pDFZ+eAlVXlhTxUjwnh5Qo7R86ATeidvxTUMCEm8ZrTrqM
+IU+ijlVikfNpFdi8iOPEqgv976jpS1UqBiBtVXgpGe5fMFxLJBFV/ySabl4qK+4LTZ9/9wE4
+lBSVQwcJ+2Cp7hyrEoygml6nmGpZbYs/CPvI0UWvGBVkkBIPcyguxeIkTvxY7PD0Rf4is+sv
+jtLZRWEFwZdvqHZyj4uMNq+/DQXOcY3mpm8fbKZxYsXY0INyDPFnEYkMnBNMcjTfvNVx36px
+3eG5bIw8El1l2r1XErZDa//l3k1mEVHPma7sF7bocZGM3kn+3TVxohUnlBzPYeMmu2+jZyUh
+XebdHQsuaBs7gq/sg2eF1JhRdLG5mYCJ/394GVx5SmAukkCuTDcqLMnHYsgOXfc2W8rgJSUB
+tN0aB5x3AD/Q3NXsPdT6uz/MhdZvf6kt37kC9/WXmrU12sNnsIdKqSieI47/XCdr4bBP8wfu
+AC7UWYfLUkGV6vRH1+5kQVV8jVkCld1incK57loodISlm7eQxwwH3/WJNnQy1ijBsLAL4JxM
+wxzW/ONptUdGgS+igqvTY0RwxI3/LTO6rY97tXCIrj4Zz0Ao2PzIkLtdmSL1UuZYxR+IMUPu
+iB3Xxo48Q2odpxjefT0W8WL5ypCo/QAAAAIADmNlcnRzaWducm9vdGNhAAABfBBZrUgABVgu
+NTA5AAADPDCCAzgwggIgoAMCAQICBiAGBRZwAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQG
+EwJSTzERMA8GA1UEChMIY2VydFNJR04xGTAXBgNVBAsTEGNlcnRTSUdOIFJPT1QgQ0EwHhcN
+MDYwNzA0MTcyMDA0WhcNMzEwNzA0MTcyMDA0WjA7MQswCQYDVQQGEwJSTzERMA8GA1UEChMI
+Y2VydFNJR04xGTAXBgNVBAsTEGNlcnRTSUdOIFJPT1QgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC3M7l+yCVKjrXbtCgbqleQ6NEi02S605Po1KyGYUBqYFdoVIRNvGpU
+AgX/35uaKq5dB49Kwyh/7/sr+nnxx63wEFMkkItmyaiIq69aowDpvrpG7ltzeywXgoFeYiyh
+AmWzvcUrAH7E/AMzVw3t4vrOXUXWOM01trLB0JyBSqrksgFcHY9fmcSxrduIIeuQCIKA8zCj
+Q+aQgq5VKEntW9epEDgO/o9MW5tG6kH1sAh0w9CIM7Z813Tf3ITRQw51OaElQCjqeMsOLC45
+nYyLbhYcLyaCEOLjZZQKBMBe911b+BDi0Lp6S/veNwAAGlso49Kccz4yh5ihyVEv196sM7NP
+AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBTg
+jJvbJUmz8XyG1rJChwvQa6DZ5DANBgkqhkiG9w0BAQUFAAOCAQEAPtIciS41/Ph13eZ/ZYj0
+ckzJLNcyTvPdGXlHvY47W5MPUEkkE2sUBnLvCdOhoeNAhMnnGDJ0PEhuD59L1Pce05OGZFSX
+Y3JQ1VXP+iCTAqKbwyOTThZVdqBweW3NIR/PLy28GeOIMfhZGoEJyJemdMdgxFvMV46ydf0b
+AgnbWW9yk2n3MUHWiDi/h7K9Fnn5quS+iCXdYScjHLUxBwQ2tBqQvaB0cVCJbbwU4w+GrvGr
+PsegCcyjSNHg22TnkrXPr3JDcIv5w4Q8E6p+kptXU5P6cMKRDjH5m2dd6ZY4Xl+zc06IFWfe
+nnYQYiC+VWmVQwA5TfbusFpOSURUWF9CgwAAAAIADWFtYXpvbnJvb3RjYTQAAAF8EFmtSAAF
+WC41MDkAAAH2MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQD
+AzA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9v
+dCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMx
+DzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgNDB2MBAGByqGSM49
+AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi9i0b2whxIdIA6GO9mif78DluXeo9
+pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83BkM6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvou
+XKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzpl
+bszh2naaVvuc84ZtV+WBMAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0r
+z2ZVwyzjKKlwCkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRM
+StuW1KyLa2tJElMzrdfkviT8tQp21KW8EAAAAAIAEGNlcnRzaWducm9vdGNhZzIAAAF8EFmt
+SAAFWC41MDkAAAVLMIIFRzCCAy+gAwIBAgIJEQA0tk7GNi02MA0GCSqGSIb3DQEBCwUAMEEx
+CzAJBgNVBAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04g
+Uk9PVCBDQSBHMjAeFw0xNzAyMDYwOTI3MzVaFw00MjAyMDYwOTI3MzVaMEExCzAJBgNVBAYT
+AlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04gUk9PVCBDQSBH
+MjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDFdRmRfUR0dIf+DjuW3NgBFszu
+Y5HnC2/OOwppGnzC46+CjobXXo9X69MhWf05N0IwvlDqtg+piNguLWkh59E3GE59kdUWX2tb
+AMI5Qw02hVK5U2UPHULlj88F0+7cDBrZuIt4ImfkabBoxTzkbFpG583H+u/E7Eu9aqSs/cwo
+Ue+StCmrqzWaTOTECMYmzPhpn+Sc8CnTXPnGFiWeI8MgwT0PPzhAsP6CRDiqWhqKa2NYOLQV
+07YRaXseVO6MGiKscpc/I1mbySKEwQdPzH/iV8oScLumZfNpdWO9lfsbl83kqK/20U6o2Ypx
+JM02PbyWxPFsqa7lzw1uKA2wDrXKUXt4FMMgL3/7FFXhEZn91QqhngLjYl/rNUssuHLoPj1P
+rCy7Lobio3aP5ZMqz6WryFyNSwb/EkaseMsUBzXgqd+L6a8VTxaJW732jcZZroiFDsGJ6x9n
+xUWO/203Nit4ZoORUSs9/1F3dmKh7Gc+PoGD4FapUB8fepmrY7+EF3fxDTvf95xhszWYijqy
+7DwaNz9+j5LP2RIUZNoQAhVB/0/E6xyjyfqZ90bp4RjZsbgyLcsUDFDYg2WD7rlcz8sFWkz6
+GZdr1l0T08JcVLwyc6B49fFtHsufpaafItzRUZ6CeWRgKRM+o/1Pcmqr4tTluCRVLERLiohE
+nMqE0yo7AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1Ud
+DgQWBBSCIS1mxteg4BXrzkwJd8RgnlRuAzANBgkqhkiG9w0BAQsFAAOCAgEAYN4auOfyYILV
+AzOBywaK8SJJ6ejqkX/GM15oGQOGO0MBzwdw5AgeZYWR5hEit/UCI46uuR59H35s5r0l1ZUa
+8gWmr4UCb6741jH/JclKyMeKqdmfS0mbEVeZkkMR3rYzpMzXjWR91M08KCy0mpbqTfXERMQl
+qiCA2ClV9+BB/AYm/7k29UMUA2Z44RGx2iBfRgB4ACGlHgAoYXhvqAEBj500mv/0OJD7uNGz
+cgbJceaBxXntC6Z58hMLnPddDnskk7RI24Zf3lCGeOdA5jGokHZwYa+cNywRtYK3qq4kNFty
+DGkNzVmf9nGvnAvRCjj5BiKDUyUM/FHE5r7iOZULJK2v0ZXkltd0ZGtxTgI8qoXzIKNDOXZb
+bFD+mpwUHmUUihW9o4JFWklWatKcsWMy5WHgUyIOpwpJ6st+H6jiYoD2EEVSmAYY3qXNL3+q
+1Ok+CHLsIwMCPKaq2LxndD0UF/tUSxfj03k9bWtJySgOLnRQvwzZRjoQhsmnP+mg7H/rpXdY
+aXHmgwo38oZJar55CJD2AhZkPuXaTH4MNMn5X7azKFGnpyuqSfqNZSlO42sTp5SjLVFteAxE
+y9/eCG/Oo2Sr05WE1LlSVHJ7liXMvGnjSG4N0MedJ5qq+BOS3R7fY581qRY27Iy4g/Q9iY/N
+tBde17MXQRBdJ3NghVdJIgcAAAACAA1hbWF6b25yb290Y2EzAAABfBBZrUgABVguNTA5AAAB
+ujCCAbYwggFboAMCAQICEwZsn9V0lzZmPzsLmtnonnYD8kowCgYIKoZIzj0EAwIwOTELMAkG
+A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMzAe
+Fw0xNTA1MjYwMDAwMDBaFw00MDA1MjYwMDAwMDBaMDkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQK
+EwZBbWF6b24xGTAXBgNVBAMTEEFtYXpvbiBSb290IENBIDMwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAAQpl6fGQX/ADZvoARtWxvJSpbotshLo0i7X+snF2KptH3OBOzuYazl8M6XFToaO
+gBdoYkVXfURYHbM35WcI62beo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+hjAdBgNVHQ4EFgQUq7bb1waeN6wwhgeRcMecxBmxeMAwCgYIKoZIzj0EAwIDSQAwRgIhAOCF
+kqMXt435Kwalk6wamGhhcvrhodD7HHhgpkOZxbjEAiEAnALv8ZScs5b568Yq+LYs/jqQFBbX
+jGMkSBzfMH3VaDsAAAACAA1hbWF6b25yb290Y2EyAAABfBBZrUgABVguNTA5AAAFRTCCBUEw
+ggMpoAMCAQICEwZsn9KWNYafCg/lhnj4Wya7ijcwDQYJKoZIhvcNAQEMBQAwOTELMAkGA1UE
+BhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMjAeFw0x
+NTA1MjYwMDAwMDBaFw00MDA1MjYwMDAwMDBaMDkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQKEwZB
+bWF6b24xGTAXBgNVBAMTEEFtYXpvbiBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQCtlp8tnEpMSoF5UZnsistrYFETvE1tBvywCI3dGRBqxyYMNdjAbyCE6ZSx
+m4UDw1vbSujI+JB22VtP40zoBjZNzJqsPQyQK5LUBhlgrDdEeYWBgq1aN+ANzJ2mTFJ26kOd
+twTRUPZV4NXSpkmF6Tfpyn6uXJVNSJo/riBabYiV2TS4UhpDkLC/bAW5tni36tDkOjwSU2L/
+SvJ7vjUFqRI04/NkdGIsPQBJWij+MkS7h91lJwJxO9pK9x/azfchVZBPD+yuguGfa9lF07vw
+X4ftPCw5hto/3uxyVet5o63b3XywuhzO/N5PNXbPD/h4H2o2UUYnYVvpns/wolV9fCWKby+0
+xc+ELiv9DVEQbPtfG7wbfsWuO5gBMZL/C1f0mrK5V+mr7w120fDu9M6Gp+Bu6bRpod9p9jPG
+aS6XE56lh7BXEIE3yVOzu3/2ktGc0Bj0km7ag0+mY5lMpfte7yFkeiBfbGSFFcs36WIMCyoW
+3AEuMto+S/WeOvYXQJTvnpEIhvq+Y6haM+zLdEOV+WxpUjbHKW/8VQNcH/ufvUfr50lHlQtO
+iSIJSeD1YR7xvy6Kcm6AWf9XOvl1MqNOX+ztKGLZTXPyzIEXYO3N69zbp8rFfgK98lQIVP20
+LQksF1RKmNFU4VFnCNLtbn5vP9ItgVkpZsuQOZURHnQn/t3rrwIDAQABo0IwQDAPBgNVHRMB
+Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUsAzwTDD0BVgCSP0z5VKvS4Tj
+ZlIwDQYJKoZIhvcNAQEMBQADggIBAKqogI8OeKPgotTN5vWYejvqAAOwlw6TvFqo9iyMcoep
+sfx/c/1jcXilh1nPMOENELITWm2C9WrmgJ+gBQto5Edrx2rftv13MnLlGPoJ9KCTLF3SjHWF
+dmWQDAN5tzEjY614gwmGaITK//nPJpqSeefNS8XnYacXy/OpEpOTa6foL1OSxGBYsMwCURhb
+hY1iWWO2rbTemvsm9wAnwF1VN3SZyVB/41kuROMsJe7sTDJ3tJ8a6UtdIMXa/RyHFsZD6NS7
+JppFcF6pCzdT4kZ7J/3gRvKJt8xCtssoJm7Zpck6yEETYPdQjBWusm0aFRpXeOaSKtllkII/
+bAKvrhI6J5Y2BNcdooBjqZvx5bq0fBSwTsmxH3RfOPZR6pv6LKIR1KktJxpFsa+yTnENwFhG
+1mkGy1PLs/5rQc1Bfn1MD3xyeXpZzV5KDqybqZhzeXy09My5uAcMsnRcuMdviKGQp/Sq+b9n
+OvQaFWIet5++PbEpr2ehEvJYEBlTAzAbuBqJ9py9lwOOownzHYsh8bTf5BzRn2UCBupc1hOz
+hO+ipVyMdymnaMBrrkDSqLTqzfCNSzicGZobKFS4iZDvynWBPh7yZCTHGK9O/0eeB/Y1ZaTT
+Clb/9RdkbO+oIiVJk7bfABfaWH5d7sUbsNHRXyEQx/nzugIKJwfF8dbH0+D7CWBsAAAAAgAU
+dHJ1c3Rjb3Jyb290Y2VydGNhLTIAAAF8EFmtSAAFWC41MDkAAAYzMIIGLzCCBBegAwIBAgII
+JaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNVBAYTAlBBMQ8wDQYDVQQIDAZQYW5h
+bWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQwIgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMu
+IGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEfMB0G
+A1UEAwwWVHJ1c3RDb3IgUm9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEyMzEx
+NzI2MzlaMIGkMQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5h
+bWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQL
+DB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29yIFJv
+b3RDZXJ0IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnIG7CKqJiJJWQ
+dsg4foDSq8GbZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+QVqedd2NyuCb7GgypGmSaIwLgQ5W
+oD4a3SwlFIIvl9NkRvRUqdw6VC0xK5mC8tkq1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2
+YVpHI7TYabS3OtB0PAx1oYxOdqHp2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbI
+XvRR/u8OYzo7cbrPb1nKDOObXUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFap
+RBF37120Hapeaz6LMvYHL1cEksr1/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTC
+HWKF3wP+TfSvPd9cW436cOGlfifHhi5qjxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88oWP7
++ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQPeSghYA2FFn3XVDjxklb9tTNMg9zXEJ9L/cb4
+Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+CtgrKAmrhQhJ8Z3mjOAPF5GP/fDsaOGM8bo
+Xg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh8N0JqSDIvgmk0H5Ew7IwSjiqqewY
+mgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAdBgNVHQ4EFgQU2f4hQG6UnrybPZx9mCAZ5Yww
+YrIwHwYDVR0jBBgwFoAU2f4hQG6UnrybPZx9mCAZ5YwwYrIwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/hOsh80QA9z+LqBrWy
+OrsGS2h60COXdKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnpkpfbsEZC89Ni
+qpX+MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv2wnL/V9l
+FDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RXCI/hOWB3S6xZ
+hBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYaZH9bDTMJBzN7Bj8RpFxw
+PIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW2dCFmU2Umw9Lje4AWkcdEQOsQRiv
+h7dvDDqPys/cA8GiCcjl/YBeyGBCARsaU1q7N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JML
+iI+h2IYURpFHmygk71dSTlxCnKr3Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8
+hAs/hCBcNANExdqtvArBAs8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQgu
+LvqcAFLTxWYp5KeXRKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/
+D1Fu1uwJAAAAAgANYW1hem9ucm9vdGNhMQAAAXwQWa1IAAVYLjUwOQAAA0UwggNBMIICKaAD
+AgECAhMGbJ/Pmb+MCjni8HiKQ+aWNlvKMA0GCSqGSIb3DQEBCwUAMDkxCzAJBgNVBAYTAlVT
+MQ8wDQYDVQQKEwZBbWF6b24xGTAXBgNVBAMTEEFtYXpvbiBSb290IENBIDEwHhcNMTUwNTI2
+MDAwMDAwWhcNMzgwMTE3MDAwMDAwWjA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9u
+MRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAsniAccp41eNxr0eAUHR9btjXiHb0mWj3WCFg+XSEAS+sAi2G06BDek6ypNA2ugG+
+jdtIyAcXNkz07ogjxz7rN/W1GfhJaLDe17l2OB1hnqT+gjal5UpW5EXh+f20Fvp02pybNTkv
++rAgUAZsetCAsqb5r+xHGY9QOAfcooc5WPi61an5SGcwlu6UeF5viaNRwDCGZqFFZrpU66PD
+kflI3P/R6DAtfS10cDXXiCT3nsRZbrtzhxfyMkYouEP6tx2qyrTynyQOLUv3cVxeaf/qlQLL
+OIquUDhv2/stYhvFxx5U4XfgZ8gPnIcj1j9AIH8ggMSATD47JCaOBK5smsiqDQIDAQABo0Iw
+QDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUhBjMhTTsvAyU
+lC4IWZzHshBOCggwDQYJKoZIhvcNAQELBQADggEBAJjyN1pBkKEaxXZRKCA2Iw6u5ii7qviU
+rkikMH8b/CSNS7TIoZf2tvF6cMhTk8wIKOOYJc8jpPneIdN8hQmtTpp1OsILaol4dkRHGGVs
+jUGOO3+ay/S1p1DXBSw36ANLrelhoAJu9fLwxbLtW7fc+pRcd54TpX9SrZXy+JM73otcW8pa
+UltgrxT3S++j+59AlW0xVPxC08dGHyOt2Q9IcJrZdXhx0XJDNHVuV1nCAlwmYCnPIxkWjohD
+pdTkywj7IxFD6EMpcmKhqV1eCNSQrrjYzhTC0FXyhvbEk0N3ZmHAuehB15d4YANuSnKupdF9
+uhCehmwbirlZM/jrxJC+8bkAAAACABR0cnVzdGNvcnJvb3RjZXJ0Y2EtMQAAAXwQWa1IAAVY
+LjUwOQAABDQwggQwMIIDGKADAgECAgkA2pvscfMDsBkwDQYJKoZIhvcNAQELBQAwgaQxCzAJ
+BgNVBAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQwIgYD
+VQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29yIENl
+cnRpZmljYXRlIEF1dGhvcml0eTEfMB0GA1UEAwwWVHJ1c3RDb3IgUm9vdENlcnQgQ0EtMTAe
+Fw0xNjAyMDQxMjMyMTZaFw0yOTEyMzExNzIzMTZaMIGkMQswCQYDVQQGEwJQQTEPMA0GA1UE
+CAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lz
+dGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3Jp
+dHkxHzAdBgNVBAMMFlRydXN0Q29yIFJvb3RDZXJ0IENBLTEwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC/jreV4sImEmszGcdAWAqrWaqNAKP8gMdQe47UICa6MhLYI1RJJRAi
+mJ1G0sHJnk4bLiwOOPMaJWgcploF5h6LSL+YlnQ+acrptXilBrzVAF4JCvInelL8LdWx6rSJ
+YSTzGhPbqc9S7Qwkurme7H4AdPqTrWwpkq5RtLvTV7+z86iNnPQkSyrWmZ70nv7AfkI65wuV
+U9q3aA6QTPtwP49KLJTzJt1jaamU2BBOxUcIkJkbF025bG7vYJURjiGAtb2gc9jQsnfERepa
+Jvtmdnb4Bh9hbQ9VxYO3EFZyBgel87EaAwVkDp1aitaGcBsk3v4oiivQarD8eqLcsnkOi2UP
+AgMBAAGjYzBhMB0GA1UdDgQWBBTua0k8ej8N47EJt4rIqxmfczNQ5zAfBgNVHSMEGDAWgBTu
+a0k8ej8N47EJt4rIqxmfczNQ5zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
+BgkqhkiG9w0BAQsFAAOCAQEAJRjUkY8T7o8eHRFT2i1EKRmgHmsxnk0Onq09XEFvlSskoXmY
+Ojg2+7tmnkj/kJDvPdS4m7SHdT8gm85yz6FVwU1kohkGoQczDAsp5fHqq6PstQp0kMd9cvLX
+XJ+R75GLt9ztZqLPjmY7vJ86AuAn3RaYwJXUCqTkgZp1lDWckF+INwatWZUKsNFn0xnKiecy
+WjYcPoKoWpO+xtBkkbbP2bYYz9t+0mWjpsSOFzHB+35229OF41iyd3p2O2wvUBzn2/ZneR/1
+gpWaB6cUr4/cKCFnCdLWTVocGRyOd1zDlCQ9MmtLftR4lIO+N03OX8ceTjzgiTOVCw+lMtY8
+WnksGQAAAAIAJHNzbC5jb21yb290Y2VydGlmaWNhdGlvbmF1dGhvcml0eWVjYwAAAXwQWa1I
+AAVYLjUwOQAAApEwggKNMIICFKADAgECAgh15t/LwWhbqDAKBggqhkjOPQQDAjB8MQswCQYD
+VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NT
+TCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBSb290IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5IEVDQzAeFw0xNjAyMTIxODE0MDNaFw00MTAyMTIxODE0MDNaMHwxCzAJBgNVBAYT
+AlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENv
+cnBvcmF0aW9uMTEwLwYDVQQDDChTU0wuY29tIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgRUNDMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAERW6pUMSmIzaeXyiNF8uWImQ/3HqOHcwI
+s6JxJLqOSbkEG0eWWKstlcjtngg1yCfriYxTWOtiiv7wWw9rMVJjQTuJzezsto0Z0zQH3LvG
+Bn/CRZXsy3+oI+AJ6YH680fTo2MwYTAdBgNVHQ4EFgQUgtGFczDnNQTTjgKS++Wk0cQh6M0w
+DwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSC0YVzMOc1BNOOApL75aTRxCHozTAOBgNV
+HQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwIDZwAwZAIwb+frWRGkYM9hsJZ77QX5LxOR3O3l/FBr
+EUZGsxwhAGK7vsPn6M0HmfkNC11yPsSqAjAfvLoL4jAk+3xtgFUKmT6ADTPlZqOzo7ul1YuP
+CSymXX7i8AcIaG3SfGluX9/lamUAAAACACRzc2wuY29tcm9vdGNlcnRpZmljYXRpb25hdXRo
+b3JpdHlyc2EAAAF8EFmtSAAFWC41MDkAAAXhMIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJ
+KoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdI
+b3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9v
+dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYwMjEyMTczOTM5WhcNNDEwMjEy
+MTczOTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0
+b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBSb290IENl
+cnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2RxFdHaxh3a3by/ZPkPQ/CFp4LZsNW
+lJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aXqhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8P2FI
+7bADFB0QDksZ4LtO7IZl/zbzXmcCC52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/ge
+oeOy3ZExqysdBP+lSgQ36YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9
+aqkpk8zruFvh/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq
+/LrFYD3ZfBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93EJNyA
+KoFBbZQ+yODJgUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVcUS4cK38acijn
+ALXRdMbX5J+tB5O2UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8ZVWb3vUNiSYE/CUapiVp
+y8JtynziWV+XrOvvLsi81xtZPCvM8hnIk2snYxnP/Okm+Mpxm3+T/jRnhE6Z6/yzeAkzcLpm
+pnbtG3PrGqUNxCITIJRWCk4sbE6x/c+cCbqiM+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkH
+ovV6fVJTEpKV7jiAJQ2mWTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9
+UlMSkpXuOIAlDaZZMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7
+Jp0cHh5wYfGVcpNxJK1ok1iOMq8bs3AD/CUrdIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8e
+EdBcHadm47GUBwwyOabqG7B52B2ccETjit3E+ZUfijhDPwGFpUenPUayvOUiaPd7nNgsPgoh
+yC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAslu1OJD7OAUN5F7kR/q5R4ZJjT9ijd
+h9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjqerQ0cuAjJ3dctpDqhiVAq+8z
+D8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jra6x+3uxjMxW3IwiPxg+NQVrdjsW5
+j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90IH37hVZkLId6Tngr75qNJvTYw/ud3sqB1l7Ut
+gYgXZSD32pAAn8lSzDLKNXz1PQ/YK9f1JmzJBjSWFupwWRoyeXkLtoh/D1JIPb9s2KJELtFO
+t3JY04kTlf5Eq/jXixtunLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406ywKBjYZC6
+VWg3dGq2ktufoYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NIWuuA
+8ShYIc2wBlX7Jz9TkHCpBB5XJ7kAAAACABpkLXRydXN0cm9vdGNsYXNzM2NhMmV2MjAwOQAA
+AXwQWa1IAAVYLjUwOQAABEcwggRDMIIDK6ADAgECAgMJg/QwDQYJKoZIhvcNAQELBQAwUDEL
+MAkGA1UEBhMCREUxFTATBgNVBAoMDEQtVHJ1c3QgR21iSDEqMCgGA1UEAwwhRC1UUlVTVCBS
+b290IENsYXNzIDMgQ0EgMiBFViAyMDA5MB4XDTA5MTEwNTA4NTA0NloXDTI5MTEwNTA4NTA0
+NlowUDELMAkGA1UEBhMCREUxFTATBgNVBAoMDEQtVHJ1c3QgR21iSDEqMCgGA1UEAwwhRC1U
+UlVTVCBSb290IENsYXNzIDMgQ0EgMiBFViAyMDA5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAmfGENHC6L7cwoI69fATPvmK8mf2Cl9J6CmeWOAn2EE6VInOZjdoVLecF/Blz
+IreOmAC8PD2soWz71nklS63wzGTaiD4puA8J0zTdM/Vi0eHNGenuGE9MWK7iHtYMWxVa2Dq4
+xBhkHuMzsrWJd04Mv9mUaxOXbxKj/pmpBMwV7GBoNu0Ie7f1v5PtZjGDjMZxNIdOF+qvi5GN
+HFZBriI3XjfyHdnRLQ0vaVGnvmamijoqvccaseEU8L46HbnPW7Fq/rSxRiCi+x47cO+TmH2M
+c5byxe+FcK0pJvweBD4coNgPy1KDYnzui1OVkKlXouphBdj5TcQn+m6t7fnXUfdrpQIDAQAB
+o4IBJDCCASAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU05SKTGITKhkuzK9yin0215oc
+3GcwDgYDVR0PAQH/BAQDAgEGMIHdBgNVHR8EgdUwgdIwgYeggYSggYGGf2xkYXA6Ly9kaXJl
+Y3RvcnkuZC10cnVzdC5uZXQvQ049RC1UUlVTVCUyMFJvb3QlMjBDbGFzcyUyMDMlMjBDQSUy
+MDIlMjBFViUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2Nh
+dGlvbmxpc3QwRqBEoEKGQGh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfcm9v
+dF9jbGFzc18zX2NhXzJfZXZfMjAwOS5jcmwwDQYJKoZIhvcNAQELBQADggEBADTte1o8pJSI
+7xoRdQcvs/48+h5RJuuH9ine4PHUxiQJ6cHPVRu0MNnOGv4GUaYVpC3vsku/ICglSdGmNnc0
+6GTfUrERx3N6zTmewq2McSHyWmuv3zxOVa+yhGUUibl3yyoxvs+jbc9vSJQyRm/ncYygpoQZ
+NwfyA0UJK4Z1fN9faVcA227YpnIiS1DUdZhW37cY/0NDUK56RHvweVHXQz2n04HT8MlPudrG
+l4bQgsPkQm3+sOJkTg4m50A0JrUIidcIY2M4J3UeM+puqN2fmU90TYGJgEvdmpcpXC++gUG5
+jP/qfWAGns3XPdMuoxW8qOYm5W/D3LgDIeqfFvEsVLUAAAACACRuZXR3b3Jrc29sdXRpb25z
+Y2VydGlmaWNhdGVhdXRob3JpdHkAAAF8EFmtSAAFWC41MDkAAAPqMIID5jCCAs6gAwIBAgIQ
+V8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzEhMB8GA1UE
+ChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9u
+cyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5
+WjBiMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAw
+LgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwzc7ME
+L7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPPOCwGJgl6cvf6
+UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rlmGNpSAW+Lv8ztumXWWn4
+Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnFBgrEsEX1QV1uiUV7PTsmjHTC5dLR
+fbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7
+azCPL0YCorEMIuDTAgMBAAGjgZcwgZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadM
+MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0
+dHA6Ly9jcmwubmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRo
+b3JpdHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc86fRZ
+ZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/h1AcgsLj4DKA
+v6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH/nxxH2szJGoeBfcFaMBq
+EssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3HtvwKeI8lN3s2Berq4o2jUsbzRF0ybh
+3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHNpGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe
+2MPr+8ukYEywVaCge1eyAAAAAgAVYWZmaXJtdHJ1c3RuZXR3b3JraW5nAAABfBBZrUgABVgu
+NTA5AAADUDCCA0wwggI0oAMCAQICCHxPBDkc1JktMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
+BAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEfMB0GA1UEAwwWQWZmaXJtVHJ1c3QgTmV0
+d29ya2luZzAeFw0xMDAxMjkxNDA4MjRaFw0zMDEyMzExNDA4MjRaMEQxCzAJBgNVBAYTAlVT
+MRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEfMB0GA1UEAwwWQWZmaXJtVHJ1c3QgTmV0d29ya2lu
+ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALSEzDMXLmuUbGthUqDro895lEzl
+lICZy1VkRGWPZ2TiBuNcN0n2L5uEhB4t8mCdME7MhIXiLM8env42qzN3NUTYNZYaPTboeg7Y
+1UehammL2fy7Oq55WtX01nG7mpAja5q3iHSHDB5fuZ4t+qtTK9y7dj6TTAgIjB6iIxzUaq0i
+upkBLm1ly74kZlUkS0BEsRvX4cKFwN4QPz3tuPzx8SNT3L9ll2/Z+UBxjX29ldTOvqBeJyPe
+/abQJg4AKes8RvA9YL8/UNLcJkFRnhQ3QgSjcFeoG4ftLfp77owK46lmiRnLQfndRDZhz+J3
+Rsh99vSSgTb92zTxcn7zDBa9tBUCAwEAAaNCMEAwHQYDVR0OBBYEFAcf0uec2sJuokC0sHpQ
+EFB0xMi9MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUA
+A4IBAQCJV7IWeqjC/dbZm5s0wpy0MhRNp6Tf7L6nvvhD25E3zrQyLlBVGjVOdkNxIO+Td04V
+cC6Hw8EdbdzLtSfULFbRUlM6RNJzyMQbBWVaYpKc7kGNMdvnNOpZIdUBetdkuGQ5zcntr+1L
+A0inoJkBgNxlozauZVlIT4JLyGXxVx3lWS4KP2zY0fXlCbRsVAAK4BVNh3Vtt1iWWt1t0gCg
+9JtIvsM3pLo24HyHhZcaFaLeLqJbva8Y+ZBQzXBZ+CdnR8vHoAc6fdEsXWwZOma1ff2Rb4Kx
+vgiT2xRH8aI3x0WePMd3r2Sok9/2aYOCYPJJQjTtWgBUhRwWNpIMXPqmrb/bAAAAAgATZ2xv
+YmFsc2lnbnJvb3RjYS1yNgAAAXwQWa1IAAVYLjUwOQAABYcwggWDMIIDa6ADAgECAg5F5rsD
+gzPDhWVI5v9FUTANBgkqhkiG9w0BAQwFADBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3Qg
+Q0EgLSBSNjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0x
+NDEyMTAwMDAwMDBaFw0zNDEyMTAwMDAwMDBaMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9v
+dCBDQSAtIFI2MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMIIC
+IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlQfoc8pm+ewUyns89w0I8bRFCyyCtEjG
+61s8roO4QZIzFKRvf+kqzMawiGvFtonRxrL/FM5RFCHsSt0bWsbWh+5NOhUG7WRmC5KAykTe
+c5RO86eJf094YwjIElBtQmYvTbl5KE1SGooagLcZgQ5+xIq8ZEwhHENo1z08isWyZtWQmrcx
+BsW+4m0yBqYe+bnrqqO4v76CY1DQ8BiJ3+QPefXqoh8q0nAue+e8k7ttU+JIfIwQBzj/ZrJ3
+YX7g6ow8qrSk9vOVShIHbf2MsonP0KBhd8hYdLDUIzr3XTrKotudCd5dRC2Q8YHNV5L6frxQ
+BGM032uTGL5rNrI55KwkNrfw77YcE1eTtt6y+OKFt3OiuDWqRfLgnTahb1SK8XJWbi6IxVFC
+RBWU7qPFOJabTk5aC0fzBjZJdzC8cTflpuwhCHX85mEWP3fV2ZGXhAps1AJNdMAU7f05+4Py
+XhShBLAL6f7uj+FuC7IIs2FmCWqxBjplllnA8DX9ydoojRoRh3CBCqiadR2eOoYFAJ7bgNYl
++dwFnidZTHY5W+r5paHYgw/R/98wEfmFzzNI9cptZBQselhP00sIScWVZBpjDnk99bOMylit
+nEJFeW4OhxlcVLFltr+Mm9wT6Q1vuC7cZ27JixG1hBSKABlwg3mRl5HUGie/Nx4yB9gUYzwo
+TK8CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FK5sBaOTE+Ki5+LXHNbH8H/IZ1OgMB8GA1UdIwQYMBaAFK5sBaOTE+Ki5+LXHNbH8H/IZ1Og
+MA0GCSqGSIb3DQEBDAUAA4ICAQCDJe3o0f2VUs2ewASgkWnmXNCE3tytok/oR3jWZZipW6g8
+h3wCitFutxZz5l/AVJjVdL7BzeIRka0jGD3d4XJElrSVXsB7jpl4FkMTVlezorM7tXfcQHKs
+o+ubNT6xCCGh58RDN3kyvrXnnCxMvEMpmY4w06wh4OMd+tgHM3ZUACIquU0gLnBo2uVT/INc
+053y/0QMRGby0uO9RgAabQK6JV2NoTFR3VRGHE3bmZbvGhwEXKYV73jgef5d2z6qTFX9mhWp
+b+Gm+99wMOnD7kJG7cKTBYn6fWN7P9BxgXwA6JiuDng0wyX7rwqfIGvdOxOPEoziQRpIenOg
+d2nHtlx/gsge/lgbKCuobK1ebcAF0nu364D+JTf+AptorEJdw+71zNzwUHXSNmmc5nsE324G
+abbeCglIWYfrexRgemSqaUPvkcdM7BjdbO9TLYyZ4V7ycj7PVMi9Z+ykD0xF/9O5MCMHTI8Q
+v4aW2ZlatJlXHKTMuxWJU7osBQ/kxJ4ZsRg01Uyduu33H68klQR4qAO77oHl2l98i0qhkHQl
+p7M+S8gsVr3HyO844lyS8Hn3nIS6dC1hASB+ftHyTwdZX4stQ1LrRgyU4fVmR3l31VRbH60k
+N8tFWk6gREjI2LCZxRWECfbWSUnAZbjmGnFuoKjxguhFPmzWAtcKZ4MFWsmkEAAAAAIAFmds
+b2JhbHNpZ25lY2Nyb290Y2EtcjUAAAF8EFmtSAAFWC41MDkAAAIiMIICHjCCAaSgAwIBAgIR
+YFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBF
+Q0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxT
+aWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFs
+U2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpH
+bG9iYWxTaWduMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6
+SFkc8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8kehOvR
+nkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYIKoZIzj0EAwMDaAAwZQIx
+AOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg515dTguDnFt2KaAJJiFqYgIwcdK1
+j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnOxwy8p2Fp8fc74SrL+SvzZpA3AAAAAgAWZ2xv
+YmFsc2lnbmVjY3Jvb3RjYS1yNAAAAXwQWa1IAAVYLjUwOQAAAeUwggHhMIIBh6ADAgECAhEq
+OKQclgoE3kKyKKUL6DSYAjAKBggqhkjOPQQDAjBQMSQwIgYDVQQLExtHbG9iYWxTaWduIEVD
+QyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNp
+Z24wHhcNMTIxMTEzMDAwMDAwWhcNMzgwMTE5MDMxNDA3WjBQMSQwIgYDVQQLExtHbG9iYWxT
+aWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds
+b2JhbFNpZ24wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS4xnnTj2wlDp8uORkcA6SumuU5
+BwkWymOxuYb4ilfBV85C+nOh92VC/x7BALJucw7/xyHlGKSq2XE/qNS5zowdo0IwQDAOBgNV
+HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVLB7rUW44kB/+wpu+74z
+yTyjhNUwCgYIKoZIzj0EAwIDSAAwRQIhANySoaATps8DsObEIZeQ+hRXLQPs7jzTbsqobHa8
+ot67AiAnqIUnNZtWxqPyR9K3bhsCABeqZ6YVkd76lOx7C/ifhAAAAAIADXN6YWZpcnJvb3Rj
+YTIAAAF8EFmtSAAFWC41MDkAAAN2MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk
+1uQwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpi
+YSBSb3psaWN6ZW5pb3dhIFMuQS4xGDAWBgNVBAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEw
+MTkwNzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFq
+b3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYDVQQDDA9TWkFGSVIgUk9PVCBDQTIw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5QqEvNQLXOYeeWyrSh2gwisPq1
+e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT3PSQ1hNKDJA8w/Ta0o4NkjrcsbH/
+ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw3gAeqDRHu5rr/gsUvTaE2g0gv/pby6kWIK05
+YO4vdbbnl5z5Pv1+TW9NL++IDWr63fE9biCloBK0TXC5ztdyO4mTp4CEHCdJckm1/zuVnsHM
+yAHs6A6KCpbns6aH5db5BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwiieDhZNRn
+vDF5YTy7ykHNXGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
+BAQDAgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsFAAOC
+AQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw8PRBEew/R40/
+cof5O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOGnXkZ7/e7DDWQw4rtTw/1
+zBLZpD67oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCPoky4rc/hkA/NrgrHXXu3UNLUYfrV
+FdvXn4dRVOul4+vJhaAlIDf7js4MNIThPIGyd05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrK
+jSoS75ftwjCkySp6+/NNIxuZMzSgLvWpCz/UXeHPhJ/iGcJfitYgHuNztwAAAAIAE2dsb2Jh
+bHNpZ25yb290Y2EtcjMAAAF8EFmtSAAFWC41MDkAAANjMIIDXzCCAkegAwIBAgILBAAAAAAB
+IVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0g
+UjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4
+MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0Eg
+LSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8RgJD
+x7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ0mpi
+Lx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3
+rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSS
+aGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPa
+bumDk3F2xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
+HQYDVR0OBBYEFI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvA
+UKr+yAzv95ZURUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25s
+bwMpjjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBd
+RoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQit
+Chws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlh
+LxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpHWD9fAAAAAgATZ2xvYmFsc2lnbnJv
+b3RjYS1yMgAAAXwQWa1IAAVYLjUwOQAAA74wggO6MIICoqADAgECAgsEAAAAAAEPhibmDTAN
+BgkqhkiG9w0BAQUFADBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0wNjEyMTUwODAwMDBa
+Fw0yMTEyMTUwODAwMDBaMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIyMRMw
+EQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAps8kDr4ubyiZRULEqz4hVJsL03+EcPoSs8u/h1/Gf4bTsjBc
+1v2t8Xvc5fhglgmSEPXQU977e35ziKxSiHtKpspJpl6op4xaEbx6guu+jOmzrJYlB5dKmSoH
+L7Qed7+KD7UCfBuWuMW5Oiy81hK561l94tAGhl9eSWq1OV6INOy8eAwImIRsqM1LtKB9DHlN
+8LgtyyHK1WxbfeGgKYSh+dOUScskYpEgvN0L1dnM+eonCitzkcadG6zIy+jgoPQvkItN+7A2
+G/YZeoXgbfJhE4hcn+CTClGXilrOr6vV96oJqmC93Nlf33KpYBNeAAHJSvo/pOoHAyECjoLK
+A8KbjwIDAQABo4GcMIGZMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
+DgQWBBSb4gdXZxwewGoG3lm0mi3f3BmGLjA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3Js
+Lmdsb2JhbHNpZ24ubmV0L3Jvb3QtcjIuY3JsMB8GA1UdIwQYMBaAFJviB1dnHB7AagbeWbSa
+Ld/cGYYuMA0GCSqGSIb3DQEBBQUAA4IBAQCZgVOHHGiXhpHs4Eq4RAurgawnT9bBuBxDeLMM
+mvzqLDxuYRtNSyn1nwUdJsG46YMAYkW2qQiTuakzSxiawviHiE7b3XE0GsFU2kY/4NMqq21U
+IvU6Ys0gb7opidfdke7TXKI+oVtB9d/lZEMt6dU5q9Ki37eL0MCAGRxFwC2M6PgtpHRWScUF
+tU8V3m5EeDmHqH6783kYkbv0b53B8Iw1jF0B+8Ntue9EbXlGMX4K/qmCwf/vq24gxFDJX51N
+mxeMDOUByaBBanNT+qVQtG4lD/tMGPT9UtmOabHoEQ/eiNj7HUn3qt6VzyB4wmAS2yVAjGr8
+fkI4QGQS956B4ZMuAAAAAgAKb25hcHRlc3RjYQAAAXw8eG62AAVYLjUwOQAABUIwggU+MIID
+JqADAgECAgkAnq7twKfOtZ0wDQYJKoZIhvcNAQELBQAwLDEOMAwGA1UECwwFT1NBQUYxDTAL
+BgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTMB4XDTE4MDQwNTE0MTUyOFoXDTM4MDMzMTE0MTUy
+OFowLDEOMAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwDmmSBGzs2EYbh7Dkmi6HJhqSBhTIVobXbX7
++HyptJ23SFVC/nr4QDjVirtcaJ7tFgNAr02YAUXeCu4T7pfvC8mIKGn4LJ3uwUydvrm5aHER
+3FZMzYEkWuB/NScfxkLGBoKjdcfg/OUpHLYtBAkQkQLCX9FmZEJeKMy3l72Hxehlj98qQpxl
+lSxY0IylOjbrrCO8D0xcuZ2BF5GPT6+sKOs2rL6G3AkPO2iIdaJg+pPqjwS8ZyCM2qOVnHs1
+Q1/wx8sMHKooXr7BFse/UYqOff9WKN3jkW/yuLJFhE6IVqe9tXqMh8GS/w9lteDZUNaxiyCn
+w0C8zEr6JXxw74KTeUEjYY49lsISqk9VNhstTPqxzMCUJfBCg/MMhljBhrd5H+BgtjWA/aIR
+Uc5FqDdss9qn1lfkTwNmTNM1OOi+8uTwpoKZ9xpQwmwG0N0ClxSK3PXRydHJlzWxfeATV/cO
+nNAzq30Lmw5XJGENxKsqqrBv2bRKzThcBL0Wyow/dRZhDKoNdLGVQBhpfz3a7yZXWHGe3aCN
+vbZGWhcwzpOi8zexKslLTAf6XWfOd3poVd+1L8bhlUhVn8t9PWKzhK2jI9ZkLDDCXLXPyolD
+/OGKnk2BlPFDDiaLvDDfkNg90BA4KhqN9K8WOqyVD9w9GL8xEK7Tv2F5Vvl9CefNW2ekVBEC
+AwEAAaNjMGEwHQYDVR0OBBYEFFNVM/JL69BRscF4msEoMXvv6u1JMB8GA1UdIwQYMBaAFFNV
+M/JL69BRscF4msEoMXvv6u1JMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0G
+CSqGSIb3DQEBCwUAA4ICAQA/H8hor3ifTbA/GmdhPL4tUsjHB2r+RrA13ohuIzMvzvOY0wOY
+dwZt+hEKPw6SG6CBf0vHX8KSGleKa5ixk4VCLluWv+76/iYhuyBuaL3uP5xQcM/TMvJy9K/E
+oe3LnUvCZpf1rjCQmXnMFTg7Wx38f21ZwSbAnf2W0qgEoHFz3hlzeIybnK1FYaP7SsrMsMBc
+RamhnlsTk8slq4DpQMLEMt+zcXCFtLu4OCDFi9+PJIXkUI0RP3ign6byztV4e+hryI8Yq9es
+ip13tcMeeokmVUqvub1LR8xvIQHxyLZG05cO33eJ9jW6GgS0TKSfh2oFKnx7O80yfChd1g8O
+9N324IAV5YUtWt4EBbF3bmE+wFORkDmGlr+sD6Yq/oB/hUFWJivxzPh1kKwUKG6KhV5t72KC
+Gt+MH/+op6kWM8ULKPMo3W7Qkqb/bH85GrGRM40byne4PCgg7KKZRxO1My/jZt9gPzxEpqSp
+IVcT0b5nQuVooAGp+Mrj2j+2wCn5zkug2ViWUqGd607dAB2tofB2YLfoGGiCHNHWOlfvnUBx
+mfZUfdDhcrKnTVwk0Ikiu5r4D5vHrOHdHJbrMgiRtEJsRP5QP7iavxYhxITea1FlWWeFQM7j
+P3/9YoxXPBL1GHz+S6zOsYUjUpCjNcIcutx7dg/pFhl8553v0tdpHBd1hgAAAAIAD2Vtc2ln
+bnJvb3RjYS1jMQAAAXwQWa1IAAVYLjUwOQAAA3cwggNzMIICW6ADAgECAgsArs8AusTPMvhD
+sjANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzETMBEGA1UECxMKZW1TaWduIFBLSTEU
+MBIGA1UEChMLZU11ZGhyYSBJbmMxHDAaBgNVBAMTE2VtU2lnbiBSb290IENBIC0gQzEwHhcN
+MTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBWMQswCQYDVQQGEwJVUzETMBEGA1UECxMK
+ZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMxHDAaBgNVBAMTE2VtU2lnbiBSb290
+IENBIC0gQzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP66m58ZkFzNgoIUrz
+czRRhFYQ9aBPLBLj+hOaJ9DP+XkadF8deTn8W/hwjuCSUvfkJflUg9kd08hahT9ex7YH7j7A
+zpqvrFZCKjklcNa/tXs2raz2c9zN1x2Kg6X7K5AVN2scJkfcOylWk2qzwWo6nT31wZc4WAWL
+HBHj5LS4XYUdg/54XwtFaBhIpUZzNDv+D8h2u8cY8wXRhvOF7ee52TKtVYjOpraRsE+sfhUj
+lvY/8CA0Ft4KxsQERXl/p/2+0qmlr5zFIyr3PCFsva+PTsU6svM0EvzfgBpJpNSplfeeiV6i
+iayUy6hom6+KZSfNie7djLVrKXBDoGkL5LkPAgMBAAGjQjBAMB0GA1UdDgQWBBT+oeBwHioD
+OVJaQr5ckYV6GKpNtTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
+9w0BAQsFAAOCAQEAwkpW+hUheyii6eUd+/gtxDmWQUw7JyzEbBgVgMasr0dZLyYL4zaw7zv+
+Q5dJMpkSFVvfESn/q1P4u8F4D6ycU69XvWiMPWkz8KOgI2M7ZGciRK3VcctWKniSo08SMTY2
+4t7+AMSjYA8nraCwirU2elKhvSf0ICdi6E2UJBPkCgTpPKsuyEMJSsZhBOVJNH7TxMj1D8Cq
+6bpUXvNjK09PUNT+uXuZjD3ALrwCK9PEQOSKBzEem84mmRP7EeqaIgwRGcdeG4FQMMiWEm7n
+y0F/kTuiR7dUgBvcAMyakOrDw1AGYgwwwBVIp6hZfOGuIqLiCnoP+mKrUkzh8d/KvoMNQgAA
+AAIAEmVtc2lnbmVjY3Jvb3RjYS1jMwAAAXwQWa1IAAVYLjUwOQAAAi8wggIrMIIBsaADAgEC
+Agp7cbaCVrgSfJyoMAoGCCqGSM49BAMDMFoxCzAJBgNVBAYTAlVTMRMwEQYDVQQLEwplbVNp
+Z24gUEtJMRQwEgYDVQQKEwtlTXVkaHJhIEluYzEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290
+IENBIC0gQzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBaMQswCQYDVQQGEwJV
+UzETMBEGA1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMxIDAeBgNVBAMT
+F2VtU2lnbiBFQ0MgUm9vdCBDQSAtIEMzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE/aVhrnsm
+EB3ptyIwrgb0gbOxQnGVObzTUuOvr/nylzWSNkYOh5WNuTla6bvf0P7IB0E8u1Vvg6Nq+2Kw
+gYkCcH1IxUrj6SJUIk2Tu0IMr3ecI6Z912ERzmXH+H/+9fKpo0IwQDAdBgNVHQ4EFgQU+1pI
+0IAgQPKo6QAHaRl3p+bD9M8wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wCgYI
+KoZIzj0EAwMDaAAwZQIxALTYLwKJ/bZMYrpDThOEcrWu3Rze1rXcVo9YQFot3iBMIoPKk6h+
+7hJAx9aHT/jfhQIwHBRk5HyWgxGcsNFaYUumD0nTAPyh/OSl/3+t1zDQx3d/voEHVTBQIBT1
+VzgKqDFRAAAAAgAPZ2xvYmFsdHJ1c3QyMDIwAAABfBBZrUgABVguNTA5AAAFhjCCBYIwggNq
+oAMCAQICC1pLvVr7T4pb+mXlMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkFUMSMwIQYD
+VQQKExplLWNvbW1lcmNlIG1vbml0b3JpbmcgR21iSDEZMBcGA1UEAxMQR0xPQkFMVFJVU1Qg
+MjAyMDAeFw0yMDAyMTAwMDAwMDBaFw00MDA2MTAwMDAwMDBaME0xCzAJBgNVBAYTAkFUMSMw
+IQYDVQQKExplLWNvbW1lcmNlIG1vbml0b3JpbmcgR21iSDEZMBcGA1UEAxMQR0xPQkFMVFJV
+U1QgMjAyMDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK4uVq0bHO/2lY+gdxsr
+02OPhE1Fog+fW0WrWXtRNPnsi4p4xd1rr73E35NFHr+ROAuuDhbnQXP427vRuFHgy4M7czhu
+d4oPWWMmzacqzlT7uOLAfEfOYHw/snPywBm2ipKHNQ2QKKLkFQRjPrqv7nxezKaLULI490Fj
+ys7/aY9oDpU25cy5jAnKS90xkJbIzB/9VpY0244c6iy+hS5j3aqpldP9KZUT8MiYk9ktFkeQ
+EYOiOiKiKFei6/7AjCigpn3nKkI7goBjpWMfGcx8smaowtNtN2/ifgZR2UWEHxLOJFJkhQtI
+gE6HsSIiMKrrrr7gAuBA6LBCgANRqrR+qkTXQ2HzomsWiUmko6QrigLEePRoisHkejaxbxuW
+G3dJjdTJBnKPz1Pj3BeFIErcmCfTkSYrRx5pB6/eouTk1GsLs1581CSARylpO27orP1A69jt
+cXEr8uhYHetBlyLFH9Q50CePh+MY9OCpRg31dDqCLtBuLJGjMVw7Rup7BBBWXoAd9aVl6IL8
+4geMYkX1IN5GcIahvJPTHnSmbLAs9wMMiAzL1HJThrxgRvOYasLxv0P5cCB3yjdBeVVSY41b
+Ep/FaMSInazyMKu3ozGXZ62PFw9sx3PtJJRryIOa0Jo3SQSrsRbIbElJLauh0IyS8kFKeSEl
+22PXtpynfkJp+zpjAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
+MB0GA1UdDgQWBBTcLh/RYTd55KvV1bMScWg9amicIjAfBgNVHSMEGDAWgBTcLh/RYTd55KvV
+1bMScWg9amicIjANBgkqhkiG9w0BAQsFAAOCAgEAkfBCAmhA7sNowFQv3+xiw8OeiqAxKKqD
+jqRWlhIQhla6l3LSVDB8rRnVHWhv+xRC2I0O87XRpeMCQl7c6EZYBzUCMOC8dErBQyr/2xrQ
+sK9sw/3Ls/V/bQMuWVadLS01jLLWQxcskgrLXeiMD0twQ9CC/6jMv6SUwL6HvYrjk3vGj5sW
+nSdlvHrFQoJsXAfQqcGIYETpmIUWX/iPygEQziXD+WAboMWXw9MsiDGivTDs0NDAEvHBOePl
+9fjWSt00zftvwU/jAItW4pL3KLJCd3IjZ8c/ERWyxAMFvrsRewq/qG7n/1hDz5tnoIAHth3K
+rW3qQRF+LXST+8K8vlFExe9oJSeA48ig1BLs2aU3HTd8tJHK2tSxloHvaFx2EEmvfqU3gLEc
+Ur0zgUyP+d1l2RTNiiVY9OLFg6UJkNRsFGO1QN/rwPzEWH4NFBaHVCduVuRwhLhsMhJ+gjFD
+vtfdfKGtrtarIBLvCsMQjEmWNdwLdV6xT9VPNA4RIAd1Q0XpoxHarKOZwrZ5J+K578ji9jUp
+enT6xX+CBWKmCuposnlHBm7yV6gVM8b3eEo9Qntrfv73RurR647viGhb6MHZcX79ZO//Z0eI
+WCUvPoYHvfuo5YKorKXTaUPNMYhJhFOSwLE5GzmDATDE8qn60AO9cjdgVh82fL05kfVtDb97
+15IAAAACABNidXlwYXNzY2xhc3Mzcm9vdGNhAAABfBBZrUgABVguNTA5AAAFXTCCBVkwggNB
+oAMCAQICAQIwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBh
+c3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTAeFw0x
+MDEwMjYwODI4NThaFw00MDEwMjYwODI4NThaME4xCzAJBgNVBAYTAk5PMR0wGwYDVQQKDBRC
+dXlwYXNzIEFTLTk4MzE2MzMyNzEgMB4GA1UEAwwXQnV5cGFzcyBDbGFzcyAzIFJvb3QgQ0Ew
+ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCl2gqVFlDjlfJenXYxBjJ6m/EQdrgA
+mrVSNs0kR7CfGGS8mvb61XnYkGJMIi/eOD3W4KjpHCzbeBHpjmhRFXLH8zOH5KBdC1zgVwcq
+MPXNxDd3KE0Ykea/1VL9cS1wPufGxIrj8CgL9HaYoYuHVbI6E/y3Pic3jiLjqE8q72C7Pbc5
+ww4BR5ldEk/bQ/pXoe35nb4RRyZbE5irXRaKsDccV51F/4iWNr+7ygd7b4dj19AyatZdbAzx
+s2454msxLjkAJxTeOMDsGWaGEuidchYTZFLHqTcc/YIw7YQYHfSuXP9wEwDrsfUzekvWVfgF
+jUtpsPWzKDZcFMRRc01rC/E0B9sXOdfcKHtr9Z/zLsFPFyoQ88zK6Ov9a6sump8tgm4E1FIB
+ky09hvx+/N/vQh2ma++5IMb3vaCnlf2n5okk2MyMNGziIy/ZEhohuVWRbwuReRkMrUCIC3Di
+etIO2GhIu4ITORBY6dgqB8YS21jb0jtVEEcFFWdifhhjpkY/CQ5UMl6/DWJ6J++A6NvZSwZa
+N1ol0AgSd9RvCVCXPcgdw9+MRTBWxtNkq2bzwF6WnMPE78N8a4s6eX+zSc894omfoDBLhbmc
+lCR5j31rqUVoDyvQ8docy2m4yklibcjQY2LdYA9Yqo+hvAWlZqLPG3ayhGSxTDlSwDC68IxL
+ArC2twIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRHuM3/5W/u+LLsL04O
++SWwjjxrwzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAAAgI0E1BJDCQGJg
+7+I1TNc/rOI0kLihb3b6FhakSDcs6ZDC8jz4Cp/YgeW7W9olLKSnVXEkMvbIC/K8aviTrLIH
+wl+f28zIiqq+am/hSRDMMdeAu7vI2KIOZFfqovXCqTEV0iBq7PwiASjPhriAHqnMEaU88haz
+R5380oAhxMvQR3BBocqDGQgsbfJdd5yKFBPUNhyS8OUGN9ym5pCbOI9caxtGhkNCXz4BB1NU
+XWV994pzoZpUWh8pQxQnwoUPtYh7GjuUtx1gp7Wc5ylpV1qbk3pDMBsD12LIQKaq/GTkSteR
+UwGoIIhunF9EuctggTTsb9N92khf67SQvC2pHAusHNWiaCCABNb8sY8vu0oxDUqGHOviNikm
+9drYxPJ1Yc9+rnZjSnpAZZOH+B6AjIblhtaPDvxTLGDoFmEaoj5De805YFRq9fKJJgFog0ii
+M+jJBJGyETQRPurQQxkfA5OQDP9RPVf0QW7hy6C+68ljzW3M5Pg2qmid7b1dl3BEDbYONdzh
+DF27oFGUy34W6xEvo5JFyExx2bzJmVJXRi9Qz701afQ9Fc4GpSwPPvaBupS7w7u/ZXjShnn/
+STsagwzw3njsyPJNTBregin4wVra7e7mJ17oRdCdHFGoaKtE49CLauP4O7vcTddk8lG+5qqr
+Wukx7ga8c78TYgqfx7mXAAAAAgAfY29tb2RvcnNhY2VydGlmaWNhdGlvbmF1dGhvcml0eQAA
+AXwQWa1IAAVYLjUwOQAABdwwggXYMIIDwKADAgECAhBMqvnK22Nv4B/3TthbA4adMA0GCSqG
+SIb3DQEBDAUAMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy
+MRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UE
+AxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDAxMTkwMDAwMDBa
+Fw0zODAxMTgyMzU5NTlaMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5j
+aGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDEr
+MCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBAJHoVJLSClaxrA0k3cXPRGd0mSs3o30jcABxvFPfxPoq
+Eo9LfxBWvZ9wcrdhf8lLDxenPeOwBGHu/xGXx/SGPgr6Plz5k+Y0etkUa+ecs4Wggnp2r3GQ
+1+z9DfqcbPrfsIL0FH75vsSmL09/mX+1/GdDcr0MANaJ62ss0+2PmBwUq37l42782KjkkiTa
+Q2tiuFX96sG8bLaL8w6NmuSbbGmZ+HhIMEXVreENPEVg/DKWUSe8Z8PKLrZr6kbHxyCgsR9l
+3kgIuqROqfKDRjeE6+jMgUhDZ05yKptcvUwbKIpcInu0q5jZ7uBRg8MJRk5tPpn6lRfafDNX
+QTyNUe0LtlyvLGMa31fIP7zpXcSbr0WZ4qNaJLS6qVY9z2+q/0lYvvCo//S4rek3+7q49As6
++ehDQh6J2ITLE/HZu+GJYLiMKFasFB2cCudx688O3T2plqFIvTz3r7UNIkzAEYHsVjv206Li
+W7eyBCJSlYCTaeiOTGXxkQMtcHQC6otnFSlpUgK7199QalVGv6CjKGF/cNDDoqosIapHziic
+BkV2v4IYJ7TVrrTLUOZr9EyGcTDppt8WhuDY/0Dd+9BCiH+jMzouXB5BEYFjzhhxayvspoq3
+MVw6akfgw3lZ1iAar/JqmKpyvFdK0kuduxD8sExB5e0dPV4onZzMv7NR2qdH5YRTAgMBAAGj
+QjBAMB0GA1UdDgQWBBS7r34CPfqm8TyEjq3uOJjs2TIy1DAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQwFAAOCAgEACvHVRoS3rlG7bLJNQRQAk0ycy+XA
+VM+gJY4C+f2wog31IJg8Ey2sVqKw1n4Rkukuup4umnKxvRlEbGE1opq0FhJpWozh1z6kGugv
+A/SuYR0QGyqki3rF/gWm4cDWyP6ero8ruj2Z+NhzCVhGbqac9Ncn05XaN4NyHNNz4KJHmQM4
+XdVJeQApHMfsmyAcByRpV3iyOfw6hKC1nHyNvy6TYie3OdoXGK69PAlo/4SbPNXWCwPjV54U
+99HrT8i9hyO3tklDeYVcuuuSC6HG6GioTBaxGpkK6FMskruhCRh1DGWoe8sjtxrCKIXDG//Q
+K2LvpHsJkZhnjBQBzWgGamMhdQOAiIpugcaF8qmkLef0pSQQR4PKzfSNeVixBpvnGirZnQHX
+lH3tA0rK8NvoqQE+9VaZyR6OST275Qm54E9Jkj0WgkDMzFnG5jrtEi5pPGyVsf2qHXt/hr4e
+DjJG+/sTj3V/TItLRmP+ADRAcMHDuaHdpnDiBLNBvOmAkepknHrhIgOpnG5vDmVPbIeHXvNu
+oPl1pZtA6FOyJ51KucB3IY3/h/LevIzvF9+3SQvR8m4wCxoOTnbtEfz16Vayfb/HbQqTjKXQ
+wLYdvjpOlKLXbmwLwop8+iDzxOTlzQ2oy5GSsXyF7LUUaWYOgufNzsgtplF/IcE1U4UGSl2f
+rbsbX3QAAAACAA5jZXJ0dW1lYy0zODRjYQAAAXwQWa1IAAVYLjUwOQAAAmkwggJlMIIB66AD
+AgECAhB4jydcgRJSIKUE0C3dunP0MAoGCCqGSM49BAMDMHQxCzAJBgNVBAYTAlBMMSEwHwYD
+VQQKExhBc3NlY28gRGF0YSBTeXN0ZW1zIFMuQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTEZMBcGA1UEAxMQQ2VydHVtIEVDLTM4NCBDQTAeFw0xODAzMjYw
+NzI0NTRaFw00MzAzMjYwNzI0NTRaMHQxCzAJBgNVBAYTAlBMMSEwHwYDVQQKExhBc3NlY28g
+RGF0YSBTeXN0ZW1zIFMuQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhv
+cml0eTEZMBcGA1UEAxMQQ2VydHVtIEVDLTM4NCBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IA
+BMQojqsYW2q+bmQ3Y+TN7Ks698yhuA6CSdeGKZ+hlPLjYHiYgXgGTfLsmg5XYIOftOYXLxqz
+XQJbiSM8whEFKqeIExjzUITXvTQsJ4lV/85M59+mHyjE8FTDuXy3U63rwqNCMEAwDwYDVR0T
+AQH/BAUwAwEB/zAdBgNVHQ4EFgQUjQZmdCR2OvOJ97zWvUd9L7wQX0swDgYDVR0PAQH/BAQD
+AgEGMAoGCCqGSM49BAMDA2gAMGUCMANVLabmGMR878lQbsEnD5yHr27VGwgYvZIpwe+UkXjS
+OhxViWLlGwkeumRr8Xa01AIxALRChJn/q+ee+5GXJ13csFswcc5eOBpq2SXn6vdhklb46to2
+wodlli5yJS9/38MTyQAAAAIAHHNlY3VyaXR5Y29tbXVuaWNhdGlvbnJvb3RjYTIAAAF8EFmt
+SAAFWC41MDkAAAN7MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQG
+EwJKUDElMCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe
+U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoXDTI5MDUy
+OTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMg
+Q08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmljYXRpb24gUm9vdENBMjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAVOVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2
+l9amZIyoXvDjChz335c9S672XewhtUGrzbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq
+1LXaQZAQwdbWQonCv/Q4EpVMVAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjr
+appdUtAtCms1FgkQhNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVK
+kaHnFtWOojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw
+awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5csOPEK7DzP
+MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBM
+OqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpFcoJxDjrSzG+ntKEju/Ykn8sX
+/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXcokgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+
+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6q
+tnRGEmyR7jTV7JqR50S+kDFy1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0
+eg29mvVXIwAHIRc/SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03AAAAAgARc3RhcmZpZWxk
+Y2xhc3MyY2EAAAF8EFmtSAAFWC41MDkAAAQTMIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0B
+AQUFADBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywg
+SW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMG
+A1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxk
+IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3DQEBAQUAA4IB
+DQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTYbitTkPskpD6E
+8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZJRRU6ybH
+838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZ
+GD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSN
+F4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgED
+o4HFMIHCMB0GA1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/
+X7fRzt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJm
+aWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENl
+cnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhi
+v45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsg
+Gh1o+Re49L2L7ShZ3U0WixeDyLJlxy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMt
+lb71cZBDzI0fmgAKhynpVSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNzi
+PTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5QAAAACABthY3Rh
+bGlzYXV0aGVudGljYXRpb25yb290Y2EAAAF8EFmtSAAFWC41MDkAAAW/MIIFuzCCA6OgAwIB
+AgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1p
+bGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0
+YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjEx
+MjIwMlowazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlz
+IFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBS
+b290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv
+UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx
+4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZU
+j5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekci
+RDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmS
+Bp+Z07/T6k9QnBn+locePGX2oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqE
+guNTVHnd25zS8gebLra8Pu2Fbe8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeIC
+rHuS0E4UT1lF9gxeKF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1
+fEwZtN4Fv6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn
+fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7jPKxwV2d
+pAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7YnzezhwlMkCAjbQMA8G
+A1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbtifN7OHCUyQICNtAwDgYDVR0P
+AQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQALe3KHwGCmSUyIWOYdiPcUZEim2FgKDk8T
+Nd81HdTtBjHIgT5q1d07GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lS
+cWoWPBkdg/iaKWW+9D+a2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a
+2hi/a5iB0P2avl4VSM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANA
+TIGk0k9jpwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX
+X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo
+2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0
+Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+k
+QSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2
+sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXh
+lgAAAAIAJXRydXN0d2F2ZWdsb2JhbGNlcnRpZmljYXRpb25hdXRob3JpdHkAAAF8EFmtSAAF
+WC41MDkAAAXeMIIF2jCCA8KgAwIBAgIMBfcOhtpJ80Y1LrqyMA0GCSqGSIb3DQEBCwUAMIGI
+MQswCQYDVQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAf
+BgNVBAoMGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEds
+b2JhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMxOTM0MTJaFw00MjA4MjMx
+OTM0MTJaMIGIMQswCQYDVQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0No
+aWNhZ28xITAfBgNVBAoMGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1
+c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEB
+BQADggIPADCCAgoCggIBALldUShLPDeS0YLOvR29zd24q88KPuFd5dyqCblXAj7mY2Hf8g+C
+Y66j96xz0XznswuvCAAJWX/NKSqIk4cXGIDtiLK0thAfLdZfVaITXdHG6wZWiYj+rDKd/VzD
+Bcdu7oaJuogDnXIhhpCujwOl3J+IKMujkkkP7NAP4m1ET4BqstTnoApTAbqOl5F2brz81Ws2
+5kCI1nsvXwXoLG0R8+eyvpJETNKXpP7ScoFDB5zpET71ixpZfR9oWN0EACyW80OzfpgZdNmc
+c9kYvkHHNHnZ9GLCQ7mzJ7Aiy/k9UscwR7PJPrhq4ufogXBeQotPJqX+OsIgbrv4Fo7NDKm0
+G2x2EOFYeUY+VM6AqFcJNykbmROPDMjWLBz7BegIlT1lRtzuzWniTY+HKE40Cz7PFNm73bZQ
+mq131BnW2hqIyE4bJ3XYsgjxroMwuREOzYfwhI0Vcnyh78zyiGG69Gm7DIwLdVcEuE4qFC49
+DxweMqZiNu5m4iK4BUBjECLzMx10coos9TkpoNPnG4CELcU9402x/RpvumUHO1jsQkUm+9ja
+JXLE9gCxInm943xZYkqcBW89zubWR2OZxiRvchLIrH+QtAuRcOi35hYQcRfO3gZPSEF9NUqj
+ifLJS3tBEW1ntwiYTOURGa5CgNz7kAXU+FDKvuStx8KU1xad5hePrzb7AgMBAAGjQjBAMA8G
+A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJngGWcNYtt2s9o9uFvo/ULSMQ6HMA4GA1UdDwEB
+/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAmHNw4rDT7TnsTGDZqRKGFx6W0OhUKDtkLSGm
++J1WE2pIPU/HPinbbViDVD2HfSMF1OQc3Og4ZYbFdada2zUFvXfeuyk3QAUHw5RSn8pk3fEb
+K9xGChACMf1KaA0HZJDmHvUqoai7PF35owgLEQzxPy0QlG/+4jSHg9bP5Rs1bdID4bANqKCq
+RieCNqcVtgimQlRXtpla4gt5kNdXElE1GYhBaCXUNxeEFfsBctyV3lImIJgm4nb1J2/6ADtK
+YdkNy1GTKv0WBpanI5ojSP5RvbbEsLFUzt5sQa0WZ37b/TjNuThOssFgy50X31ieemKyJo90
+lZvkWx3SD92YHJtZuSPTMaCm/zjdzyBP6VhWOmfD0faZmZ26NraAL4hHT4a/RDqA5Dccprrq
+l5gR0IRiR2Qequ5AvzSxnI9O4fKSTx+O856X3vOmeWqJcU9LJxdI/uz0UA9PSX3MReO9ekDF
+QdxhVicGaeVyQYHTtgGJoC86cnn+OjC/QezHYj6RS8fZMXZC+fc8Y+wmjHMMfRod6qh8h6jC
+J3zhM0EPz8/8AKAigJ5Kp28AsEFFtyLKaEjFQqKu3R3y4G5OBVixwJAWKqQ9EEC+j2Jjg6mc
+gn0tAumDMHzLJ8n9HmYAsC7TIS+OMxZsmO0QqAfWzJPP29FpHOTKyeC2nOnOcXHebD8WpHkA
+AAACAApjZmNhZXZyb290AAABfBBZrUgABVguNTA5AAAFkTCCBY0wggN1oAMCAQICBBhKzNYw
+DQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQ04xMDAuBgNVBAoMJ0NoaW5hIEZpbmFuY2lh
+bCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEVMBMGA1UEAwwMQ0ZDQSBFViBST09UMB4XDTEy
+MDgwODAzMDcwMVoXDTI5MTIzMTAzMDcwMVowVjELMAkGA1UEBhMCQ04xMDAuBgNVBAoMJ0No
+aW5hIEZpbmFuY2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEVMBMGA1UEAwwMQ0ZDQSBF
+ViBST09UMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA111rzRA/HwVZ1QVNN7EO
+7JgrjhUd+pNLF4IhcRBS11FkcBbCVWlNjhVtn78MG8Lgo2fWDKzPIq6vd1QqS0yKU1J6w+4u
+3rNxJcHpXT3uoS+j9yo8ySMdaqsdoafx8+yg1UTPFc9yLx1jl+iZ+f2TpFSATFLUUqsuSd+Q
+zbhfvj/eocpNINQl6IQpU7exiB//+tqQnwqpLUE/sfEYKe4WWSw0SRqoBteoiNIDcnoy4upo
+TW4slmV7yln68uLd7jAs+8xGrMRj629/Nis0cxKUf9/MJp7xcl1QZVmPabOHXjJvwxiKtZWP
+sHo33lpFO8c24e9n0TnTl1tzYhlILYccBvt0mCBJc/AF0huxoKO3G3DTiGm5WtY49GLcJYt4
+v/jofrhcyZVPX6ctuSBrz2vd9Q30grf0smYuECj2l1p7lhaPARktbG5/OVgGZIMBg4PDTZLd
+MsaHpDfpFs6qLWivCoFlOnDBm61NbVTKKi1LhRuzgOZwRQ1rXjXwfzu4nOQEcIkSJZPaCpki
+YGpjYE52BphOvYOtHViKJYXSx2UeLY7G37bG4X+KBCEVKXTwPpyQnQwu8Yo+WqoMCR7H1Tyj
+7ZfDHjT6OPkIDuPAXSuD0VZqybaoVFMueDJnPYJ/dND74bYFYLlw244L+RNYb3FgEFIQucFB
+Ce9yH2cxeP+WBY0CAwEAAaNjMGEwHwYDVR0jBBgwFoAU4/4t/SjQC7W6tqLEvwaqBYyT+y8w
+DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFOP+Lf0o0Au1urai
+xL8GqgWMk/svMA0GCSqGSIb3DQEBCwUAA4ICAQAlxrpr64fL3oI5lj3wRKdrhHMD3p0rT7og
+f7x4ss+XsBuc89d5LvVIttL7F4jm03o/7VMT0OIvannLACMo5h43VzWJhMJ2TzQ2rWfDzkEG
+iMX37tgauNYLf1D/k6oXS4zs7VJgsqQG6k7r9GsZ/ev1GuAlKprcx0E298h0BYQ5lTnWCzuk
+J/oI2Fwe+ARgUhEoKAP/71NmAKVKNBZmfP0JpK6eZxpvQQtrBhObj4ZxBbQvjYlmMyl2VJoR
++Cf6sj+R4M4NG/MwGq2/Il0b078lBU3hkhp/mZ88RJPK1EBJbICH1wQ6wzJSNQ5W+KXdfcSL
+DREfU8seshe2aHda4NTLyAeu9Toujje30AFLQyl3jDmXj4Ja+FHliaAY52h/XQou+6NHDj2m
+I3rGAcePyF6/bYBWvookujPqn+EyEZ7x0k+A9htArzieEVB5cxISzeZsnSyIcjwwgQaRIupZ
+rdoZLiLCjbmMh+BmvHMjXyFkY4BI9aA8GD2UyEhBHUC6Xv7+VjmhyM9enhlkRhDaF5G3BYCs
+i5mSfeei2AcLNifnSHlgisPXE1z4ckDfSsvPmQAKAAsRldpWRQOICp9n0NV5saiNQG0NwnpA
++vNfZEeSy1O5u1nOT/3QFVMB2N/r2eZ279AjuzupebPVAinNiaOWD0o1505CwHXNB8/mLOt7
+LgAAAAIAFWRpZ2ljZXJ0dHJ1c3RlZHJvb3RnNAAAAXwQWa1IAAVYLjUwOQAABZQwggWQMIID
+eKADAgECAhAFmxtXno4hMuI5B72nd3VcMA0GCSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAf
+BgNVBAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBHNDAeFw0xMzA4MDExMjAwMDBaFw0zODAx
+MTUxMjAwMDBaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNV
+BAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBH
+NDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL/mkHNo3rvkXUo8MCIwaTPswqcl
+LskhPfKK2FnC4SmnPVirdprNrnsbhA3EMB/zG6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/G
+nhWlfr6fqVcWWVVyr2iTcMKyunWZanMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O
+7F5OyJP4IWGbNOsFxl7sWxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13j
+rclPXuU15zHL2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJB
+MtfbBHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObURWBf3JFxG
+j2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6nj3cAORFJYm2mkQZ
+K37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxBYKqxYxhElRp2Yn72gLD76GSm
+M9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5SUUd0viastkF13nqsX40/ybzTQRESW+UQ
+UOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+xq4aLT8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS31
+2amyHeUbAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1Ud
+DgQWBBTs1+OC0nFdZEzfLmc/57qYrhwPTzANBgkqhkiG9w0BAQwFAAOCAgEAu2HZfalsvhfE
+kRvDoaIAjeNkaA9Wz3eucPn9mkqZucl4XAwMX+TmFClWCzZJXURj4K2clhhmGyMNPXnpbWvW
+VPjSPMFDQK4dUPVS/JA7u5iZaWvHwaeoaKQn3J35J64whbn2Z006Po9ZOSJTROvIXQPK7VB6
+fWIhCoDIc2bRoAVgX+iltKevqPdtNZx8WorWojiZ83iL9E3SIAveBO6Mm0eBcg3AFDLvMFku
+ruBx8lbkapdvklBtlo1oepqyNhR6BvIkuQkRUNcIsbiJeoQjYUIp5aPNoiBB19GcZNnqJqGL
+FNdMGbJQQXE9P01wI4YMStyB0swylIQNCAmXHE/A7msgdDDS4Dk0EIUhFQEI6FUy3nFJ2SgX
+UE3mvk3RdazQyvtBuEOlqtPDBURPLDab4vriRbgjU2wGb2dVf0a1TD9uKFp5JtKkqGKX0h7i
+7UqLvBv9R0oN32dmfrJbQdA75PQ79ARj6e/CVABRoIoqyc54zNXqhwQYs86vSYiv85KZtrPm
+YQ/ShQDnUBrkG5WdGaG5nLGbsQAe79APT0JsyQq87kP6OnGlyE0mpTX9iV28hWIdMtKgK1Tt
+mlfB2/oQzxm3i0objwG2J5VT6LaJbVu8aNQj6ItRolb58KaAoNYes7wPD1N1KarqE3fk3oyB
+Ia0HEEcRrYc9B9F1vM/zZn4AAAACACRlbnRydXN0cm9vdGNlcnRpZmljYXRpb25hdXRob3Jp
+dHktZzQAAAF8EFmtSAAFWC41MDkAAAZPMIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVl
+rVgwDQYJKoZIhvcNAQELBQAwgb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJ
bmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQL
-EzAoYykgMjAwOSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAw
-BgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoS2ctueDGvimekwAad26jK4lUEaydphTlhy
-z/72gnm/c2EGCqUn2LNf00VOHHLWTjLycooP94MZ0GqAgABFHrDH55q/ElcnHKNoLwqHvWpr
-Dl5l8xx31dSFjXAhtLMy54ui1YY5ArG40kfO5MlJxDun3vtUfVe+8OhuwnmyOgtV4lCYFjIT
-XC94VsHClLPyWuQnmp8k18bs0JslguPMwsRFxYyXegZrKhGfqQpuSDtv29QRGUL3jwe/9VNf
-nD70FyzmaaxOMkxid+q36OW7NLwZi66cUee3frVTsTMi5W3PcDwa+uKbZ7aD9I2lr2JMTeBY
-rGQ0EgP4to2UYySkcQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
-/zAdBgNVHQ4EFgQUanImetAe733nO2lR1GyNn5ASZqswDQYJKoZIhvcNAQELBQADggEBAHmf
-HZbGtnk/Io2H04cDBGBqa5ouWYlzEaxD0fUT/405K8DyvU9wjKkv6hfEC1Se1BuWmDM8qK1i
-ogB2q1lpbgYdfsS5RI2YrxLUYdsKGUZH8+v3Y8FABUCl0rf0tZo2v6mIdogEVQQrnId/Gjc8
-fi2lGtjUiV7Kvaw9bNhtr9Xzdg/NO4g4Ip1sk5rEPb+CG2U/pg9dqvzlshXKta3GvD3QhOjq
-BnKwTTkyeL8+EZwLpJ2aIfPwmwsweNvB3IdD/rxjmsrFwhzJx43/OxJYCOa2Pex6LE77g5bO
-DDxph1RzpHPCk/9REKwVVAHY/AWxiaF/dIOaSdfcTnuKSG+LRfYAAAACABdxdW92YWRpc3Jv
-b3RjYTJnMyBbamRrXQAAAVbCSdyOAAVYLjUwOQAABWQwggVgMIIDSKADAgECAhREVzQkW4GJ
-mzXyzrgrO1unJvB1KDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQ
-UXVvVmFkaXMgTGltaXRlZDEeMBwGA1UEAxMVUXVvVmFkaXMgUm9vdCBDQSAyIEczMB4XDTEy
-MDExMjE4NTkzMloXDTQyMDExMjE4NTkzMlowSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1
-b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzCCAiIwDQYJ
-KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKGuJbIBGNxXiD9G6/mv4usjceKa0WFmIV+qrydR
-5W4bFtQtfVCwU3e9eDpg4mQCm3yGm9Yajq3/HxV/1ZUeEsvmFIQEwd82sxafiuPJ25g0ztgz
-FyhG/KfJ8NK01U0Jckn58ofjqdp9oX1rsjolqW1SRKz4vm773KZzkZBhpgMUIPLnh6OIra2g
-jP+mCyVSJecWAdXLuDWBDKM78OHh/FpdzoBxbfhJqz47urjXgAH7petbs8VeYCoxoK836CA6
-n6gyLAzMCR3Tno5dvEyY7sUaaHvsU6bpFDWj382AnwxI+xz08b9KuPrVjHFKxx+t/kGas4Nd
-8oRW76VXQ84prYyrVb/E+1sB3SMhoVgAjsPQahPtE+MSK4DcZ+aVss0eIm4q+EHU8soUB42K
-VRLGafW4hmgvU16w0qohwZjmMONnVcebbqwZqFWmRQbQIzrb62VdKhER8DtPym30NMRx5P8A
-WvZcriNghXPx5BCxJa7VkrsTwQzgOdq0OVe1qzWqciE7gzXnMd96IW64Mgh9HTKRFUpics/j
-d6G81REbdgFnCOBBC8PrFW74pBnZoquv4idSVisCiiwUJPm/QgK/JsjGj+BuOH1TLeXtmLOV
-Y2h/+TX034jFYDWSwHxpHGGVFtDr3guvPgQQRWVYUDivSPJZthbyPA2QAsZwLgGtPBXXAgMB
-AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTt5292
-Wr9g7ElbxqV3u3IWcZvEPTANBgkqhkiG9w0BAQsFAAOCAgEAkd+AP0MJfnHC9+uziI/hUbK8
-PXX5KF3IvJmbe12q5crhCvfostOf3WcxfroBqsdqQTuQ1AhcsmBqkPDIzgNi+Yvt+24q3AZN
-PCkPiRaKWExID+iEYeo8cqZ35EKuiKNDWHl+rsqlUw2pPXC9IBlhpGw4/EMy4cFH//js8REi
-MpacwvZbaZZ7IAxDQZpb9lkZiN5ViDdRC3hcCh6jQv3HnYgPwPJ4AiRUk6+Jh4jJSoAd6tBu
-PmEuNrs1DieW/WY0O2Fyc/EWXEcGVEkAelgSsArvhf2xuDN1apMcEuZgXm8df8kfI8uEYZ8e
-gkT5X61iVSSaUpjtUeehfpc65i8fEdpTgCyFnqs1ENsiX2rFXpdT8jICCTCjWPANAdVyxrF8
-aXvD9TZFzGFuXkyUxV6u6A5ei7/3zeDtoQ4bM+5UGP4Pvu9+hGtD43CY2111sg1ZB4UVIznW
-8d+pJg/WSMezpiL1MzdalUefe7oYFW//1hRkg0nSCmch2w81Y2AoIuOxlYPNhabdLw/nZ1Ju
-uy+FfPVKc+fFPsC9IRIFP/y3A0kCW8gl5uJUOPV5h4wdU7JOhXsGOMcs+Piwco0l5XdS9AMc
-SKZQX4ggMG7ygkOrPZeE51P7IcFPDyKahrhZKvZHPRmILeiF4Z7shQhqsWw0yR3sSCs7eO1m
-xI55aYPef4wAAAACACN1dG51c2VyZmlyc3RjbGllbnRhdXRoZW1haWxjYSBbamRrXQAAAVbC
-SOI3AAVYLjUwOQAABKYwggSiMIIDiqADAgECAhBEvgyLUAAktBHTNiUlZ8mJMA0GCSqGSIb3
-DQEBBQUAMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFr
-ZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6
-Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0
-aGVudGljYXRpb24gYW5kIEVtYWlsMB4XDTk5MDcwOTE3Mjg1MFoXDTE5MDcwOTE3MzY1OFow
-ga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkx
-HjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMYaHR0cDovL3d3dy51
-c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNFUkZpcnN0LUNsaWVudCBBdXRoZW50aWNh
-dGlvbiBhbmQgRW1haWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyOYWk8n2r
-QTtiRjeuzcFgdbw5ZflKGkeiucxIzGqY1U01GbmkQuXOSeKKLx580jEHx060g2SdLinVomTE
-hb2FUTV5pE5okHsceqSSqBfymBXyk8zJpDKVuwxPML2YoAuL5W4bokb6eLyib6tZXqUvz8ra
-baov66yhs2qqty5nNYt54R5piOLmRs2gpeq+C852OnoOm+r82idbPXMfIuZIYcZM82mxqC4b
-ttQxICy8goqOpA6l14lD/BZarx1x1xFZ2rqHDa/68+HC8KTFZ4zW1lQ63gqkugN3s2XI/R7T
-dGKqGMpokx6hhX71R2XL+E1XKHTSNP8wtu72YjAUjCzrAgMBAAGjgbkwgbYwCwYDVR0PBAQD
-AgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFImCZ33EnSZwAEu0UEh83j2uBG59MFgG
-A1UdHwRRME8wTaBLoEmGR2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0
-LUNsaWVudEF1dGhlbnRpY2F0aW9uYW5kRW1haWwuY3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMC
-BggrBgEFBQcDBDANBgkqhkiG9w0BAQUFAAOCAQEAsW1hXaYaf3yrSuQw/FNvJSTGyu3iMVwr
-Du7uYVVvBD7POd7FG0mU5OsgTLTmnlAuctmN9aqjs0raVhxgl4DcgqKtSr2KK/8LCbTG1yAE
-ReTNgAG6uituzqrXkv7kr+v0Jh0WKn9sMJU3LzMSrH/dx9ERjFGYstCjkdCt9p+eg5MeHUK4
-Rq9rZvCbf+rjAwLlAlHBqtU1nXJAA4m6MR3FEGhSnt+ihcVcCKZ45lNPsei30xSek6bDZOOs
-fnHNvJ/pAxvM++msMcGvfBV0ApnDskemwjJh18dvSCRRJ6HVh1Xye4+YPRae7nW2+NCO8vPG
-rihbp/DzNhf8wwXTygNKVAAAAAIAE3NlY3VyZXRydXN0Y2EgW2pka10AAAFWwkjajAAFWC41
-MDkAAAO8MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI
-MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNV
-BAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDEL
-MAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQD
-Ew5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWV
-zfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6
-pkjGnx29vo6pQT64lO0pGtSO0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgU
-XPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPe
-Zqx2pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS
-8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjATBgkrBgEE
-AYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
-QjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2NybC5zZWN1
-cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQAD
-ggEBADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+
-DCMh/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr
-5Fiiu1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUF
-dAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR
-3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jEAAAACABpjYW1l
-cmZpcm1hY2hhbWJlcnNjYSBbamRrXQAAAVbCSeX0AAVYLjUwOQAAB1MwggdPMIIFN6ADAgEC
-AgkAo9pCfqSxrtowDQYJKoZIhvcNAQEFBQAwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN
-YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJl
-c3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp
-MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwHhcNMDgwODAxMTIy
-OTUwWhcNMzgwNzMxMTIyOTUwWjCBrjELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJpZCAo
-c2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRkcmVzcykxEjAQ
-BgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJtYSBTLkEuMSkwJwYDVQQD
-EyBDaGFtYmVycyBvZiBDb21tZXJjZSBSb290IC0gMjAwODCCAiIwDQYJKoZIhvcNAQEBBQAD
-ggIPADCCAgoCggIBAK8Ay3A3K4BaSjpseJR9o38aH/Y11b3byw1Ecj4mspBSumM7KFhvpbNt
-lKbz3WQMVfb25/IiIoBe4WLGtinhgWzyv+V9MmpUoDIZWf4fi9c9YIaFJG/jEbN3PiCWNSFr
-swjZcC5k94SSU9YOsJCKiuOHjQbTvZAO4pmhG4YO2poKuwthUAZS8Z5/duzLD9AeDc+ZMD0c
-xEUQWKzW0+jX5erFAQd31lHmA3+KSKVNaHW56byeThlx9TJLnG1gGQv7zJ113L8mzY+TeDl5
-c14lDspc63cSB8tkQUdyk6tQw+sJdmQ00jm3dhEJDXZFxKmuPWqvtX1lL5RYEOxcfK9+4rYY
-2dCbTlpJ36lmC8w8xnh8p5wd486OU74F3mAPa+Ua2z/j4SHJKcHx6wecUhsBRFE8eyXXxOVS
-VF0lB8oWILit5EHuegj+mW+DppECsGw2VWrnffWW5sqB1pfxlIPp7bCxaxJpHqz7XanFmOm0
-W1h6vj2iRDpjWdQLJd4bT73lAZ7N0inVnxcZCm+/DJDTCV/Z44o1zHlaTRk3krfEwa2v9Hkk
-mrIBC7GvXJbzgDL7XD2Y8aA/St6+r5Qu2VWaF25gnWNsuGPJroFcGDXgkLu+PE83Irl+68+e
-dyGmPTiB+0jaMT0r44n10LW9fuBQxBKJsyOaEDGF265v7zgzGHYRAgMBAAGjggFsMIIBaDAS
-BgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQWBBT5JKwPsrX4ecD6YIgbxNlNAp4XGTCB4wYD
-VR0jBIHbMIHYgBT5JKwPsrX4ecD6YIgbxNlNAp4XGaGBtKSBsTCBrjELMAkGA1UEBhMCRVUx
-QzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJt
-YS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJm
-aXJtYSBTLkEuMSkwJwYDVQQDEyBDaGFtYmVycyBvZiBDb21tZXJjZSBSb290IC0gMjAwOIIJ
-AKPaQn6ksa7aMA4GA1UdDwEB/wQEAwIBBjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEF
-BQcCARYcaHR0cDovL3BvbGljeS5jYW1lcmZpcm1hLmNvbTANBgkqhkiG9w0BAQUFAAOCAgEA
-kBKvIjXCoznwLt7ptel4fEi+P31Fkl7p2rEZ/BY8n7RbZp5q58O5XYjoD63PIw/eJTpezE+l
-wbUtrCTSWAfeos9phGAz6BANE6kj0IXljnumnj1yE3Iz9ap9xmMfCPT+AX8kzyssVAne4itt
-ksY5TxbqPH56RtRFakao63WCVqeroHxoEzP2nTDwbyc5JCMqkP2QKTXyk980pcb3+O+MD2JK
-fK7T9VT4jbaaVocWgjozq1oiCPeCuuou4EeatLVFowU72dwuRUA76tx/6Dvr0ewm2DWkMMU6
-rFees3alIHv5HkoFYgGmKHVgl5INbj5NN0MNkhWcGCLNUZmgKRo8X4oyM1swx4kvR5gPowPG
-9vGs3zLw2YEa5Jy99oAU8NEsuYX12KOxyKUh5RwTl+4Ovd8pqe80U1vT5GoThAa2MgLEUq4i
-0tyyIUIa2kDwKcnsCgxc4tC6zEjTNwrMEgqKebA9A39pS/Q0IH2zNOqOS2T1Pv2zI2cVDQS4
-8C3BCVE8smwV8KUj14N05OUuyf6YJ0LGq8aesNBbOKWbUN5+GJi1RTv2ebTo9xp7BoP70Iva
-u8e9GKsIbzyAa0A/GRm6ZYrmvtVc0zbX70BSJGA4ZwQx7I/zgsbeuVXzOzGRWty1CBWtdiUK
-DXsuh+IMpga8JhBtN53s3XiMfIDF8Nl3SNAAAAACABdnZW90cnVzdHByaW1hcnljYSBbamRr
-XQAAAVbCSTGaAAVYLjUwOQAAA4AwggN8MIICZKADAgECAhAYrLVq/Wm2FTpjbK/a+sShMA0G
-CSqGSIb3DQEBBQUAMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTEw
-LwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2
-MTEyNzAwMDAwMFoXDTM2MDcxNjIzNTk1OVowWDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdl
-b1RydXN0IEluYy4xMTAvBgNVBAMTKEdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBB
-dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+uBV7/9R8fWetg2R7
-yEJTLd/2hAggYdYBWWqcRBGv73b9lX7OYTC7eoNfAr0BZsruFY1voTCcvaGFnpQ681aIADHP
-2O5qlgLZ7QOM+3Vt5+q4VRYFFpr04F6xiMBkhVwVTYjHt7rgdemtBT2dx4lI4LsoyAPhMJNk
-XlLAWXAiNVeIivGVCoPXvDFzATTt70Zx4GsCqDVya5ebZuDLHHlf2BoEaB5HAuadYOI2lwHf
-zjWS375nx213WTuPndaQFZS8QjQQwTn5sSc+ftaKdcWyr5bTot6b5Ji+feHpga22b/zXDtrg
-NLANGnfn4wiY71j6nIS3Nq/C36zS9BAGcHE1AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8w
-DgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQs1VBBlxWL8I82YVtK+2vZmckzkjANBgkqhkiG
-9w0BAQUFAAOCAQEAWnB/LN23NE/1hlGpJr5LuKrxcQ3cYceg6jQeencPBDXoJ49skL+RFiRG
-PkpOzisW1QtSHfwfZ6ICRTFPzvP6A6d5nVNq2dpjOviA19OZ4aXhvtRVcZg1Or6T6q6tQrKQ
-b+D8IU01YzOJSdabTsrH504JAPfax++ZYpl3tpUiXoqgq/S4eJjKOBmZyXKeeM1LrK8ZoHMS
-LfzCQbqBkdoWWjG3+bRxgBJImXJzWllTwWNSM+2nydI5AnD64LFCZimqm1HtMFQiFF/Zqx3B
-5JTw+PUr9+rKeEbWuJH9pg0rGhQBPoDwQqCVB15tzcxLpEWNqxLos95a5aB86A8iHVrpWQAA
-AAIAGWlkZW50cnVzdGNvbW1lcmNpYWwgW2pka10AAAFWwknvngAFWC41MDkAAAVkMIIFYDCC
-A0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJV
-UzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS
-b290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBKMQswCQYDVQQGEwJV
-UzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS
-b290IENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9R
-YYKyqU+PZ4ldhNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYof
-WjK9ouuU+ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp
-S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1bVoE/c40
-yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORiT0/Br4sOdBeo0XKI
-anoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCLvYf5jysjCiN2O/cz4ckA82n5
-S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjKVsk9+w8YfYs7wRPCTY/JTw436R+hDmrf
-Yi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT
-7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNk
-K2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqx
-C0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
-/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQADggIBAA2u
-kDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH6oi6mYtQlNeCgN9h
-CQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqas6pgghstO8OEPVeK
-lh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cndJZ5t+qntozo00Fl7
-2u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzl
-VYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUX
-feu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU4
-7/rokTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG
-4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZmUlO+KWA
-2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A7/qxXDgGpRtK4dw4
-LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6HAAAAAgAbdGhhd3RlcHJpbWFyeXJvb3RjYWczIFtq
-ZGtdAAABVsJJIX8ABVguNTA5AAAELjCCBCowggMSoAMCAQICEGABl7dGp+q0tJrWSy/3kPsw
-DQYJKoZIhvcNAQELBQAwga4xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4x
-KDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xODA2BgNVBAsTLyhj
-KSAyMDA4IHRoYXd0ZSwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MSQwIgYDVQQD
-Ext0aGF3dGUgUHJpbWFyeSBSb290IENBIC0gRzMwHhcNMDgwNDAyMDAwMDAwWhcNMzcxMjAx
-MjM1OTU5WjCBrjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UE
-CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDgg
-dGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0
-ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-ALK/Jyz729hb3Xh7G553ZoHLPrx8rvOmJ5o0o2gxcTgzYuTzcWZ5sallo6WL1Y9gLT9CzKpr
-MsAjyyxB3eTf/GGc4nOyIpURQxhfxLYfV2wKBVgiyDZMOnyl0c+Gr4inRAITdHFzCkJZAvgb
-FGtC329fumuCop1b50q9HgFy20t06Dt/f30fBLQmm+C0WqxHPVW417AmUigBMUBm2NkkvfYq
-2OwhSVyb9nrpf1U1fpZrjZOTJ8uSu+qsQMCfwviAz130WtzOdIamPmwLU8q9ks4ZBnLmDFw4
-accE1rxszlv292ic3CUVSIih6an4mJzg89UxKGERbGeWjTmZy8JFJDkCAwEAAaNCMEAwDwYD
-VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFK1sqpRgnO3k//o+CnQr
-YwP3tlm/MA0GCSqGSIb3DQEBCwUAA4IBAQAaQNiVZawJkonGOfQQ5akOZlNdeN76JJG750RR
-38YWNArvakRR6isHigN6w+s/CixSFqArQ7klkD9wqTMlbUUaKDsnz6rDKUIb3ztMwDM0W0GI
-v2srZa8o77L1w6pmzntW7rfIy2fByZwaGLjEw0kD8WAOUM1GxfN3efe2FeA428cvKKAMP3cm
-dNklEtox2hoe3ClBkSI8aae7AvK2XCcDifQG6pvkcoLjoQnB6QAZ0z7UcGu6caaqWK70u+ls
-tu+HzJu7/znmVmHTCqfEXExgewV3Jnq/2AdSLGL3cGPZObxvHMJ53HYpr87FLGQEXog2bjHU
-QBpiNDY/NQGurGOgAAAAAgAVYnV5cGFzc2NsYXNzM2NhIFtqZGtdAAABVsJJKpsABVguNTA5
-AAAFXTCCBVkwggNBoAMCAQICAQIwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UEBhMCTk8xHTAb
-BgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMg
-Um9vdCBDQTAeFw0xMDEwMjYwODI4NThaFw00MDEwMjYwODI4NThaME4xCzAJBgNVBAYTAk5P
-MR0wGwYDVQQKDBRCdXlwYXNzIEFTLTk4MzE2MzMyNzEgMB4GA1UEAwwXQnV5cGFzcyBDbGFz
-cyAzIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCl2gqVFlDjlfJe
-nXYxBjJ6m/EQdrgAmrVSNs0kR7CfGGS8mvb61XnYkGJMIi/eOD3W4KjpHCzbeBHpjmhRFXLH
-8zOH5KBdC1zgVwcqMPXNxDd3KE0Ykea/1VL9cS1wPufGxIrj8CgL9HaYoYuHVbI6E/y3Pic3
-jiLjqE8q72C7Pbc5ww4BR5ldEk/bQ/pXoe35nb4RRyZbE5irXRaKsDccV51F/4iWNr+7ygd7
-b4dj19AyatZdbAzxs2454msxLjkAJxTeOMDsGWaGEuidchYTZFLHqTcc/YIw7YQYHfSuXP9w
-EwDrsfUzekvWVfgFjUtpsPWzKDZcFMRRc01rC/E0B9sXOdfcKHtr9Z/zLsFPFyoQ88zK6Ov9
-a6sump8tgm4E1FIBky09hvx+/N/vQh2ma++5IMb3vaCnlf2n5okk2MyMNGziIy/ZEhohuVWR
-bwuReRkMrUCIC3DietIO2GhIu4ITORBY6dgqB8YS21jb0jtVEEcFFWdifhhjpkY/CQ5UMl6/
-DWJ6J++A6NvZSwZaN1ol0AgSd9RvCVCXPcgdw9+MRTBWxtNkq2bzwF6WnMPE78N8a4s6eX+z
-Sc894omfoDBLhbmclCR5j31rqUVoDyvQ8docy2m4yklibcjQY2LdYA9Yqo+hvAWlZqLPG3ay
-hGSxTDlSwDC68IxLArC2twIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRH
-uM3/5W/u+LLsL04O+SWwjjxrwzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIB
-AAAgI0E1BJDCQGJg7+I1TNc/rOI0kLihb3b6FhakSDcs6ZDC8jz4Cp/YgeW7W9olLKSnVXEk
-MvbIC/K8aviTrLIHwl+f28zIiqq+am/hSRDMMdeAu7vI2KIOZFfqovXCqTEV0iBq7PwiASjP
-hriAHqnMEaU88hazR5380oAhxMvQR3BBocqDGQgsbfJdd5yKFBPUNhyS8OUGN9ym5pCbOI9c
-axtGhkNCXz4BB1NUXWV994pzoZpUWh8pQxQnwoUPtYh7GjuUtx1gp7Wc5ylpV1qbk3pDMBsD
-12LIQKaq/GTkSteRUwGoIIhunF9EuctggTTsb9N92khf67SQvC2pHAusHNWiaCCABNb8sY8v
-u0oxDUqGHOviNikm9drYxPJ1Yc9+rnZjSnpAZZOH+B6AjIblhtaPDvxTLGDoFmEaoj5De805
-YFRq9fKJJgFog0iiM+jJBJGyETQRPurQQxkfA5OQDP9RPVf0QW7hy6C+68ljzW3M5Pg2qmid
-7b1dl3BEDbYONdzhDF27oFGUy34W6xEvo5JFyExx2bzJmVJXRi9Qz701afQ9Fc4GpSwPPvaB
-upS7w7u/ZXjShnn/STsagwzw3njsyPJNTBregin4wVra7e7mJ17oRdCdHFGoaKtE49CLauP4
-O7vcTddk8lG+5qqrWukx7ga8c78TYgqfx7mXAAAAAgATdmVyaXNpZ250c2FjYSBbamRrXQAA
-AVbCSZyAAAVYLjUwOQAAArQwggKwMIICGaADAgECAhBnyOHo474cvfyRO46mI4dJMA0GCSqG
-SIb3DQEBBQUAMIGLMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRQwEgYD
-VQQHEwtEdXJiYW52aWxsZTEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRUaGF3dGUgQ2Vy
-dGlmaWNhdGlvbjEfMB0GA1UEAxMWVGhhd3RlIFRpbWVzdGFtcGluZyBDQTAeFw05NzAxMDEw
-MDAwMDBaFw0yMTAxMDEyMzU5NTlaMIGLMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVy
-biBDYXBlMRQwEgYDVQQHEwtEdXJiYW52aWxsZTEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQL
-ExRUaGF3dGUgQ2VydGlmaWNhdGlvbjEfMB0GA1UEAxMWVGhhd3RlIFRpbWVzdGFtcGluZyBD
-QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1itYeGFFhlPqNHtRnO2w5i4YDv7gX6gn
-07TJ4HxZThYOc1RgwX/2ny7pOoUkFTzbRwRjw57ElBpa30x689lDHTwQenkl25D+8FHnMNZB
-AP2fKN95vpS7nbYU4yOF16lB4EykebArGovy+DuKPkWscZIAtJBBmPtf7fq3Lor4iDcCAwEA
-AaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBL6aoXgQX7eQoxn8VB
-9FZUq+nC5ZeOGP6RyQw+JmTJoUwnZKe9AZNVcW4XTzncG9xJNRA5I//Km8jPZj/cTBrUgQZC
-Uh/hJrEWF7rmcHIxROhOjVvk0/nQ448lZDHnKvgYiDYaUsUNQTUbabcm9RfMwRleS3xc4oOA
-kfov+5q3FgAAAAIAGHZlcmlzaWduY2xhc3MzZzRjYSBbamRrXQAAAVbCSVjwAAVYLjUwOQAA
-A4gwggOEMIIDCqADAgECAhAvgP4jjA4iD0hnEiiRh6yzMAoGCCqGSM49BAMDMIHKMQswCQYD
-VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy
-dXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA3IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1
-dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFBy
-aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNDAeFw0wNzExMDUwMDAwMDBaFw0z
-ODAxMTgyMzU5NTlaMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4x
-HzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA3IFZl
-cmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
-aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH
-NDB2MBAGByqGSM49AgEGBSuBBAAiA2IABKdWenxS2mSbDi1c2F6skj3+AeYZSj0UA0v6YCcg
-2YOJafpUxpoYXlUqZN4G9o1KO60QPGU9kIgEieAwYbOuXQGne958sr7KZWEAhq7aj3vQia1N
-HVmaQbG8R4DcnmLD+aOBsjCBrzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjBt
-BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMa
-hqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdp
-ZjAdBgNVHQ4EFgQUsxaR/e6mbuS1LkmPh3iBgOzlsbUwCgYIKoZIzj0EAwMDaAAwZQIwZiEM
-GCZgWjh7VkLgp/w2hFGRICx2TUM9xB2EI9Cs1nw1Bs7Nab2QDdtsSEIdDqpCAjEAnD1IOSM5
-WBoVEllqnu/VWbIdUiyZcc3HKd8bKmF7cdHe88DlDTpKqi2n2IYq3S4QAAAAAgAbYmFsdGlt
-b3JlY3liZXJ0cnVzdGNhIFtqZGtdAAABVsJJQLYABVguNTA5AAADezCCA3cwggJfoAMCAQIC
-BAIAALkwDQYJKoZIhvcNAQEFBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
-ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3Qg
-Um9vdDAeFw0wMDA1MTIxODQ2MDBaFw0yNTA1MTIyMzU5MDBaMFoxCzAJBgNVBAYTAklFMRIw
-EAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRp
-bW9yZSBDeWJlclRydXN0IFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj
-BLsiq5g9V+gmcpq1edQp4uHolYCxsONbjispmmTfoV3tsAkFbdsoLs5iomL+tIjaEus46yGd
-wEErAVJ7iHfTHI/HurmItWoJ53PoEUCn0czKYo0t5Y8LplDSqFDDKOr1qyWHipqWHKlnuD8M
-1ff5UhMvwhvVcHDwj8ASygbLmuHZyjN6d9b47LnxaERCSBPSwMKkrl5g/ramBfy03QdZAtRZ
-GJhj9aVj4JAMfV2yBnrzherr1AOuXoQ+X/8V7Wm8+Tk2cnXPd1JN88mQLLk95ckjUz8fJJgh
-XAeZKb3GOuznboY6a5d0YzO9aBgx8HiNdr/8no5dKoanTZDcJxo5AgMBAAGjRTBDMB0GA1Ud
-DgQWBBTlnVkwgkdYzKz6CFQ2hns6tQRN8DASBgNVHRMBAf8ECDAGAQH/AgEDMA4GA1UdDwEB
-/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAhQxdjuRvUWhCBaDdu08nJYQDvfdk/S3XMOOk
-EBfr2ikptnk/dvYZEyO4EAr5WKTUYXC9BGFqEooX1Qq9xbwwfNbpDCWNhkBP7MyjfjjGNxFP
-7d1oMY5M0rMBdO6+dV4HSBp/cP8WXITAeYW4Bf1/vmURow/AArT4Ujc5BNWpMXoYv6Aq9BKZ
-96NFguM8XvWdnrXInnwuyKSeTggUS239cG1rGmO9ZOYft87w8p8uuxu38lCIc5LC4uMWjZoy
-AquOGN3pEBHufjWrkK8+MJR60DM9p2UP9fyOnmLPR0QsAV27HbUy0kfSOC7Q/oHcMmoete48
-1fzngR0ZwyRC6mM5qQAAAAIAG2d0ZWN5YmVydHJ1c3RnbG9iYWxjYSBbamRrXQAAAVbCSXQD
-AAVYLjUwOQAAAl4wggJaMIIBwwICAaUwDQYJKoZIhvcNAQEEBQAwdTELMAkGA1UEBhMCVVMx
-GDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3QgU29s
-dXRpb25zLCBJbmMuMSMwIQYDVQQDExpHVEUgQ3liZXJUcnVzdCBHbG9iYWwgUm9vdDAeFw05
-ODA4MTMwMDI5MDBaFw0xODA4MTMyMzU5MDBaMHUxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9H
-VEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNvbHV0aW9ucywgSW5j
-LjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJvb3QwgZ8wDQYJKoZIhvcNAQEB
-BQADgY0AMIGJAoGBAJUPoLbwUJzoeseIzd0XDi6wlNAbPQ72lMCKlMcGyJCXyLhkGnp+bDxT
-4Tcoc2B/spdTB59T+W1YlNKvjW2IZ4Dm7bKVz3IxyqUccrpcAudkQuf5qSzWOg2sjUKqJAE5
-5pw/AYVXDViHRfjThaqTaSaFcEiAPxIVx3m0HwUvO2KZAgMBAAEwDQYJKoZIhvcNAQEEBQAD
-gYEAbesbCele2VHbZyJhpCo8SHfjoHym3nOiFAOFPfurDjDFgxYzgRMInns0Tt9AyHTXuX3c
-9HZVfZtjVBjp8OrzXLHZi0IeucCVTrr61eJ89Whhv47sBZdfW7DXo4U0xCSnDQ+Vk+/LlNie
-H51chW3Hqq5PHyK1zZWtuqfM+asLen8AAAACABpsdXh0cnVzdGdsb2JhbHJvb3RjYSBbamRr
-XQAAAVbCScIfAAVYLjUwOQAAA2gwggNkMIICTKADAgECAgILuDANBgkqhkiG9w0BAQsFADBE
-MQswCQYDVQQGEwJMVTEWMBQGA1UEChMNTHV4VHJ1c3Qgcy5hLjEdMBsGA1UEAxMUTHV4VHJ1
-c3QgR2xvYmFsIFJvb3QwHhcNMTEwMzE3MDk1MTM3WhcNMjEwMzE3MDk1MTM3WjBEMQswCQYD
-VQQGEwJMVTEWMBQGA1UEChMNTHV4VHJ1c3Qgcy5hLjEdMBsGA1UEAxMUTHV4VHJ1c3QgR2xv
-YmFsIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyf6dA8CLKDPbrsfHL
-DpVXQHWvoD8+zuyqMlfmGbFnQ5haa3yzuPp4nKqmhLJgG4BBzmPNHxcImaT17z4Sx0ywV5pc
-eEB4/EWN2pFn3DpRuW1z5rc5jnY6tB8F9WlV+ZPPeIhKvqqb13tHW0YETIIWpjX2/HTf1rSv
-2OK1JxF0WaLCZixoCuGYiIg8igV1FOO4rvMIhJtqwT8xGK8npUubpP15Md6YPQ5hyoeYwfiK
-MJz6PjPVpcQDB+H3lnQYACc4J9ErqqrhQUWLb/Elwtyil5XHQhQzXXmEI2rnZcBXoNhdqWMB
-57Dki+j4xWO45Wx0kD3Hd/wrunnppMYSeKf/AgMBAAGjYDBeMAwGA1UdEwQFMAMBAf8wDgYD
-VR0PAQH/BAQDAgEGMB8GA1UdIwQYMBaAFBcVhYkJLySHbz8dG+TylnmDSBPOMB0GA1UdDgQW
-BBQXFYWJCS8kh28/HRvk8pZ5g0gTzjANBgkqhkiG9w0BAQsFAAOCAQEAWvAc0NRQz0F+5rid
-fcNw0F42/26Oei/eSBHVNC48t0XCVCWn4cEeN4O2lK62RUgD6pW+65xqtDdcHy7Ta4KBQ1sK
-PxFVY6z6fAgCN6A8OQQz/pcyyFLl2SVNsMbuaB9wqnPOVwPcfQoNM/LSWt8KbDvMEVGXGqQh
-ooU1AteAItKEsvjAqmi/1euqwwuroXwr9/U7h+FUV+wFJO95Qk7zi2if5G7LgpnJzCrcU8If
-cIOrIQ9WtEj/3wcis4z5HaYE3y0DNrndb/4xiGb/bG1ENK8Idz4m0nL0u0dWkzyYY+Ezu5kj
-krWDeegdn2etYtaJ1vb8J94yJ8uE2neFIaESIQAAAAIACm9uYXB0ZXN0Y2EAAAFi1TGi6wAF
-WC41MDkAAAVCMIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAM
-BgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUxNDE1
-MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQsw
-CQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMA5pkgRs7NhGG4e
-w5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7XGie7RYDQK9NmAFF3gruE+6X7wvJ
-iChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUnH8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRC
-XijMt5e9h8XoZY/fKkKcZZUsWNCMpTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWi
-YPqT6o8EvGcgjNqjlZx7NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6
-jIfBkv8PZbXg2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPz
-DIZYwYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDdApcU
-itz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqMP3UWYQyqDXSx
-lUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6aFXftS/G4ZVIVZ/LfT1i
-s4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DYPdAQOCoajfSvFjqslQ/cPRi/MRCu
-079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0GA1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rt
-STAfBgNVHSMEGDAWgBRTVTPyS+vQUbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4G
-A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq
-/kawNd6IbiMzL87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsg
-bmi97j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBxc94Z
-c3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvfjySF5FCNET94
-oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2RtOXDt93ifY1uhoEtEyk
-n4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25hPsBTkZA5hpa/rA+mKv6Af4VBViYr
-8cz4dZCsFChuioVebe9ighrfjB//qKepFjPFCyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyi
-mUcTtTMv42bfYD88RKakqSFXE9G+Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHw
-dmC36BhoghzR1jpX751AcZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4
-mr8WIcSE3mtRZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LX
-aRwXdYYAAAACABh2ZXJpc2lnbmNsYXNzM2cyY2EgW2pka10AAAFWwklq1AAFWC41MDkAAAMG
-MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJBgNVBAYT
-AlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5
-OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZW
-ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4XDTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVow
-gcExCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
-c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYD
-VQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
-MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4pO0M8RcPO/mn+SXX
-wc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg013gfqLptQ5GVj0VXXn7F+8qk
-BOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFFN
-zb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSkU01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzo
-KQm5EWR0zLVznxxIqbxhAe7iF6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcm
-eQD2+A2iMzAo1KpYoJ2daZH9AAAAAgAiY2FtZXJmaXJtYWNoYW1iZXJzY29tbWVyY2VjYSBb
-amRrXQAAAVbCSUnSAAVYLjUwOQAABMEwggS9MIIDpaADAgECAgEAMA0GCSqGSIb3DQEBBQUA
-MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBBODI3NDMy
-ODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIwIAYDVQQDExlDaGFt
-YmVycyBvZiBDb21tZXJjZSBSb290MB4XDTAzMDkzMDE2MTM0M1oXDTM3MDkzMDE2MTM0NFow
-fzELMAkGA1UEBhMCRVUxJzAlBgNVBAoTHkFDIENhbWVyZmlybWEgU0EgQ0lGIEE4Mjc0MzI4
-NzEjMCEGA1UECxMaaHR0cDovL3d3dy5jaGFtYmVyc2lnbi5vcmcxIjAgBgNVBAMTGUNoYW1i
-ZXJzIG9mIENvbW1lcmNlIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3
-NlXlpV0YMODaiVSR/MjHUvgvUNnvsXVzZUd9G1u6dcX8oYgk+i/tyghKOVTEUXq12mDqODyB
-ssvxu9mRIz9IAXB1qQUqrR9x88lUPR0GakA+swyF7lwbecJixLg2jjVdAQwjBEc1qptgTqBm
-PcsmCpxAofRdmL9xq6UAaCrtg3oPohS11CKzgLA8DFpRaS1YGI/tmZ7xruKV5vZHqNYMD7BY
-WNvDZjeem5FUMzfSlBxqSMnJ8qXapQwj9yMOnDJVXnGchAVRmi395k4qNFreykA3ZwxUIVV3
-2goMzJeugNyUNkr0Ps42Ex5T5KxOOgXs265ynDiL0Dk7iQo+d/51AgEDo4IBRDCCAUAwEgYD
-VR0TAQH/BAgwBgEB/wIBDDA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmNoYW1iZXJz
-aWduLm9yZy9jaGFtYmVyc3Jvb3QuY3JsMB0GA1UdDgQWBBTjlPWxTenboSlbV4tNdgZ24dGi
-ijAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMCcGA1UdEQQgMB6BHGNoYW1i
-ZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwJwYDVR0SBCAwHoEcY2hhbWJlcnNyb290QGNoYW1i
-ZXJzaWduLm9yZzBYBgNVHSAEUTBPME0GCysGAQQBgYcuCgMBMD4wPAYIKwYBBQUHAgEWMGh0
-dHA6Ly9jcHMuY2hhbWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc3Jvb3QuaHRtbDANBgkqhkiG
-9w0BAQUFAAOCAQEADEGXwhqGwCJ8n/uQ8xrRA7HvE/khXwSc2smljSdsloeRvkGQAXKT5x59
-X/aJxl2nQAk9rElFRdwujTBosgm6+8MvzLoL3z93e0Z9OhIkjpaPPAUKb9KUKB1tDMAuiCLV
-2M8dE8fwSNfXBafPx0eeOzw0yIBP1BS7/A1Q9/qz7EJfqd1tyPR1z3vBciaxARxcLP16TrQB
-xQVXuec8qgXZiOkHRkHO70GBrljfg6Kuytd3H+cAPJ1vjuQyCR1NeDR4NDyUmybtT3HGGXq9
-ICJIWv5LfQO351i+xjJOdB5o3ahoW7M+7mJ92YDoCnV6t+60ZZohkOCq0Ji8OLVzPIv43AAA
-AAIAFHNvbmVyYWNsYXNzMmNhIFtqZGtdAAABVsJJllIABVguNTA5AAADJDCCAyAwggIIoAMC
-AQICAR0wDQYJKoZIhvcNAQEFBQAwOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVyYTEZ
-MBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTAeFw0wMTA0MDYwNzI5NDBaFw0yMTA0MDYwNzI5
-NDBaMDkxCzAJBgNVBAYTAkZJMQ8wDQYDVQQKEwZTb25lcmExGTAXBgNVBAMTEFNvbmVyYSBD
-bGFzczIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQF0o1ncrwDZbHRPoW
-N/xIvb1/gC01O+FvqGepvwMcTYxvMkfVQWikEwTBNQyahEP8XB3/ibPoFxjNkV/7iePqv05d
-fBsm03V57eaE41flrSnE9Doo56V7hDZps/1edr2jLZnTkE4jKH0YY/FUOyaddluXQrL/rvBO
-7N05lU6DBn/nSUDIxQGyVFpmHT38+ek8Cp6BuHDwAYvkI1R8yK74kB4AlnLUVM9hI7zq+50C
-ldG2uXE6aQg/D7ThQseI9T+YqKe6HOBxce9YV4FQelxrdEYOgwOYw46obvJ2Mm4ng8Jz89wY
-6LST6nVEawRgIHFXh53zvqCQIz2KJOHaIdvDAgMBAAGjMzAxMA8GA1UdEwEB/wQFMAMBAf8w
-EQYDVR0OBAoECEqgqliE0148MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAWs6H
-+RZyFVdLHdmb56ImMOyTZ9/WLdI0r/c4pc6rFrmrL3w1y6zQD7RMK/yA72uMkV82dvfbsxsZ
-6vSyEf1hcUS/KLM6Hb+zQ+ifv9wxCHGwnY3WNEcykMZlJPegSnwEc485bxeMcrW9S8h6+HuD
-wyhOnAnqZz+yZwQbwxTa+OdJJJHQHWr6YTnva+chdQYH2BK0ISBwQnGB2jyaNr6mWw1qbJof
-kXv5+e9Cuk5OnswMjZTc2UWcXuxCUGOu9F3EsRLcyjuoLp0UWgV1t+zXY+K6NbYECJHo2p2c
-9ma1GKwKplQmNDPSG8HUfxo6jguqMm7b/E8ln9kyx5ZacKzfTAAAAAIAHWFmZmlybXRydXN0
-bmV0d29ya2luZ2NhIFtqZGtdAAABVsJI60QABVguNTA5AAADUDCCA0wwggI0oAMCAQICCHxP
-BDkc1JktMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1U
-cnVzdDEfMB0GA1UEAwwWQWZmaXJtVHJ1c3QgTmV0d29ya2luZzAeFw0xMDAxMjkxNDA4MjRa
-Fw0zMDEyMzExNDA4MjRaMEQxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEf
-MB0GA1UEAwwWQWZmaXJtVHJ1c3QgTmV0d29ya2luZzCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBALSEzDMXLmuUbGthUqDro895lEzllICZy1VkRGWPZ2TiBuNcN0n2L5uEhB4t
-8mCdME7MhIXiLM8env42qzN3NUTYNZYaPTboeg7Y1UehammL2fy7Oq55WtX01nG7mpAja5q3
-iHSHDB5fuZ4t+qtTK9y7dj6TTAgIjB6iIxzUaq0iupkBLm1ly74kZlUkS0BEsRvX4cKFwN4Q
-Pz3tuPzx8SNT3L9ll2/Z+UBxjX29ldTOvqBeJyPe/abQJg4AKes8RvA9YL8/UNLcJkFRnhQ3
-QgSjcFeoG4ftLfp77owK46lmiRnLQfndRDZhz+J3Rsh99vSSgTb92zTxcn7zDBa9tBUCAwEA
-AaNCMEAwHQYDVR0OBBYEFAcf0uec2sJuokC0sHpQEFB0xMi9MA8GA1UdEwEB/wQFMAMBAf8w
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCJV7IWeqjC/dbZm5s0wpy0MhRN
-p6Tf7L6nvvhD25E3zrQyLlBVGjVOdkNxIO+Td04VcC6Hw8EdbdzLtSfULFbRUlM6RNJzyMQb
-BWVaYpKc7kGNMdvnNOpZIdUBetdkuGQ5zcntr+1LA0inoJkBgNxlozauZVlIT4JLyGXxVx3l
-WS4KP2zY0fXlCbRsVAAK4BVNh3Vtt1iWWt1t0gCg9JtIvsM3pLo24HyHhZcaFaLeLqJbva8Y
-+ZBQzXBZ+CdnR8vHoAc6fdEsXWwZOma1ff2Rb4KxvgiT2xRH8aI3x0WePMd3r2Sok9/2aYOC
-YPJJQjTtWgBUhRwWNpIMXPqmrb/bAAAAAgAgdHRlbGVzZWNnbG9iYWxyb290Y2xhc3MzY2Eg
-W2pka10AAAFWwklM0gAFWC41MDkAAAPHMIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsF
-ADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZp
-Y2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQt
-VGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1
-OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNl
-cnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMM
-HFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN8ELg63iIVl6bmlQdTQyK9tPPcPRStdiT
-BONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuh
-dfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Z
-f3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W
-0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj
-QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GC
-ahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGw
-UgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtw
-n5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqm
-JQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMi
-vgkeGj5asuRrDFR6fUNOuImle9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7
-PHi4b6HQDWSieB4pTpPDpFQUWwAAAAIAE3hyYW1wZ2xvYmFsY2EgW2pka10AAAFWwkle/wAF
-WC41MDkAAAQ0MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUF
-ADCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIG
-A1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9i
-YWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUz
-NzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk
-MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBH
-bG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQCYJB69FbS638eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbi
-m1vZZ3RrXYCPKZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt
-2W7QDxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4qEHM
-PJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRaJSKNNCyy9mgd
-Em3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvryxS3T/dRlAgMBAAGj
-gZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMB
-Af8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASsjVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0
-dHA6Ly9jcmwueHJhbXBzZWN1cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEw
-DQYJKoZIhvcNAQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc
-/Kh4ZzXxHfARvbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYg
-oyxtqZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLaIR9N
-mXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9
-aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJ
-ybQDJbwAAAACABlnZW90cnVzdHByaW1hcnljYWczIFtqZGtdAAABVsJJzGIABVguNTA5AAAE
-AjCCA/4wggLmoAMCAQICEBWsbpQZsnlLQfYnqcMYDx8wDQYJKoZIhvcNAQELBQAwgZgxCzAJ
-BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAwOCBH
-ZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdlb1Ry
-dXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzAeFw0wODA0MDIwMDAw
-MDBaFw0zNzEyMDEyMzU5NTlaMIGYMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3Qg
-SW5jLjE5MDcGA1UECxMwKGMpIDIwMDggR2VvVHJ1c3QgSW5jLiAtIEZvciBhdXRob3JpemVk
-IHVzZSBvbmx5MTYwNAYDVQQDEy1HZW9UcnVzdCBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5IC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc4l5iWB0zVzky
-M/rry4eMp9RK3QaI6mSOMZilOJAemM8uYyvwRrxEsomhwCgMSXAhlZ9kwKaTEgJlJobGpYnw
-+teEoHCvTxqXPwZE1cnrchB95DEo+xxh5igHRHOSImmnA4hsnWPIUtqYJ+cITHA+tMkSwcVn
-g10z8wMR7GrQU+LRujZglIC7YWNsWxd+30CUHqsNwiEocIj/1iZsbGAEJU5Vfn3vv5RI3rcd
-3XCNBV+IpZvywu7q0UBBbWI4HVYGxQNHUSAZ/HsQCw5irnZVv193vj5JAVM9mCUDdiRaHbTb
-iep55bazOz+6TChBfwasao7B0PYFHX3mQobjpdVHAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB
-Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTEecqOoU4DHRzca9sxW5Q+PzB/LTANBgkq
-hkiG9w0BAQsFAAOCAQEALcUTz1aAe3p4vZ+uLJnn79rflF4JaafnbmiMvXK+R6kOlxK4SvFk
-0znfJTTUwc1OgfAPBMQkszSWxqaqMN9oYXPX+Y6Fie8OXpUoSionjxCOLnyGxAKe2gx3ZQ5E
-DZL9/bMWNvoRDR2MDgeJailW93L03RWcdzVmV6sTU9iOwUDF1xMWWnLHt2kBxHqxgwFofY1B
-oZQYwSVc/PD+gwKHfA0Nzy4IXEpADT7sgWHmJNvK4A4tB7I+VtyN9UGFB0ibDAvLST997Lf9
-y41niRqr7bseowAICBcqglwxXUaKLQ+Gm3TZRfvUQLF6qmgthrKZIuHBK8ec+PNfqIIS6xkR
-LQAAAAIAHWNhbWVyZmlybWFjaGFtYmVyc2lnbmNhIFtqZGtdAAABVsJJ36oABVguNTA5AAAH
-TTCCB0kwggUxoAMCAQICCQDJzdPp1X0jzjANBgkqhkiG9w0BAQUFADCBrDELMAkGA1UEBhMC
-RVUxQzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJm
-aXJtYS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2Ft
-ZXJmaXJtYSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDgw
-HhcNMDgwODAxMTIzMTQwWhcNMzgwNzMxMTIzMTQwWjCBrDELMAkGA1UEBhMCRVUxQzBBBgNV
-BAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20v
-YWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJtYSBT
-LkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDgwggIiMA0GCSqG
-SIb3DQEBAQUAA4ICDwAwggIKAoICAQDA31bT5DqbdkW0E9v/wbYZizdBGJVSR+sXnSmIjjVs
-BjIuR2LzSQS/fUQ2sXHMvVoJc9XZhUT/kVcl3142jnDRXHFDHdna71zS+xu9OrXLraPMRKcN
-riEVP7l6W5J12KQSOIkZireA0uIyb1ackdaIEAuzdGSSdGDz9s8YT2CyI9DHO85hS5mPwgzQ
-QLKY3A2oTqO5Cq5goK1FUmO6Zr1o4Pm+GqiBux5BeHXTwf4AVbCHVOgnkDUdTDOtl/yXLpiE
-vyzJo7/RmBEU7WP4ypiIWBeZ7UUDl348hh6IjL7ykYSPZTTYAEx9tzEXWil6ChgkMKM3tXqp
-AX0m1vkOjlnx/RsztSk7FztBtiHd1MA9pZ+fH0NQybu8bHqXmO7NjB/7nFGui3C9J59xwGus
-fZBm6NddOg2w1cKN1cidncFt0NC/UeTj+MM4Nq7Wp3Xmr4RDXZOSDGoH3jsdmCLWrME126Og
-Jf9ytXYd3m3pLGYsUoTQRZLOHOXlMx3cB1NUo6qCO5o3L9zdoGTp5t29rvxkhR08p8kG3oT/
-a+hrGjzForNC+4sJPl8IUsdixNQFcb/EZOT4oYPoPhKbqB7UNk0vcfaNKPaDqRPSYcGRu0jA
-NI9BjEtM22kS/1CUnCCDWXPtfKHy8f3d90nTQ1igVmPKPT3lNVZZ6Q7KIMwrS5MpDwIDAQAB
-o4IBajCCAWYwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNVHQ4EFgQUuQnKnB7b02w6a67tVPFb
-kwY1Ll4wgeEGA1UdIwSB2TCB1oAUuQnKnB7b02w6a67tVPFbkwY1Ll6hgbKkga8wgawxCzAJ
-BgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3
-LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoT
-EkFDIENhbWVyZmlybWEgUy5BLjEnMCUGA1UEAxMeR2xvYmFsIENoYW1iZXJzaWduIFJvb3Qg
-LSAyMDA4ggkAyc3T6dV9I84wDgYDVR0PAQH/BAQDAgEGMD0GA1UdIAQ2MDQwMgYEVR0gADAq
-MCgGCCsGAQUFBwIBFhxodHRwOi8vcG9saWN5LmNhbWVyZmlybWEuY29tMA0GCSqGSIb3DQEB
-BQUAA4ICAQCAiH9w3pIo2QWURv+QV6nxL98aDWv6fA4cSSR5J9hGqm8pWVKIcBLq3T31m1NU
-b+FgoqgJuezrWXzGNfHcGOnxZ+WvukXgCd7KRA/CFw53kUV6M19flixoi8FHj5ibPcDsy/XV
-gpKENdG+NjhWcjFbRy2qF6RjUesKAa1/7HWey6Ef8X8SsbnkZH9n1iMq9Lg5XZjoIafhvT1C
-GnSacK9obFBdSc//+w5d5ixH14E6WQC1c2tjIPYxRQg5DvRwfkBwWj/Qa0KpdD0oLwJtdXKV
-CY1IY8bGI1eSk141wY35CvcsnWIc9q183aYxHraxx36FJvqkarXaYzDR75M3smYvfQX357dL
-mJQ1wNk6KcGdslAzHUqpWqbJA+/t9Oeoboq0V4TrpD/Q7qqqh1tj6JPia6jUuHJ4axvtOeRd
-y5uqh9VPTgD+2WqfPDEPKAIBfZjop7CiZJ55+EjyFanM5shE6z94mfJ7cT488ZinxRgSP+a7
-KDNC6UUKfG3yhnkvxYIZfQmJfLJUdoiu3sHzzOFu2zHWk66ZoO8lanOYiVs6LhOIHr/AkpQ0
-G+Mnt4seb0L/5+k3m1AdLaL5Au7LWFg6cbxo46rBrxwoH6LcI2U/gequmdPYMM8TDU8VyYS8
-p0gt+DAjd9hGS3lt9oztOn9gEXj06Zuu1VTAdIDRC0KfwQAAAAIAG3RoYXd0ZXByaW1hcnly
-b290Y2FnMiBbamRrXQAAAVbCSSSHAAVYLjUwOQAAAowwggKIMIICDaADAgECAhA1/CZc2YRP
-yT0mPVebrtdWMAoGCCqGSM49BAMDMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl
-LCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl
-ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcyMB4XDTA3
-MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgYQxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0
-aGF3dGUsIEluYy4xODA2BgNVBAsTLyhjKSAyMDA3IHRoYXd0ZSwgSW5jLiAtIEZvciBhdXRo
-b3JpemVkIHVzZSBvbmx5MSQwIgYDVQQDExt0aGF3dGUgUHJpbWFyeSBSb290IENBIC0gRzIw
-djAQBgcqhkjOPQIBBgUrgQQAIgNiAASi1ZyCe5Wd8VJ4h/6KFr8F5t+jAk8NB8YAUboMAlIt
-IqRCOcT+j+rJwb7UTf+fep7isXyaraeGCXOH0eea43qlqm77urNwwGeIojXUo5qx/a3C7zH6
-qLnz+wjGkdH7KZWjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1Ud
-DgQWBBSa2AAwAOdrf4UY7ou2zooM+BHhuzAKBggqhkjOPQQDAwNpADBmAjEA3fjgV0dbp+YK
-w731gIqXNQ0biTxUhncoyqH0ed615jiw8GVwjH8CVMK//9ihPtnPAjEAxI2U/NxT0tydeBYf
-FTMjU1LjWjFdncquvRMpRA0nW6jnaJwS91g/LnICV6OPoRQuAAAAAgAlZXF1aWZheHNlY3Vy
-ZWdsb2JhbGVidXNpbmVzc2NhMSBbamRrXQAAAVbCSRhzAAVYLjUwOQAAApYwggKSMIIB+6AD
-AgECAgMMNRcwDQYJKoZIhvcNAQEFBQAwWjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0VxdWlm
-YXggU2VjdXJlIEluYy4xLTArBgNVBAMTJEVxdWlmYXggU2VjdXJlIEdsb2JhbCBlQnVzaW5l
-c3MgQ0EtMTAeFw05OTA2MjEwNDAwMDBaFw0yMDA2MjIwNDAwMDBaMFoxCzAJBgNVBAYTAlVT
-MRwwGgYDVQQKExNFcXVpZmF4IFNlY3VyZSBJbmMuMS0wKwYDVQQDEyRFcXVpZmF4IFNlY3Vy
-ZSBHbG9iYWwgZUJ1c2luZXNzIENBLTEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALrn
-F5ACZbE0VTxJwlHV36fRN4/R54FzQVJgm52hFyZ4rcex6CaUMrXeM406L9vymnpac5ijXOn7
-inMbXOfDv4Bszan01ivA9/mZqmOisUcCD9TkUToSPGyKWlSEcNvBxZDPckXLqFnAzTOdP6OW
-64UzIRw+Hj5gbnacZ4XFyMNhAgMBAAGjZjBkMB8GA1UdIwQYMBaAFL6ooHRyUGtEt8kj2Puo
-/7NXa2hsMB0GA1UdDgQWBBS+qKB0clBrRLfJI9j7qP+zV2tobDAPBgNVHRMBAf8EBTADAQH/
-MBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOBgQCcszOjP2Ihxhj4bG0RJOx9
-p5kMB33tiBUw0c0K2eYHNUaTStZFJ7gowdhIrCMlc7QYGgsYiq6hiWRtDeFn+uDZ7REja6iW
-Ew9vjwoy5FxcmyOvkvSTAmq85obVs7P9yLt8a14rx0NuCPUCa/nSnrotqxsIpzm9CmJYzN+0
-IMUBrQAAAAIAGHZlcmlzaWduY2xhc3MyZzNjYSBbamRrXQAAAVbCSb5mAAVYLjUwOQAABB0w
-ggQZMIIDAQIQYXDLSYxfmEUp57Cm2VBbejANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMC
-VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
-ZXR3b3JrMTowOAYDVQQLEzEoYykgMTk5OSBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
-emVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAyIFB1YmxpYyBQcmltYXJ5
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzMwHhcNOTkxMDAxMDAwMDAwWhcNMzYwNzE2
-MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYD
-VQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMTk5OSBWZXJpU2ln
-biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBD
-bGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzMwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvCg3C1SzbZ7kt5ZQn3aW+4LBNj7NhVjzW
-fMP0zT6Gy6KI4uHYpGnFteK/waZHUF5GOYvVlrq1bxS/EM4nE54FR5sxehPYH9nTAjeLrSxH
-8I6BBqcNMAzr9zwPIB3cckbupQLIW8PJVmlMxRjBkXsL1RMAm7zvw0g+RmAghSrVkLbNi6DM
-Mt23/UBVslAcVq7MjXdNxyBNpzF272iSipAeCIFWsq1po1LQyxzEIz0fmf5M6BZjjsYIjvYx
-9tL65XbdtRySo0nNzQHNaM2pabqj6x0NnKQgpsGgxdFGTBdt0qxmP5aM4ITUNv8iWcX5EWCo
-XwR98hr2JUJhD8RKuD6JAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBADQmFTzAjU1DSR296SGS
-12act97FuNDkXV92IsAm+YQ6OvmMtfvsYPHozgSwyN2nA48w85jfpOakMd/THAtG3HIgP67u
-BTykMz8LOaxweHNLmSvfMMJUsKg7VaH+FijNQr10boDbJ0SnzkRd1BuQmA0eQpSxACwE0HSj
-AgUiY2PNg7X7wW1ia2l1/V1wQbn1v3zfvsEycyIhi1iBexWRerrjZEiwf/s2JdqV0PEkFBfd
-GIBrRiM5VPWOYgkEHZSQppvmJeJCRaq4kK2+CI+pC0IYlM9yOeGxQ+Aoz7fnWmwTa0mz/+MY
-fImLM12sM9en+do6VclYEPmq71q2z0tL3yoAAAACABR1c2VydHJ1c3RlY2NjYSBbamRrXQAA
-AVbCSekZAAVYLjUwOQAAApMwggKPMIICFaADAgECAhBci5nFWpTF0nFW3s2JgMwmMAoGCCqG
-SM49BAMDMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxML
-SmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMl
-VVNFUlRydXN0IEVDQyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDAyMDEwMDAwMDBa
-Fw0zODAxMTgyMzU5NTlaMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEU
-MBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEu
-MCwGA1UEAxMlVVNFUlRydXN0IEVDQyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTB2MBAGByqG
-SM49AgEGBSuBBAAiA2IABBqsVFqp+Wgj53rVJG9TxlrYS6vG1bbR5nNxrt2c1gxh/dugiQO4
-BRTsV87uXT/iIbPO99SKeeCjg34tl9BhxPGZ3CWRY6t/MKO0cOLHoTOc878uXFOxX7N9Mn+K
-NON5eaNCMEAwHQYDVR0OBBYEFDrhCYbUzxnClnZ0SXbc4DXGY2OaMA4GA1UdDwEB/wQEAwIB
-BjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMDZnoRYI3OSXAEEdTr7hYwHP
-O6pCEWSgnZQ5AhF5XHsd+mS57hZCs7+KwgnE7OSxTQIxAOkqYUeMUkpLThhw9tZE1m71g7pt
-WL0k2VZI6u/EokaBiGo6RtGpm03JYdrRXVdqGAAAAAIAHmNlcnRwbHVzY2xhc3MzcHByaW1h
-cnljYSBbamRrXQAAAVbCSWTqAAVYLjUwOQAAA5kwggOVMIICfaADAgECAhEAv1zbtvIcbsBN
-63oCOzboeTANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBs
-dXMxHDAaBgNVBAMTE0NsYXNzIDNQIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcxMDAwWhcNMTkw
-NzA2MjM1OTU5WjA+MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxHDAaBgNVBAMT
-E0NsYXNzIDNQIFByaW1hcnkgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr
-N//rYJtBeGn1SViw3h9xaaYr465Qxqm8k+kgvuTEE4JW7/BDMgnKm3UDj3xP4eBPdp4LrWR6
-FDqanb8vFgtlHKnunLzjGmXLT4XqklZ1ZtZVQO/7zNY4P6sc70KNGYn2t5WGwqcd6fcp8SrZ
-ZXn8K/WOyhp3fp7orPlmv0X76BOdX7Zz5X17jvsSdF0fBl6FG6ZeGEQAurzTbtFSDgat6+61
-tMG7vOs4D0gikcdv0rhyO7p/wI1st7xHcyEqhf+s1iiiGdWXajq5rG1F7OZNw9uoXcVdgpis
-Slqq5isIDBB0vGL2OkkEZthRHCam2HWfnL+uYFE9XLyiT3uJZ81TAgMBAAGjgY0wgYowDwYD
-VR0TBAgwBgEB/wIBCjALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFIbh4YFxv2oS8QryAeTI+0DO
-aICJMBEGCWCGSAGG+EIBAQQEAwIAATA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vd3d3LmNl
-cnRwbHVzLmNvbS9DUkwvY2xhc3MzUC5jcmwwDQYJKoZIhvcNAQEFBQADggEBACWq4SJAwqSA
-PLeiXZmNH3pCNThmFxHfva/8FRGYGTPmBUKEVKhL67Cd2zfaFlJAEXRov+nJshCEtx1EAHkn
-HPVYBhcYMjW2MJdjxqY5G8juRhdixS7nCqOaijBjc6oUpU0KqHKT8EkREJB8GH2oIAXEwno1
-uhxaCuAueMiIsc9XAew94gYTNMCo3PqAgAXuBXa9nSvInVBva8VAUIT9XR3mkJwQ06TGuSga
-3rX4CnCqzt5QPQOA29iIxUgG5ANz3RbONtblm+p32rKWtWWnBF0jrveTsl6KUWRf2s+MPUFb
-3vmj6Sp8RxAf9jI8fnDp36HVLg2xGkW0vBLtKBfpHgIAAAACABlzd2lzc3NpZ25zaWx2ZXJn
-MmNhIFtqZGtdAAABVsJI0YEABVguNTA5AAAFwTCCBb0wggOloAMCAQICCE8b1C9Uuy9LMA0G
-CSqGSIb3DQEBBQUAMEcxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxITAf
-BgNVBAMTGFN3aXNzU2lnbiBTaWx2ZXIgQ0EgLSBHMjAeFw0wNjEwMjUwODMyNDZaFw0zNjEw
-MjUwODMyNDZaMEcxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxITAfBgNV
-BAMTGFN3aXNzU2lnbiBTaWx2ZXIgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
-AgoCggIBAMTxh3/TeDH3OMn4w5lDvMf3vDfnTnG6S4+lcx1cbpiuA1euODdDLxc9H8jOaBDB
-eK4ZAysQ+ix5g/bouWi5VfIERKc5+fwEix7xok0n+WF7urflohO262E+0GzR5vv6Xu0dtJ6g
-NVuhksvwSZL+hQoFPubZC+JPu9yVN/yR6TI1ItEfOk4nhZ2wFZQy2mENR01gQq6SR+iDWlBY
-6YqLuV2h3N2ZSh82Z7tI5IO2N+tIOq8PZ48XB+gEyu9qMYfUwLb5lHF7Z2S4tpFKQntlLjBq
-DPWQ7pXm8s2C7NmhSuz2skvlRYXmbXiTBC6cgm02qcQxZB+Ggwsq9DUKeMlVz0GwR+kwn5m+
-YagGhLkoel842RupOLCDf3PBwztIKoIPIZu4zKg1w4Qbg7M+vqSVaQE6iQB4BNnJ9JkZq1Z+
-W4uGORWRpBAsCTKAYLOTwCq2GAudfo1J8hBKf/nVRi8ZkqOZpyasu4w85g68Rwfcc1HxcGQv
-CPm0Rx0wbETqKTeFkmhmvIM4/ns5LtNQ8B/7XmC2qab6J0Hxmxhy8vWEdErJZ8RUrkhk34zR
-brAd4QePCB6ZnHHpTNil90cSH3TRUZ6G88KiI0ALc9tLpudzBozBoOnBWaxG+uYv+M9xnEZt
-ucQVjTh5A0VI78Rd1wjuhzkihrIND1hD93GpSC796tYfAgMBAAGjgawwgakwDgYDVR0PAQH/
-BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBegzcHkQbY6WzvLRZ29HMKY+oZY
-MB8GA1UdIwQYMBaAFBegzcHkQbY6WzvLRZ29HMKY+oZYMEYGA1UdIAQ/MD0wOwYJYIV0AVkB
-AwEBMC4wLAYIKwYBBQUHAgEWIGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0G
-CSqGSIb3DQEBBQUAA4ICAQBzxoHgJ9ItD+CVMOKaQX9QLF9fYmGphmppGAx0SdZdhOpBUhhv
-WK1QViBqxr0oaViR3JERNak6HbwapWCe2B9/RZFp2X67eHLBBg8qzo+FcGGsoM0LuDkpVoQy
-Toa7PcQq2dcfcu7+UaEiQbFxAmMagrBiq15XEh/fy911oMBdeZCMG+BQ5t4x/ph7cF+lkNit
-+AK2b9Ng3UBLIsU9rTp6nxoaR5F5M7qC3DJpA5ZuH0vwcf7jZ3Kgsb9ci+T6mSLHhLkbjSOX
-P+0l4M9lu/VhBO/dHrJaQSJaoZ9dLOhbyW2pDAx4qmDGVo8BWgxovGkZecQffpcFv8XpJFFe
-1NVLU+3ZI1o2A2WjwQOtQTDzRhuFkK9ltdWx5BZbeHUdl3ptWakqj3vew4eJEJlJc3jIPb1R
-NXQq1fF+aRsquzu9JbiaWj1yYZBmh+4M1k3UEXQLav4LA/yjVVeJ/krLrlsXBcjyjSMxUzjS
-LWo/grmNCGr3XkF0bsMRfgesKWCRPzjKVxANvTAvx6XmQaDargWHmqCkZWxMCQyJurjTucCT
-ijD6jeWaaxUBTmeq2mJWPoQIZtLENn2nPhD8iODUgOUAvarzTgajemr5YnLjCU/rmw4BI/Gf
-u3zc3GwRlyWy8rRjFNIGKmeMg/XO6gfYmmoe7OQKuypM6wlgOc7KYtgubgAAAAIAGmFmZmly
-bXRydXN0cHJlbWl1bWNhIFtqZGtdAAABVsJJ8v0ABVguNTA5AAAFSjCCBUYwggMuoAMCAQIC
-CG2MFEaxpgruMA0GCSqGSIb3DQEBDAUAMEExCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZp
-cm1UcnVzdDEcMBoGA1UEAwwTQWZmaXJtVHJ1c3QgUHJlbWl1bTAeFw0xMDAxMjkxNDEwMzZa
-Fw00MDEyMzExNDEwMzZaMEExCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEc
-MBoGA1UEAwwTQWZmaXJtVHJ1c3QgUHJlbWl1bTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
-AgoCggIBAMQS36lf/kHd3fWfiuP2rOE8eJq82PB/eqAzKtyNIFuuLW/nk9k2cGpoz45Ro4Vb
-ZwSgECRvXSiCwZdX2EgpE7bhvpFN34UMUxiaHiSiT4/wooULy/Qpf9KkWO4mTcmqqHua2fo4
-3kRXFeX4jMjZSOINFicdHsiDhSW3uqpVQcwDIkstkY2L5omvZsfp/yvpPKza0rPD4Wicifh6
-AFbe9FWVbPu6ZN1ii98LdzLrYswmmpu7qmKDTLQGejDIKb/tBk2XuRzEMSvVX7xTEhecmVcp
-ZndhITEHLiVJnRjy7vMrcYy1ujkHSXf87y6SkAWNLS93e+9DvzW7mtj5c6cs8tBX7ihOJl+P
-kGgJL7j43AbpLpo+UafRIsQKpzhIbLP5/32rhlfjutaFeHe6Q+pIf/bYviNtHr/RNmxYXPHu
-pBlUGvUD0nbm4Yy9PLPTSEviyPh/kqh2RpxCZT6kHsEHA1pGLbiX87fVslUh77rcTACX+xSV
-JzO/6ENHRtIImRZgO5p+0ubtOOrsAR48SFZJCcdMNwCeiA7Ac+FvZulyRzA+EOULA8maQgBs
-xZR+YcSK33+CGgtZxFkyd7O8YGlWOf20Bnss1mQ22b1I7YQffqUijyq4QvSCt9RTkHhOLRr9
-gW9E1zsBdJZC4ADiLmvqxe5yrLu//uqqqPjc9rJ5irZnAgMBAAGjQjBAMB0GA1UdDgQWBBSd
-wGemDCLZJvVFq6ZlUhEn2EWsYzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAN
-BgkqhkiG9w0BAQwFAAOCAgEAs1dNEGJOOuSs6rgcrzIjyLNJWlGcdiiNeapXRhfV9VL2t0To
-CES/GITSC4DNxRL9AFUFYYdB3LUknjzE2Mj7cJ4veJaDIDbefA9pE4ildTaYCKbG36zO41jW
-tz7euvPrNEDYooH1eD8v1aX82aLUXgQOF63+QfDlsnL6RIIzQugtWPdWjGI/ukKwnAxcfi5l
-JlxTTwCyeH6hDZktjbgdjqLEsP1g0DCkjsgEYqnE7TXeepftDjheki+TcKWpnG+nfRMdfsYI
-SLFeZ+tRCCXp5iVrUimRnNI5cwhX3pkGtFudEAbhwgCouBxKAgoU0MFByvuMNSF9gjjyqVSR
-GTWTlG1qOsWy0LuJhpPom8kPOqd6uKHweEb6/Dcv5YqE89/+BNmhaKAvJOIJlQbVlcrhJJbr
-fPaTBbvtc+kt0XU51+ck29hOX0OPntAUOb9VcEiZVzG0nO5KmAOWMB9gBu4bI/6BYCMaR2KF
-pcwZNIBvs6wa45/we0it1QHZZ7apcpPqLWa1srjkPTyy70yM6usHv6s1mlWGvBimtahetINs
-a2lA05/c8cNpa7nhbQn08apQdgp6fXoXoVWWQpkxCd1gEY0FMH7mjkbRnRTaxxfkBZaMxCS1
-G88UB7JA+KOeQYa8BNBrlsgqgDT9v+8Go91YxYU9Po/+ningtrgJaBkcGEMAAAACABJnbG9i
-YWxzaWduY2EgW2pka10AAAFWwkmJ6wAFWC41MDkAAAN5MIIDdTCCAl2gAwIBAgILBAAAAAAB
-FUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNp
-Z24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBD
-QTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYD
-VQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9i
-YWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZjc6j
-40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6scTHAH
-oT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlb
-Kk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvy
-JBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FG
-qkjWZCrXgzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQE
-AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzAN
-BgkqhkiG9w0BAQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLbl
-CKOzyj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38Nf
-lNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEVtQwdpf5p
-LGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUadDKqC5JlR3XC321Y9YeRq
-4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJ
-KSZp4AAAAAIAFWR0cnVzdGNsYXNzM2NhMiBbamRrXQAAAVbCSTSeAAVYLjUwOQAABDcwggQz
-MIIDG6ADAgECAgMJg/MwDQYJKoZIhvcNAQELBQAwTTELMAkGA1UEBhMCREUxFTATBgNVBAoM
-DEQtVHJ1c3QgR21iSDEnMCUGA1UEAwweRC1UUlVTVCBSb290IENsYXNzIDMgQ0EgMiAyMDA5
-MB4XDTA5MTEwNTA4MzU1OFoXDTI5MTEwNTA4MzU1OFowTTELMAkGA1UEBhMCREUxFTATBgNV
-BAoMDEQtVHJ1c3QgR21iSDEnMCUGA1UEAwweRC1UUlVTVCBSb290IENsYXNzIDMgQ0EgMiAy
-MDA5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07JKz3pH73WbI/o6L9ZQRYk1
-OsZr2/7bAGio4AMRHTdQCJ9NSmiUNbNT0ZRjpyBWr95ReOwqPfNISFA+Ct9GVYsnbcMQTQ2R
-UkPYh+BdTja1IcpfOUAEX1t+zKPGK6lAHtk2hNZI85IeNEYgJMGkUY5KGu9QP2ldGX9Fw8cB
-j1HJI+hyrrS8Vgl/Esscsa8pkArJVcwP07Qa7Uc1WkrtnHMEIdCqvQwTtQDKJmzEawyUWpWU
-2lCa8f+lK2YxpMk4oN8dH7gJLvOn6GdSq5Uf4EY+2KTDylrFMYDoSJqflGn+Gd3Yc3yBypbe
-ju2zMgVlhDTm5v1XELVfdr8vsBANxQIDAQABo4IBGjCCARYwDwYDVR0TAQH/BAUwAwEB/zAd
-BgNVHQ4EFgQU/doUxJ8w3iG9HkI5/KtjI0ng8YQwDgYDVR0PAQH/BAQDAgEGMIHTBgNVHR8E
-gcswgcgwgYCgfqB8hnpsZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1Ql
-MjBSb290JTIwQ2xhc3MlMjAzJTIwQ0ElMjAyJTIwMjAwOSxPPUQtVHJ1c3QlMjBHbWJILEM9
-REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDBDoEGgP4Y9aHR0cDovL3d3dy5kLXRydXN0
-Lm5ldC9jcmwvZC10cnVzdF9yb290X2NsYXNzXzNfY2FfMl8yMDA5LmNybDANBgkqhkiG9w0B
-AQsFAAOCAQEAf5fbMMjfpJx9IXqAcM4UEmmIFJVgRAGssukwT5tQwmbYfo0wtXAx6eJpx/Nw
-2yAVhtAN8L6sAXWEzn6fTb+3YDuc88od4l5o2KOdl+VAYNI2If7QtLgX2nSjf9TfsJgCrG9r
-aywlJHKhZe4lWuXmMufy36tJ+vOQaSPbBNnnXFj8ZdSXvsz8LgrMJSo1BPhgkRV1PUH/Ix8Z
-yGzrglMEpuRMIk2NjLrOW3PsZFRQbdGcVftpwzbDjLw8haZrCiYN4JOYYK5+xiSXimFfkY5m
-kgmHNs2Lmy0+9lHUUNRZKL2D8swoe1OGbdgmiHDX6pHNPrnKwJBuWsZedGXXXP6j4gAAAAIA
-HWFmZmlybXRydXN0Y29tbWVyY2lhbGNhIFtqZGtdAAABVsJJei8ABVguNTA5AAADUDCCA0ww
-ggI0oAMCAQICCHd3BicmqbF8MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRQwEgYD
-VQQKDAtBZmZpcm1UcnVzdDEfMB0GA1UEAwwWQWZmaXJtVHJ1c3QgQ29tbWVyY2lhbDAeFw0x
-MDAxMjkxNDA2MDZaFw0zMDEyMzExNDA2MDZaMEQxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtB
-ZmZpcm1UcnVzdDEfMB0GA1UEAwwWQWZmaXJtVHJ1c3QgQ29tbWVyY2lhbDCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAPYbT2cHK6EV9QYiyx8BsuNzRQZESSy7SSUU1s7Dt6ss
-T8ZBMpRX+hKnWw7ijx8ehhmnqrUtuV8NisKvhTV5Mi27HGI38rFbSj3KzXFf6UK+lOjI3vki
-SGTG5avGK22tBfD61QvPmuXwUKSLO0elI1t6evgzP7jvmZfjIMHWKInPlPu5Re3jQBcR1HTw
-CzHiKyZqm0xXrqwgPrpFegXzvZtpFa59TiBjxDV2OgcCyTf9x0fu6PF2HXMV8pektch6edlC
-qit/XP7OJk+jZoE1r0S6VB4cMDJlneY8k15QTnrjOtRuzBr7+dI3riQqq1cDIigNSXV/tyja
-db+O49wOeTECAwEAAaNCMEAwHQYDVR0OBBYEFJ2TxlOLXsqvP58eD+WZlbwk9pSPMA8GA1Ud
-EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBYrPQEDs3A
-Df8K/dS6Fl8pvXtomVhJ0rQdN01/J31GBl1DxoYuPnOyJn1Pk6m2xCqaqyGXFLHejNOriRXY
-ayTU8Rau2KRc1H9Rju0YAbGTY728+GGAmp6xzkJw4ql9BiV9J6H+b+yzHiTa40tVGgA7NbQ7
-2dddMP2BE4nywgYr7WfEjslDslxrFYkCvGL8TvK1M6qyb9MKolDj9jvoLkTC22Y4qTNWSPFt
-GzONDYw/YDed08ptfjR+DZ9ydosbn3L9UjVBRQKWLxyymnNJIbFJR0VHtO9qNBHJTZrMWbfW
-Ap5aTmW1lK4b3ymwFvG/AJ4HOhdktQS1IyGZCpU7l3zvAAAAAgALb2xkYWFpaW50ZXIAAAFi
-32LqHgAFWC41MDkAAAWpMIIFpTCCA42gAwIBAgIJAJqx8dKnCZZoMA0GCSqGSIb3DQEBCwUA
-MIG9MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCkJlZG1pbnN0ZXIxEjAQ
-BgNVBAoMCU9wZW5FQ09NUDETMBEGA1UECwwKc2ltcGxlZGVtbzE6MDgGA1UEAwwxT3BlbkVD
-T01QIHNpbXBsZWRlbW8gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEnMCUGCSqGSIb3
-DQEJARYYc2ltcGxlZGVtb0BvcGVuZWNvbXAub3JnMB4XDTE2MTEyODIxMTQyNloXDTIxMTEy
-NzIxMTQyNlowga0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOSjETMBEGA1UEBwwKQmVkbWlu
-c3RlcjESMBAGA1UECgwJT3BlbkVDT01QMRMwEQYDVQQLDApzaW1wbGVkZW1vMSowKAYDVQQD
-DCFPcGVuRUNPTVAgc2ltcGxlZGVtbyBTZXJ2ZXIgQ0EgWDExJzAlBgkqhkiG9w0BCQEWGHNp
-bXBsZWRlbW9Ab3BlbmVjb21wLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-ALr4rivKQuRkYNf5Ig40e1nqj6s6LB1vgMOYbKfRziOFpPcUpsHPOhusHowiUsrU1vdFSzPz
-6Ej7PjlmNSg2Qka8YCn9kd6QgM7U0KcPJvIucBp+qjifH3EvP0jgDPhDeVRYxzV454dv5kQ9
-uCpswJP7YAnX51dkWeH8nwPUoagt31bOl9LXENSrgxEThxdLYMJnQJWk2CmVotXM4tT1dxyJ
-xFUrZ6uJCEAYw5VtlplqihHf8lHy+sWQavtsLz/4dc+sGeXSTfoIvoKvoh3uZ5gEhGV8yfJx
-k1veX5y5/AxP80vQ+smWYjTnQL5QQ57y4bciez4XVBmQSWimWtOi4e8CAwEAAaOBtTCBsjAP
-BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTqdsYgGNGubdJHq9
-tsaJhM9HE5wwcAYDVR0gBGkwZzBlBgRVHSAAMF0wWwYIKwYBBQUHAgIwTxpNSWYgeW91IHRy
-dXN0IHRoaXMgY2VydCB0aGVuIHdlIGhhdmUgYSBicmlkZ2UgdGhhdCB5b3UgbWlnaHQgYmUg
-aW50ZXJlc3RlZCBpbi4wDQYJKoZIhvcNAQELBQADggIBAKNNlRqFuE/JgV1BHyYK0xoSXH4a
-ZP/7IoHtDVcSaZAOOuFOUrwVMUbzRBebbb6RpFwt/X+NLFUGysd+XNLF7W7lzxKtmFNXn4Op
-NkBe0y5O7yurus8rERHzu3jiOSgVo+WzDlGpYSRnG3hI2qPWqD+Puzx/WwI8XUTuzEQQ3gUS
-yVFfXHpay3VpYmLZiLJ9WKY5SDw7Ie6Sxrju4Qm1HwnFY8wHZGcs2KMQzorJ1ZNQf523yUTg
-hbT0rKaSFaD8zugPtI2ONfFG/QgrkQXo78opzPsHnHwaSxGSiAgeLbwAUCvPNl27zr6k6+7T
-cNjV0VUivAs0OG3VEAdgi7UWYB+30KfWwHwEzGmvd4IAGqIqlqLcSVArN5z8JK1B5nfjQn5U
-rclU1vK+dnuiKE2X4rKuBTRYRFR/km+mj4koYFPKFHndmJl1uv2OCJK9l5CSIuKWeI1qv8BA
-SKqgNdoT/SKBXqxgYlCbo+j4IDjxrxChRO+e5vl9lA7INfRrbljCkUjfLRa+v2q9tWQ3+EQU
-wwnSrSfihh2Tj0Tksr6b8dDsvMlCdOKG1B+JPcEXORSFKNXVTEfjqpJG8s16kFAocWt3S6xO
-0k1tqbQp+3tWQgW2TGnX0rMZzB6NGRNfWhlYmq2zHgXkiCIZ26Ztgt/LNbwEvN3+VlLoz/Rd
-+SKtlrfbAAAAAgAbdGhhd3RlcHJlbWl1bXNlcnZlcmNhIFtqZGtdAAABVsJIy3MABVguNTA5
-AAADOjCCAzYwggKfoAMCAQICEDYSIpbF4zilIKHSX0zXCVQwDQYJKoZIhvcNAQEFBQAwgc4x
-CzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93
-bjEdMBsGA1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
-b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
-QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05NjA4MDEw
-MDAwMDBaFw0yMTAxMDEyMzU5NTlaMIHOMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVy
-biBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5n
-IGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSEwHwYDVQQD
-ExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIgQ0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2Vy
-dmVyQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqB
-QWKPOO5JBFXW0O8cG5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn
-0LoNkgYUc9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
-jfRCTedAnRw3AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
-ZZCsiA9W2eYwNNQmx9BQ8ZLea9Q5iAkixqZjgwP3mXfYsuUYuF1j89Rz+2ycmXjxS3h9GSTD
-KwKE+Lwi2Yoi16D8ceyRhyDxuOyx5VWArD1SyDkOwvDABU/WgnWMvV/S3HaaBRLJr3LD3CV+
-pE2OF6Xgh3/hmlrhYNxkIzxCLk0AAAACABRzZWNvbWV2cm9vdGNhMSBbamRrXQAAAVbCSf1E
-AAVYLjUwOQAAA4EwggN9MIICZaADAgECAgEAMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNVBAYT
-AkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSowKAYDVQQLEyFT
-ZWN1cml0eSBDb21tdW5pY2F0aW9uIEVWIFJvb3RDQTEwHhcNMDcwNjA2MDIxMjMyWhcNMzcw
-NjA2MDIxMjMyWjBgMQswCQYDVQQGEwJKUDElMCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVt
-cyBDTy4sTFRELjEqMCgGA1UECxMhU2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBFViBSb290Q0Ex
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH/sV5sk4P6cukJ5qYiK+oDg9Qcp
-Q+qOCjQ2jRz6p7U5eP+Xdfcv5KprBIREyqbiaI79VVBiD6RxDs4HOC1ChVCtPJZvi9WiDs/e
-SYk91mQuOOUebLVXip7vSA7NemkWh0S1kOQGna6hBJdYee8gSoJrjCK/7B8P6YRx7fEO5LgY
-E8xWNl3Rmh5RazluYHaINAvzs9Gwncph4mQdwUYHuGPdHjNls44JVVI9tb3/B+utYVUYLKlp
-mEqqQMUzFGV0APmR3q8DSMVAVNwPhJBoIMWSltwu5QJFqsBfVPht6knPXWxLr++awlZcxjVW
-QmowX8Kr9uI9P7PJEY8xTNefSQIDAQABo0IwQDAdBgNVHQ4EFgQUNUr1Ta8/14I4rKtxZRd1
-jJ1Vk+YwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-ggEBAKiH6ez4QGddw8Fmx0BLl/yHE5BaxO+gyl+Lt6e38da1ZLeKs7gbzNr7rGaIQc7o/OTb
-Hoim7SdQGwIwJEZ5/gSHcJdAc9HAwVcZmmmlJ5mrnWKE9lHBLMkjFdgot6slE7VG4YYC/yaM
-xIiSHVb+GWfyVeSAo2ucq3fhUXENINsQmtu9dnkHd5korZpe2rFPRCw1jqWWx/2D8FjGedaY
-fKiN/oY+BxaS4XvnHewzdn5CLkqF+ZGJaIQDgaWbmr7jN8VUq1Y7GC1BpAz4QtuZoOByb7td
-4RZPUwpk+U70v05UvXhsiOq/nBMkwnBpon8PyDytCMmwmECjKueIg+13j3QAAAACABh2ZXJp
-c2lnbmNsYXNzMWcyY2EgW2pka10AAAFWwkoD9QAFWC41MDkAAAMGMIIDAjCCAmsCEEzH6qqY
-PnHTkxD4PTqJkZIwDQYJKoZIhvcNAQEFBQAwgcExCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W
-ZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5j
-LiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
-ZXR3b3JrMB4XDTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVT
-MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMSBQdWJsaWMgUHJp
-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBW
-ZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJp
-U2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq0Lq+Fi24
-g9TK0g+8djHKlNgdk4xWArzZbxpvUjZudVYKVdPfQ4chEWWKfo+9Id5rMj8bhDSVBZ1BNeuS
-65bdqlk/AVNtmU/t5eIqWpDBucSmFc/IReumXY6cPvBkJHalzasab7bYe1FhbqZ/h8jit+U0
-3EGI6glAvnOSPWvndQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAKlPww3HZ74sy9mozS11534V
-njty637rXC0Jh9ZrbWB85a7FkCMMXErQr7Fd88e2CtvgFZMN3QO8x3aKtd1Pw5sTdbgBwObJ
-W2uluIncrKTdcu1OofdPvAbT6shkdHvClUGcZXNY8ZCaPGqxmMnEh7zPRW1F4m4iP/68DzFc
-6PLZAAAAAgARY29tb2RvYWFhY2EgW2pka10AAAFWwkmpEwAFWC41MDkAAAQ2MIIEMjCCAxqg
-AwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRl
-ciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGlt
-aXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAw
-MFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFu
-Y2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQx
-ITAfBgNVBAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDF
-cCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRP
-n2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf04
-9vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7v
-n5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cmez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kC
-AwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQD
-AgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21v
-ZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwu
-Y29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUFAAOC
-AQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1QGE8mTgHj5rCl
-7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLzRt0vxuBqw8M0Ayx9lt1a
-wg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z8VlIMCFlA2zs6SFz
-7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C12yxow+ev+to
-51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbgAAAAIAGWdlb3Ry
-dXN0cHJpbWFyeWNhZzIgW2pka10AAAFWwknPogAFWC41MDkAAAKyMIICrjCCAjWgAwIBAgIQ
-PLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDELMAkGA1UEBhMCVVMxFjAUBgNVBAoT
-DUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3Ig
-YXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVow
-gZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg
-MjAwNyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMT
-LUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjB2MBAGByqG
-SM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcLSo17VDs6bl8VAsBQps8l
-L33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLaltJLtbCyf691DiaI8S0iRHVDsJt/W
-YC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVf
-NVdRVfslsq0DafwBo/q+EVXVMAoGCCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HT
-RqjySkwCY/tsXzjbLkGTqQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bW
-tsuRBmOiBuczrD6ogRLQy7rQkgu2npaqBA+KAAAAAgAUZ2xvYmFsc2lnbnIzY2EgW2pka10A
-AAFWwklt3gAFWC41MDkAAANjMIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcN
-AQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkds
-b2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4
-MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMK
-R2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8RgJDx7KKnQRfJMsuS+Fggkbh
-UqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ0mpiLx9e+pZo34knlTifBtc+
-ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7
-v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+u
-IEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEA
-AaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o
-LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7lgAJ
-QayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8
-EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdB
-j+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NX
-Sb7hLi18YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o
-2HLO02JQZR7rkpeDMdmztcpHWD9fAAAAAgAZdGhhd3RlcHJpbWFyeXJvb3RjYSBbamRrXQAA
-AVbCSY0HAAVYLjUwOQAABCQwggQgMIIDCKADAgECAhA0TtVXINXt7En0L8432yttMA0GCSqG
-SIb3DQEBBQUAMIGpMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYD
-VQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAw
-NiB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UEAxMWdGhh
-d3RlIFByaW1hcnkgUm9vdCBDQTAeFw0wNjExMTcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIGp
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZp
-Y2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYDVQQLEy8oYykgMjAwNiB0aGF3dGUsIElu
-Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEfMB0GA1UEAxMWdGhhd3RlIFByaW1hcnkg
-Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKyg8PuAWdScx6TPnaFZ
-cwkQRQwNLG5o8WxbSGhJWTf8CzMZwnd/zBAtlTQc5utNCacc0rjJlzYCt4nUJF8GwMxElJSN
-AmJv61rdEY0omlyEkBB6Db10Zi9qOKDi1VRE6x0Hnwe6b+7p/U4LKfU+hKAB8Zyr+Bx+iaTo
-odhxZQ2jUXvuvNIiYA25W53fuvxRWwuvmLLpLukE6GKH3ivI107BTGQe3c+HWLpKT8poBx0c
-nUrG1S+RzHxxchzFwGfrMv3JklyU2oXAm79TfSsJ9IydkR+XalLL3gk2pHfYe4dQRNU+bilp
-+zlJJh4JpYB7QC3r6CeFyf5h/X7mfJcd1Z0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO
-BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHtbRc+vzst6/TGSGmq280brV0hQMA0GCSqGSIb3
-DQEBBQUAA4IBAQB5EcBLs5G2/PDpZ9QNbkW+VeiT0s4DP+3aJbAdV8seOnagTOxQduhkcgyk
-qfG4i9bWh4S7MuVBEcB32bNgnesb1dFuRESppgHsVWIdd7hcjkhJfJw7VxGsrXM3ji94XJBo
-R9lgYOb8Bz0iIBfE9xbpxNhy+chzfN8WLxWpPv1qJ7ah61q6mB/V401kCp0TyGG69Tkch7q4
-vXsif/b+rEB55awQbz2PG3l2i8Q3syEYhOU2AOtjIJm56f4zBLtByMEC+URjIJ6BzkLT1j8s
-dtNjnFndj6bhDqAuQfculUfPvP0z8/YLYX5+kSuBR8InMO6nEF03j1w5K+QE8HuNVoxoAAAA
-AgAVcXVvdmFkaXNyb290Y2EzIFtqZGtdAAABVsJJBmkABVguNTA5AAAGoTCCBp0wggSFoAMC
-AQICAgXGMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRp
-cyBMaW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwHhcNMDYxMTI0MTkxMTIz
-WhcNMzExMTI0MTkwNjQ0WjBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGlt
-aXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMgUm9vdCBDQSAzMIICIjANBgkqhkiG9w0BAQEFAAOC
-Ag8AMIICCgKCAgEAzFdCFlSc5pjT003u/u3Hn0M5SmWz6BaINNsNWZF0z5K4BECtAksxq7yN
-kWjYIA4aAeIae04XXeKKtz+ZGs3rYavCZaYft7e9t4/8/XCPC6BnvgGiWc9x5g8pdv+xVnlF
-Kx+eelTooyk1aKQBTw+kLjfvG7/jjxCocqtYV+dUhsjJ81vaLNpdjm48oz7a+4Ll3fJcsgUz
-b4o2ztATTv+/Sgw0TKbDIb1QBFXrsbud+0UeZBXeVQGMAna1y6E/Qmm8L71oQxZWiSo3YZH9
-pq5OwMsUZZQ3S5IG7wTQyJyI2wt7ga+xPSrEZTp4tu7cgLHS05mcOu5rWmuzjbfVzpzCvqVL
-Lxaxnmg7Bm+ufZ/43uzMKaeYoyVDL+/xXybhiE34Xm7X2RRuGTNppzuEiZPEU1UToVF4QPi4
-yaLue7pSQoOeFO0FUlpZVqeX/J0/CinY3E+RDhO83pWk34uZvqybM4jvtYGvG8YiU8j2x+6X
-FLDFfHhSyPDObndghKbpKnYg7VgBFzCT6RqL4HNj2WqSlElOtK1KhcSjIjD8Ce1oInOmiAxV
-IVjF4TqfKt3K4ZDg2XOrbIC46Atkk6CcjBn/s9IM7JEmh4qzouFwjywK5c1taFHr2j8Ff4sy
-5hNca/5fQOIiyLS0ZE/Wun1IPqhpDNe7hnHJc7g/O50lS9r/QOsCAwEAAaOCAZUwggGRMA8G
-A1UdEwEB/wQFMAMBAf8wgeEGA1UdIASB2TCB1jCB0wYJKwYBBAG+WAADMIHFMIGTBggrBgEF
-BQcCAjCBhhqBg0FueSB1c2Ugb2YgdGhpcyBDZXJ0aWZpY2F0ZSBjb25zdGl0dXRlcyBhY2Nl
-cHRhbmNlIG9mIHRoZSBRdW9WYWRpcyBSb290IENBIDMgQ2VydGlmaWNhdGUgUG9saWN5IC8g
-Q2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQuMC0GCCsGAQUFBwIBFiFodHRwOi8v
-d3d3LnF1b3ZhZGlzZ2xvYmFsLmNvbS9jcHMwCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTywBPg
-gkM+++4vZzKWNVzbuMsC0DBuBgNVHSMEZzBlgBTywBPggkM+++4vZzKWNVzbuMsC0KFJpEcw
-RTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1
-b1ZhZGlzIFJvb3QgQ0EgM4ICBcYwDQYJKoZIhvcNAQEFBQADggIBAE+toCxM+sDyb/dmVasj
-NO7nKdrDW7awg9nQ0OIh+/NgpztdYFMnopv2CCIq57+gcuWcJGoxsZB6J9uEEYknpndaONe/
-rIb87l2DvAbG0XdrD20kL0t6bKcHlsrjhJ+tiIsdqxaNW2YX2Rb0i4DS3fiydsP8OBOqDN5C
-aStu8zzrgCfb9aZEDZ9aVVkL1Q1SSMWun/IvgMXqMlA1EpcuweH/8SOIUTif8mZWducPUZel
-UgxNSVGVNj2/oksMEB2GmUyq83IRk+Tq9pvaqF2nTbeeAq5zAMjaIwPo+eoZdGIAlMsiIL6U
-p1m1gmq+mXl6qfJKJFL3dP26TuaoHQJusQ2ARMGu0yM3X7uFfCuSLuh+pYvdmeG/J28tXap7
-h/4K3Uv8jvUm5G5wQm4z7DGee5PB5MlpGj3Aa04ibe6rWE3G0EHBK+pPEode60XYbPWYAtOg
-2FWKBpkZoqB30TCerMx17oP1sGI5z2xX4kzSkQsOdSgbmr/9GkPxynf7O49huGkoFkIEXnAq
-HCHYj+G9I1stdECS2WMZDXPdabxiR7zgdCuy632+QRu1wEbFoSLLX07BKJLeGLrVKii7EYsX
-k5iZYJRcI89aJ5deCwUGkzceO2k266meYR2PMtqODNZ0PnsJJNoBd0fEO800jJn1yuElYTOy
-WRvibtc3V7YNqRLaAAAAAgAXc3RhcmZpZWxkY2xhc3MyY2EgW2pka10AAAFWwklDvgAFWC41
-MDkAAAQTMIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
-MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
-ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcN
-MzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hu
-b2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWt
-DBFk385N78gDGIc/oav7PKaf8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1Mv
-nsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSH
-o9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
-K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA1W4TNSNe
-35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0GA1UdDgQWBBS/X7fR
-zt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0fhvRbVazc1xDCDqmI56Fs
-pGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIElu
-Yy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqb
-AYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA
-2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq
-4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtel
-ttQKbfi3QBFGmh95DmK/D5fs4C8fF5QAAAACABdzdGFyZmllbGRyb290ZzJjYSBbamRrXQAA
-AVbCSZA1AAVYLjUwOQAAA+EwggPdMIICxaADAgECAgEAMA0GCSqGSIb3DQEBCwUAMIGPMQsw
-CQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMG
-A1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UEAxMpU3RhcmZpZWxk
-IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMDkwOTAxMDAwMDAwWhcNMzcx
-MjMxMjM1OTU5WjCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcT
-ClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAw
-BgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAve3BA/z2j/wCsW9bn0jZnXniorcDYVYYw0e2
-18o9NS6JQ/ehaZveihr9EyCctEl3MilW/bnsjN0i+nLcJ2GX7vZahOxuGbmJLNyEW9V0+2tf
-xYmlEFKJRlX0uHUc5n/kVK5L+FVyVwIZ+BdxWeseKAd0xZ1Ivmy09KSw82Q3eZLA7EZef+Ft
-U0xir80fC2O7Op37/HkAmGF0zyaCQGPzsnJqGQ2ZytQOdcw3+4uJwVnxYn9fs19lMPint012
-Wh52XjTA6JZWmYqz8H+kzb3cMjF8kc/gXxH4a6pJXNGZlNGi42NbCXa1VmLhS3QdltQm1AgE
-WdCYDg7m3vzD7B+Q8QIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
-BjAdBgNVHQ4EFgQUfAwyH6fZMH/EfWijYqihzqsHWycwDQYJKoZIhvcNAQELBQADggEBABFZ
-+iVPA2+UmTuaH4KFOdR2BZRe4SiTbWJdCcKgqNSwdTjxNGqd5J+KhiZR5izRxi1ulSBKkgHs
-uIpnezHiZy6MlQMmLkOdSjH2DrUMu7fiN38iugCjDntS+2u7O8TTeVFOzZD0ZwcZyDxGeg0B
-fcVY523mhTAXmiTEEOAE9+Dyf9SqCv9CHTftlOVkWRIgdzjTMj44gXWWc/poj7HLzh/F7Pqc
-fs9+sfEHLbb8v8qkv9CXBUq86hgoApC9VHgJIXHT0X0d2RawqWE90AoAIvzHe8sJZEULO0CB
-9318MvWYyliOfSrukFlzZPk2dF4lofVmBS5/ORWpKvtQi46FafQAAAACABZ2ZXJpc2lnbmNs
-YXNzM2NhIFtqZGtdAAABVsJJHnsABVguNTA5AAACQDCCAjwwggGlAhA8kTHLH/bQGw6auNBE
-vxK+MA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwg
-SW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1
-dGhvcml0eTAeFw05NjAxMjkwMDAwMDBaFw0yODA4MDIyMzU5NTlaMF8xCzAJBgNVBAYTAlVT
-MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
-AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57GaIMtTpYXn
-Pb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAQclKpBRQZ
-MghB8MVrCsx+DyEZzeRn3F+pG+bK6HOdItiYbnMDYZHFfLBFQG5EnY2wsZZ0YS0NqUXSpJIq
-1pp1l24/U/1FmWAdqCtM+V6nCdh1MNfSZWA9Z9ZIVXVpP5H1SAtHaSJpgpa+ycg4hkp6LHMZ
-SGlOa3xlvw/8cM6IkAAAAAIAHWFmZmlybXRydXN0cHJlbWl1bWVjY2NhIFtqZGtdAAABVsJJ
-pesABVguNTA5AAACAjCCAf4wggGFoAMCAQICCHSXJYrHP3pUMAoGCCqGSM49BAMDMEUxCzAJ
-BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3Qg
-UHJlbWl1bSBFQ0MwHhcNMTAwMTI5MTQyMDI0WhcNNDAxMjMxMTQyMDI0WjBFMQswCQYDVQQG
-EwJVUzEUMBIGA1UECgwLQWZmaXJtVHJ1c3QxIDAeBgNVBAMMF0FmZmlybVRydXN0IFByZW1p
-dW0gRUNDMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEDTBeGxWdA9CheTW3OjySesoVHM1i85wm
-XAc95VT6o9bMEur0FF/ojhmrLy5I5qwYQ3is0DfDvbLNLOZH4hrmY7g9Li94xE/b9A+kaExV
-cmuVHU4YQpV4zDc8keKbZSspo0IwQDAdBgNVHQ4EFgQUmq8pesARNTUmUTAAw2r+QNWu1jww
-DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDZwAwZAIwFwnz
-h4hQWq/IwEK/R1/1bGqG4MQndOQ4U9cFfxs048Yvs8oJPDed1+e4RvH9oeJxAjBCWYdD1FHf
-utMJMlrOiH5XPZxfQmv1By218IKT+VlvrmT6WOWLHuNjvrWBzW8CjHkAAAACABZ2ZXJpc2ln
-bmNsYXNzMWNhIFtqZGtdAAABVsJJPbYABVguNTA5AAACQDCCAjwwggGlAhA/aR6BnPCaSvNz
-/7lIouTdMA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
-biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBaFw0yODA4MDIyMzU5NTlaMF8xCzAJBgNVBAYT
-AlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEA5Rm/baNWYS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0NH8xlbgyw0FaE
-GIeaBpsQoXPftFg5a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR4k5FVmkfeAKA2txHkSm7
-NsljXMXg1y2He6G3MrB7MLoqLzGq7qNn2tsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBYFSk5
-PHej2lwlA3xg+u4JmTwnEHDIDAnms4fPCuIYljVizL+bJ3mJX8nECfTOtR3fKr3l24acaCXl
-MHy2iRX+Z9Gt4VCsPHxiS4+6hNcSFRsfyl0PwVKUKhGZ2nvPDDYT1TXcEBlZ6pTBAL91j9n6
-/XYE22K7kGoD2UY12fh8WwAAAAIAFmdlb3RydXN0Z2xvYmFsY2EgW2pka10AAAFWwkmTQgAF
-WC41MDkAAANYMIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYT
-AlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwg
-Q0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQGEwJVUzEWMBQG
-A1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM
-+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlC
-GDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Q
-lz6cJmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+
-OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKc
-eeoWMPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTAepho
-jYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjANBgkq
-hkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKInZ57QzxpeR+nBsqTP3UEa
-BU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfStQWVYrmm3ok9Nns4d0iXrKYgjy6m
-yQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcFPseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/
-IH2uSrW4nOQdtqvmlKXBx4Ot2/Unhw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0z
-X5IJL4hmXXeXxx12E6nV5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvm
-MwAAAAIAH2VxdWlmYXhzZWN1cmVlYnVzaW5lc3NjYTEgW2pka10AAAFWwkjXiAAFWC41MDkA
-AAKHMIICgzCCAeygAwIBAgICWeMwDQYJKoZIhvcNAQEFBQAwUzELMAkGA1UEBhMCVVMxHDAa
-BgNVBAoTE0VxdWlmYXggU2VjdXJlIEluYy4xJjAkBgNVBAMTHUVxdWlmYXggU2VjdXJlIGVC
-dXNpbmVzcyBDQS0xMB4XDTk5MDYyMTA0MDAwMFoXDTIwMDYyMjA0MDAwMFowUzELMAkGA1UE
-BhMCVVMxHDAaBgNVBAoTE0VxdWlmYXggU2VjdXJlIEluYy4xJjAkBgNVBAMTHUVxdWlmYXgg
-U2VjdXJlIGVCdXNpbmVzcyBDQS0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOLxm8
-F7d33pOpX1oNF080GgyY9CLZWdTEaEbwtDXFhQMgxq9FpSFRRUHrFlg2Mm/iUGJk+f1RnKok
-2fSdgyqHCiHTEjg0bI0Ablqg2ULuGiGV+VJMVVrFDzhPRvpt+C411h186+LwsHWAyKkTrL6I
-7zpuq18qOGICsBJ7/o+mAwIDAQABo2YwZDAfBgNVHSMEGDAWgBRKeDJSEdtZFjZe38EUNkBq
-R3xMoTAdBgNVHQ4EFgQUSngyUhHbWRY2Xt/BFDZAakd8TKEwDwYDVR0TAQH/BAUwAwEB/zAR
-BglghkgBhvhCAQEEBAMCAAcwDQYJKoZIhvcNAQEFBQADgYEAHKcbomcF4NP6lEGulFSDWLCy
-bLS2r85gp3byARQCjMJC4gA/ObfY02Mvuy0ipZCdw17C6sJCrMtn2/CxO5C4SCVOy/EdUKvV
-LTLPgtf1Nt1p4a9DjZ2F8qXmdXis4MAUOjfb6ROctB8qsSs6Rkb5u2NbT0jDQ1wVXl3PFz0M
-524AAAACABVzd2lzc2NvbXJvb3RjYTIgW2pka10AAAFWwkkMcAAFWC41MDkAAAXdMIIF2TCC
-A8GgAwIBAgIQHp4o6Ejy5e/DfEoeWhhntjANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJj
-aDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0YWwgQ2VydGlmaWNhdGUgU2Vy
-dmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3QgQ0EgMjAeFw0xMTA2MjQwODM4MTRaFw0z
-MTA2MjUwNzM4MTRaMGQxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UE
-CxMcRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9v
-dCBDQSAyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlUJOhJ1R5tMJ6HJaI2nb
-eHCOFvErjw0DzpPMLgAIe6szjPTpQOYXTKueuEcUMncy3SgM3hhLX3af+Dk7/E6J2HzFZ++r
-0rk0X2s682Q2zsKwzxNoysjL67XiPS4h3+os1OD5cJZM/2pYmLcX5BtS5X4HAB1f2uY+lQS3
-aYg5oUFgJWFLlTloYhyxCwWJwDaCFCE/rtuh/bxvHGCGtlOUSbkrRsVPACu/obvLP+DHVxxX
-6NZp+MEkUp2IVd3Chy50I9AU/SpHWrumnf2U5NGKpV+GY3aFy6//SSj8gO1MedK75MDvAe5Q
-QQg1I3ArqRa0jG6F6bYRzzHdUyYb3y1aSgJA/MTAtukxGggo5WDDH8SQjhBiYEQN7Aq+VRhx
-LKX0srwVYv8c474d2h5Xszx+zYIdkeNL6yxSNLCK/RJOlrDrcH+eOfdmQrGrrFLadkBXeyq9
-6G4DsguAhYidDMfCd7Camlf0uPoTXGiTOmekl9AbmbeGMktg2M7v0Ax/lZ9vh0+Hio5fCHyq
-W/xavqGRn1V9TrALacywlKinh/LTSlDcX3KwFnUey7QYYpqwpzmqm59m2I2mbJYV4+by+PGD
-Ymy7Velhk6M99bFXi08jsJvllGov34zflVEpYKELKeRcVVi3qPyZ7iVNTA6z00yPhOgpD/0Q
-VAKFyPnlw4vP5w8CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYwFDASBgdg
-hXQBUwIBBgdghXQBUwIBMBIGA1UdEwEB/wQIMAYBAf8CAQcwHQYDVR0OBBYEFE0mICKJS9PV
-pAqhb97iEoHF8TwuMB8GA1UdIwQYMBaAFE0mICKJS9PVpAqhb97iEoHF8TwuMA0GCSqGSIb3
-DQEBCwUAA4ICAQAyCrKkG8t9voJXiblqf/P0wS4RfbgZPnm3qKhyN2abGu2sEzsOv2LwnN+e
-e6FTSA5BesogpxcbtnjsQJHzQq0Qw1zv/2BZf82Fo4s9SBwlAjxnffUy6S8w5X2lejjQ82Yq
-Zh6NM4OKb3xuqFp1mrjX2lhIREeoTPpMSQpKwhI3qEAMw8jh0FcNlzKVxzqfl9NX+Ave5XLz
-o9v/tdhZsnPdTSpxsrpJ9csc1fV5yJmz/MFMdOO0vSk3FQQoHt5FRnDsr7p4DooqzgB53MBf
-GWcsa0vvaGgLQ+OswWIJ76bdZWGgr4RVSJFSHMYlkSrQwSIjYVmvRRGFHQEkNI/Ps/8XciAT
-woCqISxxOQ7Qj1zB09GOInJGTB2Wrk9xseEFKZZZ9LuedT3PDTcNYtsmjGOpI99nBjx8Oto0
-QuFmtEYE3saWmA9LSHokMnWRn6z3aOkquVVlzl1h0ydw2Df+n7mvoC5Wt6NlUe07qxS/TFED
-6F+KBZvuim6c779o+sjaC+NCydAXFJy3SuCvkychVSa1ZC+N8f+mQAWFBVzKBxlcCxMoTFh/
-wqXvRdpg065lYZ1Tg3TCrvJcwhbtkj6EPnNgiLx29CzP0H1907he0ZESEOnN3col49XtmS++
-dYFLJPlFRpTJKSFTnCZFqhMX5OfNeOI5wSsSnqaeG8XmDtkx2QAAAAIAEGFvbHJvb3RjYTIg
-W2pka10AAAFWwkm0pAAFWC41MDkAAAWoMIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUF
-ADBjMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UE
-AxMtQW1lcmljYSBPbmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAy
-MDUyODA2MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
-ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3QgQ2VydGlm
-aWNhdGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMxB
-RR3pPU0Q9oyxQcngXssNt79Hc9PwVU3dxgz6sWYFas14tNwC206B89enfHG8dWOgXeMHDEjs
-JcQDIPT/DjsS/5uN4cbVG7RtIuOx238hZK+GvFciKtZHgVdEglZTvYYUAQv8f3SkWq7xuhG1
-m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2JxhP7JsowtS013wMPgwr38oE18aO6lhOqKSlGBxs
-RZijQdEt0sdtjRnxrXm3gT+9BoInLRBYBbV4Bbkv2wxrkJB+FFk4u5QkE+XRnRTf04JNRvCA
-OVIyD+OEsnpD8l7eXz8d3eOyG6ChKiMDbi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0
-gBe4lL8BPeraunzgWGcXuVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67
-Xnfn6KVuY8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEqZ8A9W6Wa
-6897GqidFEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZo2C7HK2JNDJiuEMh
-BnIMoVxtRsX6Kc8w3onccVvdtjc+31D1uAclJuW8tf48ArO3+L5DwYcRlJ4jbBeKuIonDFRH
-8KmzwICMoCfrHRnjB453cMor9H124HhnAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYD
-VR0OBBYEFE1FwWg4u3OpaaEg5+31IqEjFNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31
-IqEjFNeeMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypLM7Pm
-G2tZTiLMubekJcmnxPBUlgtk87FYT15R/LKXeydlwuXK5w0MJXti4/qftIe3RUavg6WXSIyl
-vfEWK5t2LHo1YGwRgJfMqZJS5ivmae2p+DYtLHe/YUjRYwu5W1LtGLBDQiKmsXeu3mnFzccc
-obGlHBD7GL4acN3Bkku+KVqdPzW+5X1R+FXgJXUjhx5c3LqdsKyzadsXg8n33gy8CNyRnqjQ
-1xU3c6U1uPx+xURABsPr+CKAXEfOAuMRn0T//ZoyzH1kUQ7rVyZ2OuMeIjzCpjbdGe+n/BLz
-JsBZMYVMnNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgOZtMADjMSW7yV5TKQqLPGbIOtd+6L
-fn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2FAjgQ5ANh1NolNscIWC2hp1GvMApJ9aZp
-hwctREZ2jirlmjvXGKL8nDgQzMY70rUXOm/9riW99XJZZLF0KjhfGEzfz3EEWjbUvy+ZnOjZ
-urGV5gJLIaFb1cFPj65pbVPbAZO1XB4Y3WRayhgoPmMEEf0cjQAPuDffZ4qdZqkCapH/E8ov
-XYO8h5Ns3CRRFgQlZvqz2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuPcX/9XhmgD0uR
-uMRUvAawRY8mkaKO/qkAAAACABVlcXVpZmF4c2VjdXJlY2EgW2pka10AAAFWwkkDbQAFWC41
-MDkAAAMkMIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
-UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNh
-dGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1MVowTjELMAkGA1UE
-BhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRp
-ZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6g
-mi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6fBeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0B
-CezhABRP/PvwDN1Dulsr4R+AcJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLj
-UA86iOe/FP3gx7kCAwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQG
-EwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
-aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgwODIyMTY0
-MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYD
-VR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQFMAMBAf8wGgYJKoZIhvZ9B0EA
-BA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GBAFjOKer89961zgK5F7WF0bnj4JXM
-JTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IW
-UrVnZ9NA2zsmWLIodz2uFHdh1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
-AAAAAgAVZ29kYWRkeWNsYXNzMmNhIFtqZGtdAAABVsJJ7FwABVguNTA5AAAEBDCCBAAwggLo
-oAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBH
-byBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTAeFw0wNDA2MjkxNzA2MjBaFw0zNDA2MjkxNzA2MjBaMGMxCzAJ
-BgNVBAYTAlVTMSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsT
-KEdvIERhZGR5IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
-DQEBAQUAA4IBDQAwggEIAoIBAQDendfqVxhJoVvr119Ihuq+3f/k72cc9GVos1dxoF53u+2b
-SelwgD1WGGMIb9ryzNA/fwJUIlQQ2LKB1MB1PUt/x3fDPnirGgO1IGsvaiuxxYh+xLsesMHY
-RSdvqjdY94cm19gt9qkXtx9yNk6mFz9lmJLbKm5dov6I4Avef+WNFeHryzrV4hKiEy3Yjq9f
-Ej2gCAUItlylZTgERZkeo2BgdMVBpXJiG2LFH29fGkK+AlFlqK4jGGr8eAOpTX+Aw/qrWvyh
-QKTKGRb+ssjvXnMN7ne9mvZ5mLyxB2eiFQ3doFjGRHsKPmIoX7pBB1NYzxF+OHTF+P+1aZCP
-hHTqlxuvAgEDo4HAMIG9MB0GA1UdDgQWBBTSxLDSkdRMEXGzYcs9of7dqGrU4zCBjQYDVR0j
-BIGFMIGCgBTSxLDSkdRMEXGzYcs9of7dqGrU46FnpGUwYzELMAkGA1UEBhMCVVMxITAfBgNV
-BAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg
-MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
-BQUAA4IBAQAyS/Oyyj6R/BLGoQeMjnegMwYUXJAeGPcIpj0KGfmHgBFuaeSWFzD/NJFjcjju
-zBwBox2UKKQx9nrEVNf25TFYA6LMzmLblEVztb9FySS11YICrSN5aY24tk3Oz0zKMyPoHIiq
-nYtBbhbJIOWJns072nD3fpkmIBRUJatuc4XmmyGdCmyCDqj4wgz6EB5slu+HDcQPYYut7oMr
-lfiOkoRyOesg6oPtg82Xbgi8604mtnMr5NP2TP4mceJhEXRK/1cahw91SC7PUWkXoAISYZXV
-0UCyEEzuxKwQQ6alngrVlWKaDc+IgsUyDOQrn0XmDZ8onLG5KlpXrTcPrx1/272fAAAAAgAV
-Z29kYWRkeXJvb3RnMmNhIFtqZGtdAAABVsJKCpgABVguNTA5AAADyTCCA8UwggKtoAMCAQIC
-AQAwDQYJKoZIhvcNAQELBQAwgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMw
-EQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE
-AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjAeFw0wOTA5MDEw
-MDAwMDBaFw0zNzEyMzEyMzU5NTlaMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9u
-YTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAv
-BgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/cWII8fpZNPcbyRij94BJWOkigxOmxSBDATuE
-8eaFSZ8n6vaEG06gtNtwmMcyAbEFPgdO7vT6Ty9ZMCLnqxlWa+KAB/zzFnWAOVF75fk1tnRO
-qY2CE+S2P6kDg/qivooVan/eC8O2GRQFyurDqASUO0Z8Mg3zAGYiyI1pbTaMERi307IcYLQ4
-+gKMztPdRgfeCj7rXXzIfPuwK1OkkmJpUSUFYRpEgYwsqUOWI9+sOoGaDinFHKnpXR62np4w
-CjnO8YiA+0tdzDLshWJDJTQCVicBkbQ7cCo/brHonIgBfZ/U+dtTbWCdvyznWKu4X0b8zsQb
-AzwJ60kxXGlGs+BHAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
-MB0GA1UdDgQWBBQ6moUHEGcotu/2vQVBbiDBlNoP3jANBgkqhkiG9w0BAQsFAAOCAQEAmdtd
-edX5l1lnA2HxfjsGMXUtoSCOT2WHtPemnLzY6S/Q21ruz3SMc7Q4QtoFe/gCdbj9pbHXrvbX
-3hPLUxB+ikbRl/q3LisRq5CwJ4D56J9a6Tefq+TfbLOFF5092SRPeZE11l8E64CDq5oCLbUQ
-9NiQxwRzQO1yJaCpn+yeq2gSmVfGjxI6CaS9RP0GFTfBm+Qyo+046Nhk8yx+FPwC6p/N/wdo
-F9sikDgteo3RVPFp418zyno9ewrjyn9fOeXidbrFdhgzzizwL0yt97Hnzk+oxJtKVAbFf33V
-CA/iHP5+F7isXvbUFrJDCQxN9qdrtJmEZcp6iOLiRL5c9+oc9QAAAAIAGHZlcmlzaWduY2xh
-c3MzZzVjYSBbamRrXQAAAVbCSVLhAAVYLjUwOQAABNcwggTTMIIDu6ADAgECAhAY2tGeJn3o
-u0ohWM3MaztKMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVy
-aVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsT
-MShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBD
-BgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBB
-dXRob3JpdHkgLSBHNTAeFw0wNjExMDgwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
-VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy
-dXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1
-dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFBy
-aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAK8kCAgpejWeYAyq50s7Ttx8vDxFHLsr4P4pAvlXCKNkhRUn9fGtyDGJ
-XSLoKqqmQrOP+LlVt7G3S7P+j34HV+zvQ9tmYhVhz2ANpNje+ODDYgg9VBPrScpZVIUm5SuP
-G5/r9aGRwjNJ2ENjalJL0o/ocFFN0Ylpe8dw9rPcEnTbe11LVtOWvxV3obD0oiXyrxySZxjl
-9AYE75C55ADk3Tq1Gf8CuvQ87uCL6zeL7PTXrPL28D2v3XWRMxkdHEDLdCQZIZPZFP6sKlLH
-j9UESeSNY0eIPGmDy/5HvSt+T8WVrg6d1NFDwGdz4xQIfuU/n3O4MwrPXT80h5aK7lPoJRUC
-AwEAAaOBsjCBrzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcB
-DARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq
-1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAdBgNVHQ4E
-FgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQADggEBAJMkSjBfYs/YGpgv
-PercmS29d/aleSI47MSnoHgSrWIORXBkxeeXZi2YCX5fr9bMKGXyAaoIGkfe+fl8kloIaSAN
-2T5tbjwNbtjmBpFAGLn4we3f20Gq4JYgyc1kFTiByZTuooQpCxNvjtsM3SUC26SLGUTSQXoF
-aUpYT2DKfoJqCwKqJRc5tdt/54RlKpWKvYbeXoEWgy0QzN79qIIqbSgfDQvE5ecaJhnh9BFv
-ELWV/OdCBTLbzp1RXii2noXTW++lfUVAco63DmsOBvszNUhxuJ0ni8RlXw2GdpxEevaVXPZd
-MggzpFS2GD9oXPJCSoU4VINf0egs8qwR1qjtY2oAAAACABVxdW92YWRpc3Jvb3RjYTIgW2pk
-a10AAAFWwkkJcwAFWC41MDkAAAW7MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAw
-RTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1
-b1ZhZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJ
-BgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9WYWRp
-cyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCaGMpLlA0ALa8D
-KYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxgFyo6dIMzMH1hVBHL7avg
-5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yklvc/ulsrHHo1wtZn/qtm
-UIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeV
-ikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQ
-Q7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3Fsvb
-zSUr5R/7mp/iUcw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5h
-YIizPtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOh
-D7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xF
-SkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQli
-BJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQD
-AgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwz
-JQTU7tD2A8QZRtGUa6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExp
-bWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQAD
-ggIBAD4KFk2fBluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAX
-INzng/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/n
-JrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acv
-vFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0Q
-ADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozchLsib9D45MY56QSIPMO661V6bYCZ
-JPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYm
-Yjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh
-8zwc4bmCXF2gw+nYSL0ZohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GB
-UzGpn/Z9Yr9y4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t
-+Oza8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0uAAAAAgAOY2VydHVtY2EgW2pka10AAAFW
-wkj6UwAFWC41MDkAAAMQMIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJ
-BgNVBAYTAlBMMRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1
-bSBDQTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBMMRsw
-GQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBDQTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/EjG+AanPIW1H4m9LcuwBc
-saD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWoePhzQ3ukYbDYWMzhbGZ+nPMJXlVj
-hNWo7/OxLjBos8Q82KxujZlakE403Daaj4GIULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZf
-ECYPCE/wpFcozo+47UX2bu4lXapuOb7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT
-7QqFiLpPKaVCjF62/IUgAKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lv
-zs2I1qsb2pY7HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC
-AQEAuI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQaTOs9
-qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTgxSvgGrZgFCds
-MneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1qCjqTE5s7FCMTY5w/0Ycn
-eeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5xO/fIR/RpbxXyEV6DHpx8Uq79AtoS
-qFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs6GAqm4VKQPNriiTsBhYscwAAAAIAG3N3aXNz
-c2lnbnBsYXRpbnVtZzJjYSBbamRrXQAAAVbCSM56AAVYLjUwOQAABcUwggXBMIIDqaADAgEC
-AghOsgBnDANdTzANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dp
-c3NTaWduIEFHMSMwIQYDVQQDExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjAeFw0wNjEw
-MjUwODM2MDBaFw0zNjEwMjUwODM2MDBaMEkxCzAJBgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lz
-c1NpZ24gQUcxIzAhBgNVBAMTGlN3aXNzU2lnbiBQbGF0aW51bSBDQSAtIEcyMIICIjANBgkq
-hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyt+iAuLa+PwHFrHeYKrellxkH8cvfs9n+kRC1nZj
-la7rr3IgikVHhmJ4htYgOSb0rqP9I+elnLUiIRm3N5MiwFCcgnvU1QREXMu0wp+SviTYe2ci
-4mlf5QV41IfZcXAzJVO0hzspkCg2mlVEMGikg5d/DR6cdv8VnWCXAI2KhQPsgL7qLG4QUZLM
-ftWjM9jWSd5YKq/2FutLe5Ayl7m6nVjx+FdJBB6iXQZw3XHb+d2LmhuMzz2jTc7LfPa7nKD6
-Cc4jYrLpDR/iciiPn6xoIH1vO6iFMQl/C8foZenjeA4JZzCLNIL7XeDMnYFtYu4IHgQsTpvs
-/qlPX/1peO8JH6G0v/rz75AeTAWLHup6kXrD1+X7MLxsGxBYmPcaX9ApMgMTRk1haoVMUnQv
-Bh97EeKEl8aZ821/12eDfhNo2HEoWtjO3egQFJr+bSOHbo5acDzVjQkAp6q8sDE3bciEFB5b
-vUVjIGtLdIy92zoOwc9aFo+lmPJ2ibITEjsLd3esu+U8KUqScsphGiteTOKDdHf6NUh6hU2N
-mlPE33jKl5FIK0UrAfccGqLtGLoKvYP6b7yNV5M71NSmzh7xoLHOq/0rKJpPG9fDctukxL9d
-TPXde5Zp7miA5ueYuja3/m7tK70g+GUZ2lUJfiXc/mFicvl+GALvY7TQ+6/lO2OMZ48CAwEA
-AaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUUK/M
-B4cVR284xbRl0d6VqunfnMwwHwYDVR0jBBgwFoAUUK/MB4cVR284xbRl0d6VqunfnMwwRgYD
-VR0gBD8wPTA7BglghXQBWQEBAQEwLjAsBggrBgEFBQcCARYgaHR0cDovL3JlcG9zaXRvcnku
-c3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBAAiFpvUWDPxEGsFj4PlVRgj8cBxC
-KJaOt8XBQXVOCXF55W2WykuliGDQMHS4ygjctDCeQAcWa2WVdwGupLc1C4HacRWpdBc4e1jK
-+S/7wGV2jVsBuX3egj1kuL4UdKMKVNMslRgXNfVRaz+PopZhOXhrS+WmoPhT31EQk2LngC/i
-0eC8jjZGdzPsuPuOmiyJTTERDyaeBLu3BI0L8rn8Wp07FrcvyJir/opQWS6jO/wpXYvBS8ni
-ihMdsb+7Qh1S3U7YFF4QxjEH73En9xs5CdyC6ouzlYZe/fXaXTGm4DG2lOZESXTFFuX3HwNh
-KMXIyxKgQkv5a4gIjbQyGPN1n8R/AE8FlZyjFwLDs1ObqiA5KStm+p2vXrOS0rWm4Rr5LUFp
-gRS0tLXtiT3O+6mdNUJEsRwUc4HPKgE1mjHVLY9thN+ATVfjP8WEddqJxjC764/LIgigrqrx
-A2w6S00JpQ5yxlZrIUJOIyUUaK52CnwMB3Bk+Zov9gU5JsYMjxl/Q15u9FsVL9thXeZnLz8I
-lPlgtJgx2nTxhJNxTV/7YFjR+8TBbYmiuyAfnXGRyzKbEz0+fZJSNaySlKLTGMJ8x+qvdgUW
-3Wcnwn4cByIh80AKGzQHRBPChGqO3xlav3/rHeIaONFcr0eSa4C1MKXJjdirMYEf38JmN9OT
-qYWGeWXSAAAAAgAYY2h1bmdod2FlcGtpcm9vdGNhIFtqZGtdAAABVsJJ2VIABVguNTA5AAAF
-tDCCBbAwggOYoAMCAQICEBXIvWVHXK+4lwBe5AbSvJ0wDQYJKoZIhvcNAQEFBQAwXjELMAkG
-A1UEBhMCVFcxIzAhBgNVBAoMGkNodW5naHdhIFRlbGVjb20gQ28uLCBMdGQuMSowKAYDVQQL
-DCFlUEtJIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMjIwMDIzMTI3WhcN
-MzQxMjIwMDIzMTI3WjBeMQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNv
-bSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOElD+6N24gzdWfNrR99Ok5tndMv
-FPNjdMsBIWo36oRQB0smWwlDbCGeasjVA/VgaY/M8CLkH+f3aiIxtywV8uD+AGpD/4dlxrUa
-wadMbSJwIYox8pd0iQkSJhyeytkSopU82ulnvwigZOPWQrdF75f09vXXtUoVAlh9mFhLYLzN
-1w2aEzNT0WH5etXXeLOaM/cAhs4dTZQ4r6jseFFwilwQg1Eh9xE9NIZe5UjNl4GCNUwZ7GX2
-a8UFoe5HE9azISeUEArZJDu6vkQTRjA/lzzY19dq7js44yvUlw65G+cHSX83Kvl3eM9U7VtG
-naOADpFDwdZbXxS6n6aNJEdAWb9yOLI2bDf/mdFdDlkKq2n3wLIERXpUAK6+U/a15+H4PKMx
-0qn+IVJkxaZn8HUHBpQUgVXGJ+QBjxfBanHXvkv7lFh9fhEzsUL3YmwY1s8JaD5/bPYej2Kt
-pWPbCacfIkJBHm+Zij7X+T9AenmwpQGS0p09CBWlEAEtszJ2qJUNs3qa+wcQeBFv4Y/Hug8l
-GnQq5RyYQZnfIYfolQZqCrNqR3Zl9jrPj2IXGXsKKM0a0oMeIccsv77/YWi3Zxu7eE2Nzmfl
-5MGOtyNm4p2QdTSYqTYripqUuZ3szIqx+CWJXFq2L4wfbXkkp1Jow4Q14maNYw4lTdUZsuZ5
-N6cinVQxAgMBAAGjajBoMB0GA1UdDgQWBBQeDPe2Z/LhkiYJRcBVOS53P0JKojAMBgNVHRME
-BTADAQH/MDkGBGcqBwAEMTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQURbDCxwpWfO5b
-eAyV+RhTwaYc2BAwDQYJKoZIhvcNAQEFBQADggIBAAmzg1NZAT6VSbnxgbr5diAjtSdgdNRq
-mTRebABT2Z/yprEkB0RqKsaljngS6EfZWBsTKl55m58KKmemJT8GaVZzw4pmSPspgVd0Bsqc
-6ijoOGcmK/HVtT9lk/g2XY6NjUAghxnq7yfAPbQ5DyV7aFB0VZwMWX1aPUGUJVII4EcsFTEZ
-1b8HVca7ErWX9F+DhbpxwdlsgRF2Cgqwv4KX9+o9+vrsLakolDtW3dJRLq7AvQgVjHdSNJbW
-m6zTHY5hDzV7m645aQtiYEAgNo+v+zbuLQhKHbi/m1z46qUboHOm2Phu4DMEX2iqJ4ft2cGQ
-nO2942o1r2PfqxjZuubpSupQig9hkx7iLRniMJQ1kl0OtgevGYCPR5BRSy5N3YXi0gpSChea
-/BqwUALlAaNjNyFMRMSbUZkRDnOcBo9ULqcoXkQ5h1YtN72FRJThDEssnMOShTRhyw+4m0pD
-Uv40On246SncdqnIMPgUcYDGHjZIdCJBXIeC6Bhxi0GJROd+WFuouI0T6adsw0ftsxqdYq6N
-guqUnt1ZEMOt3eJN4zHVx+zo8rD+kh4WChr82fP4J7bJvh20bGSQf/TkxFvXN65CDt2kGm98
-iFTFFm7hemgu+Dq/DaQ8iTt4p05jgwQhCGeN8oJJ0Fv9sc0Pg4TUPiCF90o9K5z9KgoJTeqB
-+BGcAAAAAgAXcXVvdmFkaXNyb290Y2EzZzMgW2pka10AAAFWwknI3wAFWC41MDkAAAVkMIIF
-YDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQELBQAwSDELMAkG
-A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlz
-IFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00MjAxMTIyMDI2MzJaMEgxCzAJBgNV
-BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBS
-b290IENBIDMgRzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJen
-MioKVjZ/aEzHs286IxSR/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIy
-C0TeytuMrKNuFoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBD
-GzXRU7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+cra1A
-dHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERRORFHAGjx+f+Idp
-sQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/kA9HvFZcba5DFApCTZgIh
-sUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzweyuxwHApw0BiLTtIadwjPEjrewl5
-qW3aqDCYz4ByA4imW0aucnl8CAMhZa634RylsSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtr
-dQtEPREoPHtht+KPZ0/l7DxMYIBpVzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+
-IOs15xGsIs5XPd7JMG0QA4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc
-64B+27bQ3RP+ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
-AwIBBjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQADggIB
-ADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3pxKGmPc+FSkNrV
-vjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnIFUBhynLWcKzSt/Ac5IYp
-8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5WvvoxXqA/4Ti2Tk08HS6IT7SdEQTXlm
-66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFgu/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9Du
-DcpmvJRPpq3t/O5jrFc/ZSXPsoaP0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nx
-oGibIh6BJpsQBJFxwAYf3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBC
-H/MyJnmDhPbl8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG
-2vd+DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HNPlop
-NLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ywaZWWDYWGWV
-jUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0AAAAAgAUcXVvdmFkaXNyb290Y2EgW2pka10A
-AAFWwkmfoAAFWC41MDkAAAXUMIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/
-MQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9v
-dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMzMzNaMH8x
-CzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQLExxSb290
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290IENlcnRp
-ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1
-lVO6V/z68mcLOhrfEYBklbTRvM16z/Ypli4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVR
-HnAEdOLB1Dqr1607BxgFjv2DrOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1V
-Nk7feVcxKh7YWWVJWCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sg
-QUSj7cugF+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU
-xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCCAk4wPQYI
-KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVvdmFkaXNvZmZzaG9y
-ZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREwggENMIIBCQYJKwYBBAG+WAAB
-MIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNlIG9uIHRoZSBRdW9WYWRpcyBSb290IENl
-cnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4g
-YXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRp
-ZmljYXRpb24gcHJhY3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGlj
-eS4wIgYIKwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T
-KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rqy+/foYGE
-pIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQL
-ExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCLMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG
-9w0BAQUFAAOCAQEAitQUtf70mpKnGdSkfnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+Np
-GA7O+0dQoE7/8CQfvbLO9Sf87C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIg
-R13VRH56FmjffU1RcHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDW
-XcG31a0ymQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW
-xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOKSnQ2+QAA
-AAIAFmFkZHRydXN0Y2xhc3MxY2EgW2pka10AAAFWwkj9XAAFWC41MDkAAAQcMIIEGDCCAwCg
-AwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1
-c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVz
-dCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMwMTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQsw
-CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRU
-UCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUG
-W2ulCDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6ntGO0
-/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyldI+Yrsj5wAYi
-56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJchPXQhI2U0K7t4WaPW4XY5
-mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC+Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/
-Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0OBBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsG
-A1UdDwQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tER
-CSG+wa9J/RB7oWmkZzBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAb
-BgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAx
-IENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X7f1y
-FqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz43J8KiOavD7/
-KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MYeDdXL+gzB2ffHsdrKpV2
-ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJlpz/+0WatC7xrmYbvP33zGDLKe8bj
-q2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOAWiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6
-tkD9xOQ14R0WHNC8K47WcdkAAAACACNkaWdpY2VydGhpZ2hhc3N1cmFuY2VldnJvb3RjYSBb
-amRrXQAAAVbCSRVuAAVYLjUwOQAAA8kwggPFMIICraADAgECAhACrFwmagtAm48LefKuRiV3
-MA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMx
-GTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNz
-dXJhbmNlIEVWIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBsMQsw
-CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
-cnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxszlc+b71LvlLS0ypt/lgT/JzSVJtnEq
-w9WUNGeiChywX2mmQLHEt7KP0JikqUFZOtPclNY823Q4pErMTSWC90qlUxI47vNJbXGRfmO2
-q6Zfw6SE+E9iUb74xezbOJLjBuUIkQzEKEFV+8taiRV+ceg1v01yCT2+OjhQW3cxG42zxyRF
-mqesbQAUWgS3uhPrUQqYQUEiTmVhh4FBUKZ5XIneGUpX1S7mXRxTLH6YzRoGFqRoc9A0BBNc
-oXHTWnxV215k4TeHMFYE5RG0KYAS8Xk5iKICEXwnZreIt3jyygqoOKsKZMK/Zl2VhMGhJR6H
-XRpQCyASzEG7bgtROLhLywIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw
-AwEB/zAdBgNVHQ4EFgQUsT7DaQP4v0cB1JgmGggC72NkK8MwHwYDVR0jBBgwFoAUsT7DaQP4
-v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQEFBQADggEBABwaBpfc15yfPIhmBghXIdshR/gq
-Z6q/GDJ2QBBXwYrzetkRZY41+p78RbWe2UwxS7iR6EMsjrN4ztvjU3lx1uUhlAHaVYeaJGT2
-imbM3pw3zag0sWmbI8ieeCIrcEPjVUcxYRnvWMWFL04w9qAxFiPI5+JlFjPLvxoboD34yl6L
-MYtgCIktDAZcUrfE+QqY0RVfnxK+fDZjOL1EpH/kJisKxJdpDemM4sAQV7jIdhKRVfJIadi8
-KgJbD0TUIDHb9LpwJl2QYJ68SxcJL7TLHkNoyQcnwdJc9+ohuWgSnDycv578gFybY83sR6ol
-J2egN/MAgn1U16n46S4To3foH0oAAAACABdxdW92YWRpc3Jvb3RjYTFnMyBbamRrXQAAAVbC
-SeLKAAVYLjUwOQAABWQwggVgMIIDSKADAgECAhR4WF8urSwZS+M3BzU0Eyi1ltRlkzANBgkq
-hkiG9w0BAQsFADBIMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEe
-MBwGA1UEAxMVUXVvVmFkaXMgUm9vdCBDQSAxIEczMB4XDTEyMDExMjE3Mjc0NFoXDTQyMDEx
-MjE3Mjc0NFowSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc
-BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
-AgoCggIBAKC+UBCO6fJsQLQEnIW5McrcLeQRqQQ8G1XB51gwHSS0w++F3ows4cE934LmT61H
-h2zsW0nBStW7j+yHrH+CmobsPQOZUgHSNZ6s2vBTyWY81KwCAdok0zuoAkavpBzj+HNYdrf2
-DpANtfDPzPr5xkzlw4YwCo0XfjXrxd+7DpzAjYfjiDiFZ/o+x6vgE5wFGJjPk/WxkrT8I9PP
-1cQnSeCePJsIo4tdKiHg/DmqU9p9fs8aCVO8XQUEz6FKj4t2gg2h+NLHFHdbkDYHgZs+BvpS
-XmPFpgD+pelSG1K1kjlyAwlivbBgFm6m3SXCA2bd8wTRQOJOi4b0b+WDoCeEXgTB9ZC9MD3E
-76hpvDibpKSW0WLaacABlq7LxFE06gyq/yGOWY9KXORhmqfS6Sp4jVE9OhXuolmOqVzexfmQ
-IuWIRXHdkZlsep89PZh8Xva+FmigXq4LI/xaD6oidi3JoRAd5NNEI5CIn8Yq5tf1mrNYHi8w
-iQgbVKK1mCPsCHcclV1h0cuJnF+iSpGa7yGqSRYIqL1hKDHJdK2F9tnFsYvR5RAyTV+LIDo8
-SR8zhVkN28sJdUNpc/trcX3w38RMfcajLsiVectzoo5OTST7XuQEvnIbpictSVqZetdcCSC3
-f5S5T/ENHF6IQhsRt+eR255s9GrfjAaYA63MKO+lR/NTAgMBAAGjQjBAMA8GA1UdEwEB/wQF
-MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSjl9bzXqIQ4atFnzwXZDzuAXCczDAN
-BgkqhkiG9w0BAQsFAAOCAgEAGPpbdfw+esdfd8fK389fwxLEQF3UMqq4atfVFRVGmCOl5pBb
-GJlM461Co4IxNojN6fvEBJZIiwHHjQHPWzMGlkZmdB1P7cG2ubQNYcxjftcud4yWHCojaGuF
-V3ZwMxP+4U+mI3cY+hqM6L1lyc8/9MkX3OvHvMAELi1GL2lmwxuP/uw+08qUv3YKJQ2pewIc
-qdA7XwvAgTo9ZOG/py1OvU3E2CnGIhjQxaxyAoI/qjqiOiKXMd0IY8N1FLlgKC1baOAWqWaC
-I1H161PYMZt76bedS+uIFs/5XTiKSTCP7fHrGfR3GjEYTWdUbC9vZfnbPewh7F709IvKYGVU
-0XFk9Pmmo4EzNjNx8KR4X06tgyHeNEmN6FmsnfJ2WjbyE/Sv4AnHYSps9+CdrruGSihvLu60
-ec2QM8Ozdvr18GydAZD6npD2nHLPR9rDH+Q1IFPyVNHfYYOmAuIlON6FMi1ec5BSXULEzj1L
-4fkZhB3VolDMQftBFMO91slao2NmAoC9BTo7R5zsACZM9YhRv6gjfxgHsAvtiyahZNNhSutc
-n96zr2cDsx/dbV1paGmrXjrsfGm8xzuFTp4VubQVT8OVeljXyWzpbLnzKWNetCzwLT3tWmXg
-qVtAwkiZgW2eHwYqPBK0iw+boiTwpo3WeuBLtmSWY5WEwkrNHC4khzNg5cMAAAACAB1jZXJ0
-cGx1c2NsYXNzMnByaW1hcnljYSBbamRrXQAAAVbCSYPHAAVYLjUwOQAAA5YwggOSMIICeqAD
-AgECAhEAhb1L89ja42n2lNdfw6VEIzANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJGUjER
-MA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNzIDIgUHJpbWFyeSBDQTAeFw05OTA3
-MDcxNzA1MDBaFw0xOTA3MDYyMzU5NTlaMD0xCzAJBgNVBAYTAkZSMREwDwYDVQQKEwhDZXJ0
-cGx1czEbMBkGA1UEAxMSQ2xhc3MgMiBQcmltYXJ5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA3FCW0BL4NdIIeHq2UnD9b+7PuRHLXXfh7Ol+BI3WzG9zQ1dgrDMKROwD
-XxyAJJHlqJFWEoL34Cv0265hLokQjWtsurMCvdU2xUg3I+LwWjdSMxcS4tFgTb4vQRHj9hcl
-DIuRwBuZe5lWDa/u0rxHV+N5SXs0iSckhN6x7OlYTv5O31q+Qa2sCMUYDu/SU+5s0J0SARON
-3IBi95WpRIhKcU5gVZ7bIxl5VgcMP2MLXLDivn4V/JQzWEE4dMThj4vfJqwftYs7t0NZa7Ak
-pm2Qi8Ry6l0zmLfL3l5775TxGz7KySHBxZgCqqL2W3eb9X6WVTQcZ2nA8ULjR6z8KBxmVQID
-AQABo4GMMIGJMA8GA1UdEwQIMAYBAf8CAQowCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTjcy3f
-yw4oDN7ds6TKebiOu+gwiTARBglghkgBhvhCAQEEBAMCAQYwNwYDVR0fBDAwLjAsoCqgKIYm
-aHR0cDovL3d3dy5jZXJ0cGx1cy5jb20vQ1JML2NsYXNzMi5jcmwwDQYJKoZIhvcNAQEFBQAD
-ggEBAKdUz4hEGcvf1H8A31YzYrX3UQGQ68M/0YhE6SRd7+cUvSC3mjwA/m2f25Dc1/Ri1otw
-XeflBEipaHzJ8ULzbH/FenwdUYi60go+J13eLVFO0xNkaeQu49PnmwmZpuCVm84a13++PM5S
-sxEVwQ8XzQO7nCUVuqJ2ifwG8RjQk0sOfIK3pfT2X/7tQKadhHQ5udwehRbaKRuGIwDJu4l+
-boCIHi8UtAMkqDJvA5pHLDC+VsanQgJwG+pA2LoFA3AHpJb//UgzCuHcpYGQm03dfefnss1c
-yGqV+KX2jcRdeAi+ewbWSc8ZNlAjLgjmngVNRxjVFumx1rYQ1buXv6KOtFQAAAACABBhb2xy
-b290Y2ExIFtqZGtdAAABVsJJt/MABVguNTA5AAADqDCCA6QwggKMoAMCAQICAQEwDQYJKoZI
-hvcNAQEFBQAwYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0FtZXJpY2EgT25saW5lIEluYy4x
-NjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
-MTAeFw0wMjA1MjgwNjAwMDBaFw0zNzExMTkyMDQzMDBaMGMxCzAJBgNVBAYTAlVTMRwwGgYD
-VQQKExNBbWVyaWNhIE9ubGluZSBJbmMuMTYwNAYDVQQDEy1BbWVyaWNhIE9ubGluZSBSb290
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQCoL+ikaQYDR8PpKpj/GaJwmsZQsn6l32hNG3wPtpdofS2mi5fpZIbJo++ghr9gZZxL
-VIjCSMVKOb8U41lV5Rm0dMi0BTlcFqXilQXgEq5Zi6IzaFgcptQVt9if19xxq36av5uOMw8i
-/R8u5wc272I5xd3LuiUUI94Mxj08zoII5mY+2lE7FjqjBX+g3IfVnPxyqaB9eOS3MVUeZbvU
-YbAhYO0QMnLFkiUe+JBKGHhH334wNz5QG9sc02uahlMHsO+sBnj4hJn+IY1MgLYMgvZmcHka
-00+jz/HPRrBLDz7diGK4jKkJKDt6x5fhHuX0n8DAriSgyKHZD9Z7JoJpMj2nAgMBAAGjYzBh
-MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFACt2aP2efZudKl/Mz2BF9dMzzPeMB8GA1Ud
-IwQYMBaAFACt2aP2efZudKl/Mz2BF9dMzzPeMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0B
-AQUFAAOCAQEAfIrRHxg3guC4sKPtVpXIYmGcBaLNwmImYc0QFtfMtGU00BGKraipBWbvdPNt
-X52Zr/aL++tSsgWYom8qxVS9Jb1frsiG6kYswbO9welJcBgWlwgTjCDgGy46R8se5AAwlVv0
-RaPAGrABTqu9wCNuYz+ASsUH7dzib8fBYvHjctYEyHRnC/qIq6EByG/wFK/Smc1Rk37tLjjH
-vc5GUD1y43klnZuIKxAg3aW4Mp+N4CnfIXSGgtsvgjDGxzWGs/mWX0bbDEX981DDb8bDSK1G
-puEnRwodDpu2wnd/Y/LgfRq+/ODf18enbLD5rro8/XS0EehYDYC806iAOpntdcxGewAAAAIA
-EWNvbW9kb3JzYWNhIFtqZGtdAAABVsJIyGkABVguNTA5AAAF3DCCBdgwggPAoAMCAQICEEyq
-+crbY2/gH/dO2FsDhp0wDQYJKoZIhvcNAQEMBQAwgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQI
-ExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9E
-TyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5MB4XDTEwMDExOTAwMDAwMFoXDTM4MDExODIzNTk1OVowgYUxCzAJBgNVBAYTAkdCMRsw
-GQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoT
-EUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTd
-xc9EZ3SZKzejfSNwAHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+
-XPmT5jR62RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr
-ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt4Q08RWD8
-MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIqm1y9TBsoilwie7Sr
-mNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/vOldxJuvRZnio1oktLqpVj3P
-b6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT8dm74YlguIwoVqwUHZwK53Hrzw7dPamW
-oUi9PPevtQ0iTMARgexWO/bTouJbt7IEIlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31Bq
-VUa/oKMoYX9w0MOiqiwhqkfOKJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKI
-f6MzOi5cHkERgWPOGHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09
-XiidnMy/s1Hap0flhFMCAwEAAaNCMEAwHQYDVR0OBBYEFLuvfgI9+qbxPISOre44mOzZMjLU
-MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4ICAQAK
-8dVGhLeuUbtssk1BFACTTJzL5cBUz6AljgL5/bCiDfUgmDwTLaxWorDWfhGS6S66ni6acrG9
-GURsYTWimrQWEmlajOHXPqQa6C8D9K5hHRAbKqSLesX+BabhwNbI/p6ujyu6PZn42HMJWEZu
-ppz01yfTldo3g3Ic03PgokeZAzhd1Ul5ACkcx+ybIBwHJGlXeLI5/DqEoLWcfI2/LpNiJ7c5
-2hcYrr08CWj/hJs81dYLA+NXnhT30etPyL2HI7e2SUN5hVy665ILocboaKhMFrEamQroUyyS
-u6EJGHUMZah7yyO3GsIohcMb/9ArYu+kewmRmGeMFAHNaAZqYyF1A4CIim6BxoXyqaQt5/Sl
-JBBHg8rN9I15WLEGm+caKtmdAdeUfe0DSsrw2+ipAT71VpnJHo5JPbvlCbngT0mSPRaCQMzM
-WcbmOu0SLmk8bJWx/aode3+Gvh4OMkb7+xOPdX9Mi0tGY/4ANEBwwcO5od2mcOIEs0G86YCR
-6mSceuEiA6mcbm8OZU9sh4de826g+XWlm0DoU7InnUq5wHchjf+H8t68jO8X37dJC9HybjAL
-Gg5Odu0R/PXpVrJ9v8dtCpOMpdDAth2+Ok6UotdubAvCinz6IPPE5OXNDajLkZKxfIXstRRp
-Zg6C583OyC2mUX8hwTVThQZKXZ+tuxtfdAAAAAIAFWtleW5lY3Rpc3Jvb3RjYSBbamRrXQAA
-AVbCSa4jAAVYLjUwOQAAA+kwggPlMIICzaADAgECAhIRIbwnbFVHr1hO79TO1imyooUwDQYJ
-KoZIhvcNAQELBQAwTDELMAkGA1UEBhMCRlIxEjAQBgNVBAoTCUtFWU5FQ1RJUzENMAsGA1UE
-CxMEUk9PVDEaMBgGA1UEAxMRS0VZTkVDVElTIFJPT1QgQ0EwHhcNMDkwNTI2MDAwMDAwWhcN
-MjAwNTI2MDAwMDAwWjBMMQswCQYDVQQGEwJGUjESMBAGA1UEChMJS0VZTkVDVElTMQ0wCwYD
-VQQLEwRST09UMRowGAYDVQQDExFLRVlORUNUSVMgUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAMb9sxeFoa0mG5VpNSE9pIj63ttgNkAXacIUY/u42cJ0FTcunNAg
-zWmNhDKihUwUtJvyJbNUKoM/Lb4P8ztk0f+gUO93TztO4T8LZIWaulh+0sNi02QlotSylzx3
-XWMqM5L8zYINm1SVh/W164zNW9HKMC/JiEa1zQ0RtBiP7tGhPl0V6CjP38OQm2zM0QxFd7M6
-64qQHemvZGqJe6k9Q3T65GciofvcTcT1YsnKJbTJgGAzqd17oAK/liUKXslfKXu0F4GLbYEZ
-0NmDXAWPQWkaaUOAn6iv4OmMkYsnK6ImYM0P8qSjAoOOGIHCF4pDFflt8x0QpFqcRGEjIXrY
-+9ECAwEAAaOBwDCBvTASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIBBjBXBgNV
-HR8EUDBOMEygSqBIhkZodHRwOi8vdHJ1c3RjZW50ZXItY3JsLmNlcnRpZmljYXQyLmNvbS9L
-ZXluZWN0aXMvS0VZTkVDVElTX1JPT1RfQ0EuY3JsMB0GA1UdDgQWBBTvtyOX0KiRf6bPpiHA
-NJ/Md0Hh0DAfBgNVHSMEGDAWgBTvtyOX0KiRf6bPpiHANJ/Md0Hh0DANBgkqhkiG9w0BAQsF
-AAOCAQEAGjFpmULC5UCFop+Sw2PUjyE5qBkh/nr8w01A8yvoS6xbTFmTxtx+C698X5WFa73H
-b7rBvvjGOmdLk8YFaT4kLfAbkcY+P+xCGJNsAySKbvkgZyt8bas0ySoiMw3XfY/u0jZkQsg1
-mm4ZYcuNZ/Bop9AkBebDF7pFrnxDtYB4A00gcwX8QxCdNWlCdZQlgiumO5AY3sGpr/Mtlb+V
-p88Yl+FZ4qKvGhZhDfcTcVOTN/08rwAdbIsUr0aWjLZSfMwtTs3h6UsK7pr+epjnKbob2hy6
-3GvNBA4mQKnrczz+UKgRJ1W9245L708Y7RX/vYaYZu6aJXE0bFDxslHLZp1NKQAAAAIAFWJ1
-eXBhc3NjbGFzczJjYSBbamRrXQAAAVbCSTesAAVYLjUwOQAABV0wggVZMIIDQaADAgECAgEC
-MA0GCSqGSIb3DQEBCwUAME4xCzAJBgNVBAYTAk5PMR0wGwYDVQQKDBRCdXlwYXNzIEFTLTk4
-MzE2MzMyNzEgMB4GA1UEAwwXQnV5cGFzcyBDbGFzcyAyIFJvb3QgQ0EwHhcNMTAxMDI2MDgz
-ODAzWhcNNDAxMDI2MDgzODAzWjBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwUQnV5cGFzcyBB
-Uy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMiBSb290IENBMIICIjANBgkq
-hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA18de98EH1Hf7QyH09PVp5O4yAdujhh/kWQ2653WD
-UuvqHGEVSLsdB8qMrrDclp3qw2CShoIoc5xWBv9LZPAMKjdJteXPDHzu8Uq7czBl89Uvg7Z+
-4+f1nqtg+dPxnZJ0iuQclqxbgOm19DGHo1H8x36hb45Td9SXwVUzkj4YL3XUrYZJy5WvVAZs
-2AYTjVv/4SYZWcAkuoFxeZBEUGgklF+4sxHxKUFho0HLIzbVwfEyUBBOf/SGk+yE0468S79c
-AU4HPdwUipQKpOpz+wtR6BMHGPoO8SvRVBV9POH3tBlCZ2Jed+CiVey22WkX1TqvRO1KxZ7k
-eid85XXXqssl599rCtsPTZNOqKDNey7yWQFqtw24B4F+izgbOOYKV5k97iHoo/UMFt2L7DSO
-nCocABUXjWiD0nCfGAjNEWjVyWtSzcRGj9y189hXcx7plDkEv9PeON60U+xpHKJ+xI/kG3Ct
-8qL5+/cWZGZpn0lRouIVGGcGSn/VbLVNszPgYetdvumYDzLXHUs8LloBUpEJ8t/qjdgGQGOq
-EeT+wzeeFFI/9OLM8mGT0f1na9dSrr9oq0BDoFc1U3jwU/hhQgdkxtdvm0w4DWOsYq82i6Jz
-Cg31Ib10qk3qcgNJ28dfHWJjx/3dkewz7vVttG4waN7I1iawdV57tAcgmKF2MrhNbE8CAwEA
-AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUyYB34GKSgvVGnPO690zD3rijrTkw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQBTXyH1urA6UjkskrBsAMnvziDv
-BvKWnumkdH96Fvy39bb7FRs/q6bAcl0QsXHuvE/jrawDbS5xLq/E462jvQwRp7T/SrJ7EBAf
-p1dBssCu9CxZ1kcQiPMhUSkwymCGr0arHe06W7CU3kTjQQiiwewd1v1PttZH0BQLyubKtXt3
-fkEfXoPHtow5lrA/loFBb2CQ4uj5+yJx2X2zPUa/tISvkBwPjxJqr+/uHnquAkqKFyt2/qxU
-iSQsTz+2sqdOjKiRl/spxntcLbnLZra3qFsSUYW1CX5ieHD+qWpgth0OeQz9yuokgHLDlz/y
-d6tDIgrH67YMhIIsgGtBigjA66Vr35kSy4rVXoAMkeAmCDZIxfo4ETX/JYMt8nq/2v2O/qXL
-RSwfxIhTrncO2Zp2xY4sHaO61ewyrsCqrPfRek3r1AfiSPcijrCkn2rOjrKyYPSjItAj65Ra
-emndD79AV6xrWVDZo5nhbv6NAXknIxXekp17CU1a50tIMFoY5gpt5o/g0rvm33xuIYLBaDlN
-tJhYZmLMSpBew/onBLF5FXSZzL6tIN4mYBzrVlGmo+rkoz+n/2Hc8VpNbDIjQ+6sqO7uShIJ
-PF1xwr55+sKHaB0L/VxpzAbQmn1UmSrJORoZr0sqQ/NjXVpY4i/jHeSp1tAK0J6/14EJ8cnH
-Jg2smBZWoAAAAAIAFHNlY29tc2Nyb290Y2EyIFtqZGtdAAABVsJJcO4ABVguNTA5AAADezCC
-A3cwggJfoAMCAQICAQAwDQYJKoZIhvcNAQELBQAwXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoT
-HFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11
-bmljYXRpb24gUm9vdENBMjAeFw0wOTA1MjkwNTAwMzlaFw0yOTA1MjkwNTAwMzlaMF0xCzAJ
-BgNVBAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScwJQYD
-VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTIwggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQDQFTlSsVKzusVZgsRdUq46Q2WAS8fylrzbNpfWpmSMqF7w4woc99+X
-PUuu9l3sIbVBq825fnafvvk+NjSgO8H2MRFFdJM9V4DF+YmZyuWratS12kGQEMHW1kKJwr/0
-OBKVTFQF9zbkRYN7FGXW3AxN0d5+DKs7xBW+OlamWm92aVKpernI62qaXVLQLQprNRYJEITQ
-aso6BgA3R+R+V08/i+tnuIiqxb5TVbKRxH25sIUZBngu22Ea+oX1SpGh5xbVjqI535S4cB8o
-P4v8QF5jgzyDKhqZa8/eWWo7/G8W1x/9ShDrToIWOqwnDFPxrdUksGsDUMEtPBbdRDQnGnX7
-AgMBAAGjQjBAMB0GA1UdDgQWBBQKhal3ZQWYfECB+A+XLDjxCuw8zzAOBgNVHQ8BAf8EBAMC
-AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEATDqjRKy5RbHHk37ICwpC
-32TqHO5ZbAi6iV9qykqVnnqPB8XaRXKCcQ460sxvp7ShI7v2JJ/LF/6Mps7C0tvMjfxx/AMp
-wWxdM19ktmU7iW8Ydnj13KJIHxk/jpPr8foX7s1O4wQSVdbl5N37PgV84h1exqe8l09oOvXp
-LgpDtq9XXGJofLf9o4qEoKxivisJhzTwagG7mylWPP4AN88jbPFOqrZ0RhJske401eyakedE
-vpAxctVJAvYC5fQf63zZllWp/+yK+ZlH/zVaAqoEy4pbh3Epkb2ktHoNvZr1VyMAByEXP0o5
-0QVJC6e2N4GlXYyqM16BKHynfSfrAK6NNwAAAAIACm9sZGFhaXJvb3QAAAFi32KkWwAFWC41
-MDkAAAZFMIIGQTCCBCmgAwIBAgIJANSi/bsXEOI5MA0GCSqGSIb3DQEBCwUAMIG9MQswCQYD
-VQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCkJlZG1pbnN0ZXIxEjAQBgNVBAoMCU9w
-ZW5FQ09NUDETMBEGA1UECwwKc2ltcGxlZGVtbzE6MDgGA1UEAwwxT3BlbkVDT01QIHNpbXBs
-ZWRlbW8gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEnMCUGCSqGSIb3DQEJARYYc2lt
-cGxlZGVtb0BvcGVuZWNvbXAub3JnMB4XDTE2MTEyODIxMTQyNVoXDTI2MTEyNjIxMTQyNVow
-gb0xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOSjETMBEGA1UEBwwKQmVkbWluc3RlcjESMBAG
-A1UECgwJT3BlbkVDT01QMRMwEQYDVQQLDApzaW1wbGVkZW1vMTowOAYDVQQDDDFPcGVuRUNP
-TVAgc2ltcGxlZGVtbyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MScwJQYJKoZIhvcN
-AQkBFhhzaW1wbGVkZW1vQG9wZW5lY29tcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
-ggIKAoICAQDLgdDTCZX5xlMFIo+tjj5DItAwbutQE3NMchx/CRIuYwRCBOEO0yOsAdnZAuhe
-Yrjv/Dw4wKNzcvtIlYbfiPsGWVvx5j6+xoGBLLwIOnDyzD2B62uCvMs947MAuiqpPojPwDDb
-9fF5EIhlC+cBzSYKm7D5ihYxmUCnh9yHIPEMq0IoVj2illlKeCTLW+bZKeaKoWdkFxyyzykO
-oMFgZTUm01EhDIt1DHTve675Qq80UgzrZdSK6Zjv3wLV7tkJSGmCkbUELpxsTLKYuaGUkE0m
-5n3SMUcvBDa6WNQpWlUbZlTwWotOrxfNGib3nGiqyCmQXrVvuuBDzmZifZaJpBGiiGiOxp0j
-79E/OZkfk/9V3Hvfy78Ss9H5uhf/ACGKsUq9nN25u+Wpz7EzAQm/OBubBrBCMP/8pm+y1jCf
-Q6Bwd0Nm48KrJkTeySkferISNmpQZ2dyZXQVXMarbRfagQ6XdJw6EVnDwydVzb5LAqam3JUX
-jsHIj7Gv2DmXwJtwV+cnKB/OxRsP/JWwlyC9pFGy17HWc7EwPqXm1UNdDM36UaoBDzsh3DcI
-vg5+BOOtYPmiZ2+CMD2JxAXmtCMAmQA1mSsW7beTuHKy+7EdCAWcregE60PE3w2lG8n50YSX
-b0WZ2IaQUsBhhpZmu6VVTEcoi5eMglI6QyO21y0oKPYWPQIDAQABo0IwQDAPBgNVHRMBAf8E
-BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmmQFQD3oWZUOVE81Qc9WSfcyqwww
-DQYJKoZIhvcNAQELBQADggIBAE1ArwZwMVVJe1Pjp1R9+Q766Qhzh4EN9RFCsktCcf4pB23l
-PtFhMhIZJP5eZKLB4MUIvtmleU+DmOWfjcEcgauMrc9Ihacra+IRJsr4JQjQSDHoEgl/yR6V
-Ud9vbGH66ElIg9nP7XWAE6h5DTAxA8X1qyUOVGsKAps2uhBwNtl8RdX6GrZahkSOUMOq3H4w
-yEEPQlpU2AewZqOUp0vdbQ/is6cbJh6dgxFrSzBti/MKj/EPM6yJwlO+RfGlJmEI7J7bLEYI
-eNssLnv6FGiOgyWQ+gmwVK827F4Jwoght2BCcNsG/oPkAPbdw4yRIyi92QSWMEBKibECypQE
-a1DYvfHWGQLQifGzFuJTOca9vgu2B/BQ+0Ii4DqMS8hc2rw1CAD5zHAT/BIgAKM6ygL5Oyvr
-j8AQLgOkjhFh0HFKneh4j7wBtibpmDnBoSv227PAtdytCoRgivjhmF5BRyx7BswcTEtZHWHx
-D/i2wlMEGNqGbcRmCCy9hhCxitAz70aq3Y/pC46n7w5bOmvJAp9D+WmTJ9PdpDjiwCXCkMD3
-QaTuUV1W3Zr4mLLj6gRLb6ycgDrsqXnY6/JB/AOdgxFK9q1vjhm02FAABIa+kL10CKPuRdlE
-/GsWl03WKMeT5bY3MTO3odsNXhKWA19hwUAp0gnljuFHPX7jWwruZ1eD8mQvAAAAAgARZW50
-cnVzdGV2Y2EgW2pka10AAAFWwkjuQgAFWC41MDkAAASVMIIEkTCCA3mgAwIBAgIERWtQVDAN
-BgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4x
-OTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVy
-ZW5jZTEfMB0GA1UECxMWKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVz
-dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEy
-NzIwNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYD
-VQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2Ux
-HzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9v
-dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFoNu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWI
-sMn/MYszA9u3g3s+IIRe7bJWKKf44LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQ
-gFA/CYqEAOwwCj0Yzfv9KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KK
-jbHjKYD+JXGIrb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+
-5pPi94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOBsDCB
-rTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAigA8yMDA2MTEy
-NzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRokORnpKZTgMeGZqTx90tD
-+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uEvW0wHQYJKoZIhvZ9B0EABBAwDhsI
-VjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8Zynty
-TtSx29CW+1RaGSwMCPeyvIWonX9tO1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47Rg
-xRzwIkSNcUesyBrJ6ZuaAGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72D
-QnNSi6q7pynP9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM
-++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m0vdX
-cDazv/wor3ElhVsT/h5/WrQ8AAAAAgAYdmVyaXNpZ25jbGFzczNnM2NhIFtqZGtdAAABVsJJ
-W+wABVguNTA5AAAEHjCCBBowggMCAhEAm34GSaM+YrnV7pBIcSnvVzANBgkqhkiG9w0BAQUF
-ADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
-ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMTk5OSBWZXJpU2lnbiwgSW5j
-LiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz
-IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzMwHhcNOTkxMDAx
-MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT
-aWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEo
-YykgMTk5OSBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYD
-VQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5IC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLupxS/HgfGh5v
-GzdzvfjJa5QSME/wNkf10JEK9RfIpWHBFkBN+4phkOV2IMERBn2rLG6m9RFBjvotrSphWaRn
-JkzQ6LxSW3AgBFjResmkabyDF2StBYu80FjOjYz16/BCSQudlydnMm7hrpMVHHC8IE0vGN6S
-iOhshVcRGul+4yYRVKJFllWDyjCJ6NzYo+0qgD9/eWVXPhUgZggvlZO/qkcvqEaX8BLi/sIK
-K1Hmdua3RrfiDabMqMNMWVWJ5uhTXBzqnfBiFgunyV8M8N7Cds6v92ry+kGmojMUyeV6Y9Oe
-YjfVhWWeDuZTJHQbXh0SU1vHLOeDSTsVropouVeXAgMBAAEwDQYJKoZIhvcNAQEFBQADggEB
-ABEUlsGrkgj3Py/Jsv7kWp9k3tshT4aZNHY2V93QFS/FrX8VHzdicz7U51/OFwPbNfor265g
-CV8eX49uuws96loTHgxgb7XAtSMiLgcLy6l0y0e7HcHXpWvML9JC/Undp4nPU7raAFoov4Lf
-+LoTHVCGgv2OMI8pRrAePTXaOGIWGEqt5rZRbN6vYusB0B4k/nqPEhoSaLj7ZpkUFEVcrueu
-aReBK1o3yV4q9MbioVxUm6ZUAM/w8cHHmDAaOzYW26Nu6v2tssLa7wJHE4rA8bMxrU8c4U+c
-rw8Mnfd4Ddj0NVaA2rdtF4+dHoFk4f7FRbqta7kKek5PS4TuS/F93REAAAACABxjZXJ0dW10
-cnVzdGVkbmV0d29ya2NhIFtqZGtdAAABVsJJZ94ABVguNTA5AAADvzCCA7swggKjoAMCAQIC
-AwREwDANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBU
-ZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9y
-aXR5MSIwIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMB4XDTA4MTAyMjEyMDcz
-N1oXDTI5MTIzMTEyMDczN1owfjELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVj
-aG5vbG9naWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eTEiMCAGA1UEAxMZQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQTCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAOP7faNyusLwyRSH9WsBTuFuQAe6bSddf/dbLbNax1Ffq6QypmGH
-tm4PhtIwApf412lXoRg5XWpkecYBWaw8MUo4fNIE0kso6CBfOweizE1z2/OuT8dW1Vqnlon6
-86to1COGWSfPCSe8rG5ygxwwct/gounS4XR1Gb0qnnsVVAQb10M5rVUoxeIau/TA5K44STPM
-doWfOUXSpJ7yEoxR+HzkLX/1rF/rFp+xLdG6zJFCd0wlyZA4b9vwzPuOHpdZPtVgTuYFKO1J
-eRNLukjbL/ly0znK/h/YNHL1tEDPMQHD7N4RLRddH7hQ0V4Zp2neBzMoylCV+adUy1SGUEWp
-+UkCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUCHbNywf/JPbFze27kLzi
-hDdGdfcwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCmqK0izgE9pqP/YtBI
-nYtecrB4ROPcHK8J/SNI+r0qxLlVBLUQo40n3guCY9Du3gw3eUFbIrKwmkFcpnDg1NB3yyPT
-AOBsVi/haQ0N2aq/IYFQ2QalqP+VN9Cq/uKz9ZktRYSK5UIJ13QCL/eJ2JnpvCfUR426DUYc
-d88UpBy5pDHEnCh0AzT/MxkmpekNdLc+l8Z26CeWo2bd4a7yQVvKmFaDc3DkhhrSMUG6L74t
-E1p2b07oToEOP1sDIqASvmZYEUrLA8S0KiotlhfgOVS8SNN2J52aLQamyew50qvbn5oLJwI1
-KbFAlef56JxViBlG1rc09X7OOZrZOPFR908sAAAAAgAcdXRudXNlcmZpcnN0aGFyZHdhcmVj
-YSBbamRrXQAAAVbCSPFHAAVYLjUwOQAABHgwggR0MIIDXKADAgECAhBEvgyLUAAktBHTNir+
-ZQr9MA0GCSqGSIb3DQEBBQUAMIGXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNV
-BAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAf
-BgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTEfMB0GA1UEAxMWVVROLVVTRVJGaXJz
-dC1IYXJkd2FyZTAeFw05OTA3MDkxODEwNDJaFw0xOTA3MDkxODE5MjJaMIGXMQswCQYDVQQG
-EwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVU
-aGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNv
-bTEfMB0GA1UEAxMWVVROLVVTRVJGaXJzdC1IYXJkd2FyZTCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBALH3wzg/tKh/zzmCUWfQbZ/S/1jz558r7A2JVJm5OJkW9+AheUjCu2F0
-EpYdPGpy1TwQZzo57SsTzWbrlQkzpGyXsejG7MF1eZxGXo2r0Gr9uSpVFxBUsxnwmvbxsV22
-p2374HEXa6KI+wDf/hoxdwyaAXqxMuMrAQc4bsOlXiO8RZt7UMHJMI/b5St601v7M0AeoNWY
-F7yLh8OJ012gjrKqqvaOaYgGxfqJIfMInWkuCTObKQ1GD4zMSTSwaVG9+QbNaK1mTLw+rGG9
-CogOyN897nwETJ0KXmuR1u7H7SiNq02HiXPQbqTQHhaLFOF2RAN/Y6zkzUmcxZL0qzKhSFsC
-AwEAAaOBuTCBtjALBgNVHQ8EBAMCAcYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoXJf
-JhsomEOVXQc31YWWnUvSw0UwRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC51c2VydHJ1
-c3QuY29tL1VUTi1VU0VSRmlyc3QtSGFyZHdhcmUuY3JsMDEGA1UdJQQqMCgGCCsGAQUFBwMB
-BggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHMA0GCSqGSIb3DQEBBQUAA4IBAQBHGQ/e
-dMaZl6/8rShedY7rLWfuTnsr1wz/9t7LVaIK4UxUZZNga58SnK1egyzrWq7A5C30AGMduMBs
-8s9Ju02TbwamCiKySWIITv/IyBSyiBZd5wHkEpXlRTSzi2m9z7SFj3VRnn06ODoUSBLG+6c7
-Go0NgkAH6AQIkKGJyxlQ38ocAbwdBBl7EHaXO+6QkMrEDh8WbnXvM/jTb1seluPgdHd0e4qi
-bi3ddtY5MILwq5xS8irHr0lefsdo5YKByGon+SeIKtVYUJUf8DscV7t9FDliK5rJlJIqoyIM
-/4kmfV8jK0fXFR2pap5RDSpRnoH51DtecBJ/EDKcHrud+GaoAAAAAgAXZHRydXN0Y2xhc3Mz
-Y2EyZXYgW2pka10AAAFWwkoAlwAFWC41MDkAAARHMIIEQzCCAyugAwIBAgIDCYP0MA0GCSqG
-SIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV
-BAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZa
-Fw0yOTExMDUwODUwNDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgx
-KjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpnljgJ9hBO
-lSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM03TP1YtHhzRnp7hhP
-TFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6ZqQTMFexgaDbtCHu39b+T7WYx
-g4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lRp75mpoo6Kr3HGrHhFPC+Oh25z1uxav60
-sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pu
-re3511H3a6UCAwEAAaOCASQwggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxi
-EyoZLsyvcop9NteaHNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGB
-hn9sZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh
-c3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0
-aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0L2Ny
-bC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUA
-A4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt
-77JLvyAoJUnRpjZ3NOhk31KxEcdzes05nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23P
-b0iUMkZv53GMoKaEGTcH8gNFCSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR
-10M9p9OB0/DJT7naxpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2B
-iYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1AAAAAgAbZ2xv
-YmFsc2lnbmVjY3Jvb3RjYXI1IFtqZGtdAAABVsJI9FEABVguNTA5AAACIjCCAh4wggGkoAMC
-AQICEWBZSeAmLrtV+Qp3inH5SthsMAoGCCqGSM49BAMDMFAxJDAiBgNVBAsTG0dsb2JhbFNp
-Z24gRUNDIFJvb3QgQ0EgLSBSNTETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xv
-YmFsU2lnbjAeFw0xMjExMTMwMDAwMDBaFw0zODAxMTkwMzE0MDdaMFAxJDAiBgNVBAsTG0ds
-b2JhbFNpZ24gRUNDIFJvb3QgQ0EgLSBSNTETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UE
-AxMKR2xvYmFsU2lnbjB2MBAGByqGSM49AgEGBSuBBAAiA2IABEdFDpb7fV2/6TnRIfifC7bV
-ex6SOkhZHPBiMS3Aeij+Gqdcs7bMl+dF1Fj60XdtQ6LAh2U0Ch963es8M6HFnU2kb0GVOH/J
-HoTr0Z5JkoeUhww6hUpmn51Zk02XYQaGSqNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
-/wQFMAMBAf8wHQYDVR0OBBYEFD3mKUib6gfKIURKJt5u3tKD0J9ZMAoGCCqGSM49BAMDA2gA
-MGUCMQDlaRLJbtvGMboJQeGX+Pv9muJ9EsntfGTTywUli1bZoOdeXU4Lg5xbdimgCSYhamIC
-MHHStY9c6jvheAmFqHWSO8hc/UjvDXQiqAjibsVJzscMvKdhafH3O+Eqy/kr82aQNwAAAAIA
-H3N0YXJmaWVsZHNlcnZpY2Vzcm9vdGcyY2EgW2pka10AAAFWwkmiwgAFWC41MDkAAAPzMIID
-7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
-B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNo
-bm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRp
-ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVow
-gZgxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxl
-MSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFy
-ZmllbGQgU2VydmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20pOsgP
-fTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpWriu2dBTr
-z/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9
-rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufehRhJfGZOozptqbXuNC66DQO4M99H
-67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUc
-dUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
-HQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaE
-d2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/he
-yNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1zqwub
-dQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkdiEDPfUYd/x7H
-4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jzaYyWf/Wi3
-MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6AAAAAgAgdHRlbGVzZWNnbG9i
-YWxyb290Y2xhc3MyY2EgW2pka10AAAFWwklV9AAFWC41MDkAAAPHMIIDwzCCAqugAwIBAgIB
-ATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBF
-bnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50
-ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0
-MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVt
-cyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD
-ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nzHoqv
-NK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTNuUk/
-9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzpesVs
-qXFP6st4vGCvx9702cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHm
-BiiRqiDFt1MmUUOyCxGVWOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+G
-PgNeGYtEotXHAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G
-A1UdDgQWBBS/WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsf
-dOhyNsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPACuvxh
-I+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVwIEoHNN/q/xWA
-5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6g1XqfMIpiRvpb7PO4gWE
-yS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN9noHV8cigwUtPJslJj0Ys6lDfMjI
-q2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6FuwgAAAAIAGWFkZHRydXN0cXVhbGlm
-aWVkY2EgW2pka10AAAFWwkmxZwAFWC41MDkAAAQiMIIEHjCCAwagAwIBAgIBATANBgkqhkiG
-9w0BAQUFADBnMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsT
-FEFkZFRydXN0IFRUUCBOZXR3b3JrMSMwIQYDVQQDExpBZGRUcnVzdCBRdWFsaWZpZWQgQ0Eg
-Um9vdDAeFw0wMDA1MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcxCzAJBgNVBAYTAlNFMRQw
-EgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIzAh
-BgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwqxBb/4Oxx64r1EW7t
-Tw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G87B4pfYOQnrjfxvM0PC3KP0q
-6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i2O+tCBGaKZnhqkRFmhJePp1tUvznoD1o
-L/BLcHwTOK28FSXx1s6rosAx1i+f4P8UWfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLE
-O+GRwVY18BTcZTYJbqukB8c10cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QID
-AQABo4HUMIHRMB0GA1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYw
-DwYDVR0TAQH/BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6Fr
-pGkwZzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRU
-cnVzdCBUVFAgTmV0d29yazEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlmaWVkIENBIFJvb3SC
-AQEwDQYJKoZIhvcNAQEFBQADggEBABmrder4i2VhlRO6aQTvhsoToMeqT2QbPxj2qC0sVY8F
-tzDqQmodwCVRLae/DLPt7wh/bDxGGuoYQ992zPlmhpwsaPXpF/gxsxjE1kh9I0xowX67ARRv
-xdlu3rsEQmr49lx95dr6h+sNNVJn0J6XdgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q
-8rKFYqa0p9m9N5xotS1WfbC3P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw
-3F369nJad9Jjzc9YiQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQwdOUeqN48Jzd/g66ed8/w
-MLH/S5noxqEAAAACABpkaWdpY2VydGdsb2JhbHJvb3RjYSBbamRrXQAAAVbCSYbZAAVYLjUw
-OQAAA7MwggOvMIICl6ADAgECAhAIO+BWkEJGsaF1aslZkcdKMA0GCSqGSIb3DQEBBQUAMGEx
-CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp
-Y2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMB4XDTA2MTExMDAw
-MDAwMFoXDTMxMTExMDAwMDAwMFowYTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0
-IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xv
-YmFsIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiO+ERct6opNOj
-V6pQoo8Ld5DJoqXuEs6WWwEJIMwBk6dOMLdT90PEaQBXneKNIt2HBkAAgQnOzhuDv9/NO3FG
-4tZmxwWzdicWj3ueHpV97rdIowja1q96DDkGZX9KXR+8F/irvu4o13R/eniZWYVoblwjMku/
-TsDoWm3jcL93EL/8AfaF2ahEEFgyqXUY1dGivkfiJ2r0mjP4SQhgi9RftDqEv6GqSkx9Ps9P
-X2x2XqBLN5Ge3CLmbc4UGo5qy/7NsxRkF8dbKZ4yv/Lu+tMLQtSrt0Ey2gzU7/iB1buNWD+1
-G+hJKKJw2jEE3feyFvJMCk4HqO1KPV61f6OQw68nAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB
-hjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAfBgNV
-HSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTANBgkqhkiG9w0BAQUFAAOCAQEAy5w3qkgT
-Egr63UScT1Kw9N+uBPV5eQijJBj8SyuEwC251cf+9MEfWMu4bZx6dOeYKasRteNwoKHNTIiZ
-k4yRcOKrDxy+k6n/Y9XkB2DTo7+dWwnx1Y7jU/SOY/o/p9u0Zt9iZtbRbkGN8i216ndKn51Y
-4itZwEAj7S0ogkU+eVSSJpjggEioN+/w1nlgFt6s6A7NbqxEFzgvSdrhRT4quTZTzzpQBvcu
-6MRXSWxhIRjVBK14PCw6gGun668VFOnYicG5OGzikWyK/2S5dyVXMMAbJKPh3OnfR3y1tCQI
-BTDsLb0Lv0W/ULmp8+uYARKtyIjGmDRfjQo8xunVlZVt3udPoMwa+5HNtuCXcGFXXPQXABoM
-
+EzAoYykgMjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAw
+BgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0MB4XDTE1
+MDUyNzExMTExNloXDTM3MTIyNzExNDExNlowgb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1F
+bnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1z
+MTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNl
+IG9ubHkxMjAwBgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt
+IEc0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsewsQu7i0TD/pZJH4i3DumSX
+bcr3DbVZwbPLqGgZ2K+EbTBwXX7zLtJTmeH+H17ZSK9dE43b/2MzTdMAArzE+NEGCJR5WIoV
+3imz/f3ET+iq4qA7ec2/a0My3dl0ELn39GjUu9CH1apLiipvKgS1sqbHoHrmSKvS0VnM1n4j
+5pds8ELl3FFLFUHtSUrJ3hCX1nbB76W1NhSXNdh4IjVS70O92yfbYVaCNNzLiGAMC1rlLAHG
+VK/XqsEQe9IFWrhAnoanw5CGAlZSCXqc0ieCU0plUmr1POeo8pyvi73TDtTUXm6Hnmo9RR3R
+XRv06QqsYJn7ibT/mCzPfB3pAqoEmh643IhuJbNsZvc8kPNXwbMv9W3y+8qh+CmdRouzavbm
+Zwe+LGcKKh9asj5XxNMhIWNlUpEbsZmOeX7m640A2Vqq6nPopIICR5b+W45UYaPrL0swsIsj
+dXJ8ITzI9vF01Bx7owVV7rtNOzK+mndmnqxpkCIHH2E6lr7lmk/MBTwoWdPBDFSoWWG9yHJM
+6Nyfh3+9nEg2XpWjDrk4JFX8dWbrAuMINClKxuMrLzOg2qOGpRKX/YAr2hRC45K9PvJdXmd0
+LhyIRyk0X+IyqJwlN4y6mACXi0mWHv0liqzc2thddG5msP9E36EYxr5ILzeUePiVSj9/E15d
+Wf10hkNjc0kCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
+VR0OBBYEFJ84xFYjwznooHFs6FRM5Og6sb9nMA0GCSqGSIb3DQEBCwUAA4ICAQAS5UKme4sP
+DORGpbZgQIeMJX6tuGguW8ZAdjwD+MlZ9POrYs4QjbRaZIxowLByQzTSGwv2LFPSypBLhmb8
+qoMi9IsabyZIrHZ3CL/FmFz0Jomee8O5ZDIBf9PD3Vht7LGrhFV0d4QEJ1JrhkzO3bll/9bG
+Xp+aEJlLdWr+aumXIOTkdnrG0CSqkM0gkLpHZPt/B7NTeLUKYvJzQ85BK4FqLoUWlFPUa19y
+IqtRLULVAJyZv967lDtX/Zr1hstWO1uIAeV8KEsD+UmDfLJ/fOPtjqF/YFOOVZ1QNBIPt5d7
+bIdKROf1beyAN/BYGW5KaHbwH5Lk6rWS02FREAutp9lfx1/cH6NcjKF+m7ee01ZvZl4HliDt
+C3T7Zk6LERXpgUl+b7DUUH8i119lAg2m9IUe2K4GS0qn0jFmwvjO5QimpAKWRGhXxNUzzxkv
+FMSUHHuk2fCfDrGA4tGeEWSpiBE6doLlYsKA2KSD7ZPvfC+QsDJMlhVoSFLUmQjAJOgc47Ol
+IQ6SwJAfzyBfyjs4x7dtOvPmRLgOMWuIjnDrnBdSqEGULoe256YSxXXfW8AKbnuk5F6G+TaU
+33fD6Q3AOfF5u0aOq0NZJ7cguyPpVkAh7DE9ZapD8j3fcEThuk0mEDuYn/PIjhs4ViFqUZPT
+kcpG2om3PVODLAgfi49T3f+sHwAAAAIAF2NlcnR1bXRydXN0ZWRuZXR3b3JrY2EyAAABfBBZ
+rUgABVguNTA5AAAF1jCCBdIwggO6oAMCAQICECHW0EpPJQ/JMjf8ql4SjekwDQYJKoZIhvcN
+AQENBQAwgYAxCzAJBgNVBAYTAlBMMSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBT
+LkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJDAiBgNVBAMT
+G0NlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EgMjAiGA8yMDExMTAwNjA4Mzk1NloYDzIwNDYx
+MDA2MDgzOTU2WjCBgDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9n
+aWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG
+A1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMIICIjANBgkqhkiG9w0BAQEFAAOC
+Ag8AMIICCgKCAgEAvfl4+ObVgAxknYYblmRnPyI6HnUBfe/7XGeMycxca6mR5rlC5SBLm9qb
+e7mZXdmbgEvXhEArJ9PoujC7Pgkap0mV7ytAJMKXx6fumyXvqAoAl4Vaqp3cKcniNQfrcE1K
+1sGzVrihQTib0fsxf4/gX+GxPw+OFklg1waNGPmqJhCrKtPQ0WeNG0a+RzDVLnLRxWPa52N5
+RH5LYySJhi40PylMUosqp8DikSiJucBb+R3Z5yet/5oCl8HGUJKbAiy9qbk0WQq/hEr/3/6z
+n+vZnuCYI+yma3cWKtvMrTscpIfcRnNeGWJoRVfkkIJCu0LW8GHgwaM9ZqNd9BjuiMmNF0Up
+mTJ1AjHuKSbIawLmtWJFfzcVWiNoidQ+3k4nsPBADLxNF8tNorMe0AZa3faTz1d1mfX6hhpn
+eLO/lv403L3nUlbls+V1e9dBkQXcXWnjlQ1DufyDljmVe2yAWk8TcsbXfSl6RLpSpCrVQUYJ
+IP4ioLZbMI28iQzV13D4h1L92u+sUS4Hs07+0AnacO+Y+lbmbdu1V0vc5SwlFcieLnhO+Nqc
+noYsylfzGuXIkosagpZ6w7xQEmnYDlpGizrrJvojybawgb5CAKT41v4wLsfSRvbljnX98sy5
+0IdbzAYQYLuDNbdeZ95H7JlI8aShFf6tjGKOOVVPORa5sWOd/7cCAwEAAaNCMEAwDwYDVR0T
+AQH/BAUwAwEB/zAdBgNVHQ4EFgQUtqFUOQLDoD+Oirz61PgcptE6Dv0wDgYDVR0PAQH/BAQD
+AgEGMA0GCSqGSIb3DQEBDQUAA4ICAQBxpQ7O5Om/PzjViVrEAmH7TMUUFy2LT1NrEBf8ZYTH
+EEmQ3tvHJpOIJm9w1gJeOaD3j6uWtaUTXIEUbQ6BghEbik7GT6XdYh5E3wlZ9Ft3CzfpiyDG
++ApOLlgc6zPQz4Zgydr7gC+eTGCEeD0hZNb7QR8YD+fJdXG9vVzeNIc+QbAO9rnWPwkTlhQv
+3podWrlWzjU6sF9wTV7jKfEjKHJZtqvCjGYmHHcsJnY1iyinaaD5O/Uj3YUQdMmQA1aR56+6
+R9QSlxEi46JJlGznt5RLui2k2jOLTKZE/1o8xh1k2LUx5KY8eqhXC9vtYRrL8c5zd2Okh29M
+UTjW5F/Hn7aBKuSFSHlYXjv42wKCZ8E528N0Sz02Hvkpk4hoW6hEGSHwp+iBDSzokza0N7LK
+sBsmepolH5qagJ5LKj/7o5r+czJxwp7GcuGKaCfx5A+0xEylYZP4lxAHKjAlqbnIcbjvaMwt
+fvXgfg+CqG+2umyDQ3fNipIXoZ5beBY9ReIzct3hZsqZ08nFJv0NaARGrrbZm4y+Gb6xxvIZ
+41wCyizYb0oH2ck12kB18sSnGW+eQhCYdeaVi2C87cUS14rO1ZhcVpYDxe53BjX/z+TuPxNh
+7tvaLYXwza6dshgJRcOSoXIX/Ee2oAss8cTeQ2gIal878HZj+8wGLKbG4g61ub4kjwAAAAIA
+JGVudHJ1c3Ryb290Y2VydGlmaWNhdGlvbmF1dGhvcml0eS1nMgAAAXwQWa1IAAVYLjUwOQAA
+BEIwggQ+MIIDJqADAgECAgRKU4woMA0GCSqGSIb3DQEBCwUAMIG+MQswCQYDVQQGEwJVUzEW
+MBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9s
+ZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRo
+b3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkgLSBHMjAeFw0wOTA3MDcxNzI1NTRaFw0zMDEyMDcxNzU1NTRaMIG+MQswCQYD
+VQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRy
+dXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAt
+IGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlm
+aWNhdGlvbiBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALqEtnLbngxr4pnpMAGnduoyuJVBGsnaYU5Ycs/+9oJ5v3NhBgqlJ9izX9NFThxy1k4y8nKK
+D/eDGdBqgIAARR6wx+eavxJXJxyjaC8Kh71qaw5eZfMcd9XUhY1wIbSzMueLotWGOQKxuNJH
+zuTJScQ7p977VH1XvvDobsJ5sjoLVeJQmBYyE1wveFbBwpSz8lrkJ5qfJNfG7NCbJYLjzMLE
+RcWMl3oGayoRn6kKbkg7b9vUERlC948Hv/VTX5w+9Bcs5mmsTjJMYnfqt+jluzS8GYuunFHn
+t361U7EzIuVtz3A8Gvrim2e2g/SNpa9iTE3gWKxkNBID+LaNlGMkpHECAwEAAaNCMEAwDgYD
+VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGpyJnrQHu995ztpUdRs
+jZ+QEmarMA0GCSqGSIb3DQEBCwUAA4IBAQB5nx2WxrZ5PyKNh9OHAwRgamuaLlmJcxGsQ9H1
+E/+NOSvA8r1PcIypL+oXxAtUntQblpgzPKitYqIAdqtZaW4GHX7EuUSNmK8S1GHbChlGR/Pr
+92PBQAVApdK39LWaNr+piHaIBFUEK5yHfxo3PH4tpRrY1Ileyr2sPWzYba/V83YPzTuIOCKd
+bJOaxD2/ghtlP6YPXar85bIVyrWtxrw90ITo6gZysE05Mni/PhGcC6SdmiHz8JsLMHjbwdyH
+Q/68Y5rKxcIcyceN/zsSWAjmtj3seixO+4OWzgw8aYdUc6RzwpP/URCsFVQB2PwFsYmhf3SD
+mknX3E57ikhvi0X2AAAAAgA0aGVsbGVuaWNhY2FkZW1pY2FuZHJlc2VhcmNoaW5zdGl0dXRp
+b25zZWNjcm9vdGNhMjAxNQAAAXwQWa1IAAVYLjUwOQAAAscwggLDMIICSqADAgECAgEAMAoG
+CCqGSM49BAMCMIGqMQswCQYDVQQGEwJHUjEPMA0GA1UEBxMGQXRoZW5zMUQwQgYDVQQKEztI
+ZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENlcnQuIEF1dGhv
+cml0eTFEMEIGA1UEAxM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0
+aW9ucyBFQ0MgUm9vdENBIDIwMTUwHhcNMTUwNzA3MTAzNzEyWhcNNDAwNjMwMTAzNzEyWjCB
+qjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh
+ZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNV
+BAMTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgRUNDIFJv
+b3RDQSAyMDE1MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEkqBB6EuChFzi+DERmYZkTgklL51B
+LwquNU90lbJRZGuNa+Y/cJXwBURHpnI4UHaVAlqOriie+S1Ome8sSG9MJSno0XFb3x3BdTe0
+1/p7ekKcagpWWnxpC6qACSRsfsFGo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwIBBjAdBgNVHQ4EFgQUtCILgpkkAQ6cu+QO/b/7lyCTmSowCgYIKoZIzj0EAwIDZwAwZAIw
+Z84WYjiirGJFp6mVJMAaJ5wyO8DA1bqp5/gEQ1OF7lIh3p31JYM+nlhLL9dnEw4hAjAF4XUB
+3mjtKh9NTAkIDexLrWQXKOd1zkVlciEXyyJBDowTmDiaVG2byuJ86gJYIpEAAAACAB50d2Nh
+cm9vdGNlcnRpZmljYXRpb25hdXRob3JpdHkAAAF8EFmtSAAFWC41MDkAAAN/MIIDezCCAmOg
+AwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO
+LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMzWhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQG
+EwJUVzESMBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU
+V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQ
+QeFEAcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HHK3XL
+fJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeXRfwZVzsrb+RH
+9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/zrX2SYgJbKdM1o5OaQ2Rg
+XbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx3WxSZfmLgb4i4RxYA7qRG4kHAgMB
+AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsm
+jd6LWvJPelSDGRjjCDWmujANBgkqhkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6w
+QT25JmSDCi/oQMCXKCeCMErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1
+KlOy/usrBdlsXebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5s
+H62Dlhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvnaspH
+YcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZYiesZSLX0zzG
+5Y6yU8xJzrww/nsOM5D77dIUkR8HrwAAAAIAEHR3Y2FnbG9iYWxyb290Y2EAAAF8EFmtSAAF
+WC41MDkAAAVFMIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMC
+VFcxEjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMTVFdD
+QSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5NTlaMFExCzAJ
+BgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsTB1Jvb3QgQ0ExHDAaBgNV
+BAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQCwBdvI64zEbooh745NnHEKH1Jw7W2CnJfF10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPS
+nIyOt7h52yvVavKOZsTuKwEHktSz0ALfUPZVr2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWR
+zvAZEk2tY/XTP3VfKfChMBwqoJimFb3u/Rk28OKRQ4/6ytYQJ0lM793B8YVwm8rqqFpD/G2G
+b3PpN0Wp8DbHzIh1HrtsBv+baz4X7GGqcXzGHaL3SekVtTzWoWH1EfcFbx39Eb7QMAfCKbAJ
+Tibc46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1WKKD+u4ZqyPpcC1jcxkt2yKsi
+2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99sy2sbZCilaLOz9qC5wc0
+GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYPoA/pyJV/v1WRBXrPPRXA
+b94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQABDzfuBSO6N+pjWxnkjMdwLfS7JLI
+vgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcEqYSjMq+u7msXi7Kx/mzhkIyIqJdIzshNy/MG
+z19qCkKxHh53L46g5pIOBvwFItIm4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYw
+DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6g
+cFGn90xHNcgL1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqS
+pqsnLhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WFH6vP
+NOw/KP4M8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNoRI2T9GRwoD2d
+KAXDOXC4Ynsg/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+nile98FRYB/e2guyLXW3
+Q0iT5/Z5xoRdgFlglPx4mI88k1HtQJAH32RjJMtOcQWh15QaiDLxInQirqWm2BJpTGCjAu4r
+7NRjkgtevi92a6O2JryPA9gK8kxkRr05YuWW6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXI
+RfmswZ/ZuepiiI7E8UuDEq3mi4TWnsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWS
+sT2RTyaGvWZzJBPqpK5jwa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVf
+P5VhK8E7zeWzaGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer
+/qmyKwbQBM0AAAACABFnbG9iYWxzaWducm9vdHI0NgAAAXwQWa1IAAVYLjUwOQAABV4wggVa
+MIIDQqADAgECAhIR0ru51yMYnkBfCp0t0N8lZ9EwDQYJKoZIhvcNAQEMBQAwRjELMAkGA1UE
+BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24g
+Um9vdCBSNDYwHhcNMTkwMzIwMDAwMDAwWhcNNDYwMzIwMDAwMDAwWjBGMQswCQYDVQQGEwJC
+RTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEcMBoGA1UEAxMTR2xvYmFsU2lnbiBSb290
+IFI0NjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKysdDLos2Xluu1DJh2miQ1F
+uimIsqQdY93TwSwJV4k5oVXpZzR3DG7kVR1SJdITa17hHam3fYkyXw2enyx6Y2BAH6awtniP
+mVSWCFiu5Aa8YgUCFr+vqCMDtpQPvG5swsvVprsM6fbBAvsh3mbdF6t0Qu/wdC8l9OprVVuQ
+253fXocKQPutGWv798pgiN7awY/WrtV/1DyD7tcWTINFM2sn0IbQHC1r86t98YWp9SjSre/z
+hEsch/wTozpyoloRK9YncSftgS1tZoGSh7QbWHrMPwr6Rk9NeFz4K0jjBITLXfa0arNl/EKe
+USYjIMs9FPmB7WUWAE8aZJdmCM+Me+MrwJ35FPIb8VZqFr8shYXNeDia60JqAjQYgxdOlFb4
+toK185bdPfO+fyB3PnsZI2ss1HJzQ1d94PjXaU8XNgT5wJBgN0Xe5gzYdI2unKJtdF1Cvgb1
+2WRuAhCsibBMOwdNQH4kxYqYgnmOpKeCII0j+idxyd/GQXSgTfaRFtxGjF8pYzFZcQzYb8K2
+Mn375l1Tpn4V/Lt1fF3s+PYXHOzHaxnL83vwKwel2Wx5VHZsnRymbg7peQyoI2qj3xswMZ+x
+VHv+astmqtxl0KKeSpoHIWuBj9vEWfreIsAEnOOqWzaT6D29eqGdC3axC8ed/c+YqAbC+Cqj
+oYOgtyVypQLjAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0G
+A1UdDgQWBBQDXKtzgYeozLCm1ZTiNpZJ/wWZLDANBgkqhkiG9w0BAQwFAAOCAgEAfHjs9gIs
+u1t+kitdOdy+2B2iQjNN+e+kKjtEaR6s2UWjTjyn2CRRslQck07E73uThWAm6glI4PW7x+lo
+0rtqMXHMea4RqPCZ/eUfvC+ozFfrdsQhpkdTVU1ovwWk7tcmq2LaQzdL4sa15bKDGTrH09tN
+ngh68+7PPmL7rOhgzNHHoVyDRcRFzPMXaxTJBAI+0iSmeekezqLnwVkVnx3iS5o+n3YILWvY
+ulcU2oPq/oxV6dBOqcx3MbFEEXpcsT7TFEUVGGIkE9LLTc5cg8E28hC1DohtuOFWn4nelmY5
+R2Qsbk2uYnu/YHQZuFaskqwWMu2taFX+mLrTNN70yWHDDob2S4Rg7g17tTJYeZFVLIFDs3Qf
+eqolnh3XoYu5zUIuBKRmg02JNbZsqDZKeSF4ItBCvNFAMZChvgTPymft9fCA02DJgyoiBdAH
+O1K/DJ6qK/m75h+PJbqFjRceAv5dUARXz/4tvO9cwBqrtp8kxt9zaEiQLBT0P1Ia5NLLFMNh
+ac/i+RjFujOfFKMEXblx97WU2PYzwVrBNIt8m92TOucTonBhn6+P69jFdfgzZtR0Zzo3d5zn
+3aQPdkNmikPyn/sMQnhj0eIPb3vUoT10l4W3SDlB1iD80Dqz+uhvxIq6cTe+i5exeDFPs+e2
+AxPOVJ2uJVnMfzVfCPdARTF4KnoAAAACABdiYWx0aW1vcmVjeWJlcnRydXN0cm9vdAAAAXwQ
+Wa1IAAVYLjUwOQAAA3swggN3MIICX6ADAgECAgQCAAC5MA0GCSqGSIb3DQEBBQUAMFoxCzAJ
+BgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAg
+BgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMDAwNTEyMTg0NjAwWhcNMjUw
+NTEyMjM1OTAwWjBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQL
+EwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowS7IquYPVfoJnKatXnUKeLh6JWAsbDjW44r
+KZpk36Fd7bAJBW3bKC7OYqJi/rSI2hLrOOshncBBKwFSe4h30xyPx7q5iLVqCedz6BFAp9HM
+ymKNLeWPC6ZQ0qhQwyjq9aslh4qalhypZ7g/DNX3+VITL8Ib1XBw8I/AEsoGy5rh2cozenfW
++Oy58WhEQkgT0sDCpK5eYP62pgX8tN0HWQLUWRiYY/WlY+CQDH1dsgZ684Xq69QDrl6EPl//
+Fe1pvPk5NnJ1z3dSTfPJkCy5PeXJI1M/HySYIVwHmSm9xjrs526GOmuXdGMzvWgYMfB4jXa/
+/J6OXSqGp02Q3CcaOQIDAQABo0UwQzAdBgNVHQ4EFgQU5Z1ZMIJHWMys+ghUNoZ7OrUETfAw
+EgYDVR0TAQH/BAgwBgEB/wIBAzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEB
+AIUMXY7kb1FoQgWg3btPJyWEA733ZP0t1zDjpBAX69opKbZ5P3b2GRMjuBAK+Vik1GFwvQRh
+ahKKF9UKvcW8MHzW6QwljYZAT+zMo344xjcRT+3daDGOTNKzAXTuvnVeB0gaf3D/FlyEwHmF
+uAX9f75lEaMPwAK0+FI3OQTVqTF6GL+gKvQSmfejRYLjPF71nZ61yJ58Lsiknk4IFEtt/XBt
+axpjvWTmH7fO8PKfLrsbt/JQiHOSwuLjFo2aMgKrjhjd6RAR7n41q5CvPjCUetAzPadlD/X8
+jp5iz0dELAFdux21MtJH0jgu0P6B3DJqHrXuPNX854EdGcMkQupjOakAAAACABNidXlwYXNz
+Y2xhc3Mycm9vdGNhAAABfBBZrUgABVguNTA5AAAFXTCCBVkwggNBoAMCAQICAQIwDQYJKoZI
+hvcNAQELBQAwTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3
+MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTAeFw0xMDEwMjYwODM4MDNaFw00
+MDEwMjYwODM4MDNaME4xCzAJBgNVBAYTAk5PMR0wGwYDVQQKDBRCdXlwYXNzIEFTLTk4MzE2
+MzMyNzEgMB4GA1UEAwwXQnV5cGFzcyBDbGFzcyAyIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDXx173wQfUd/tDIfT09Wnk7jIB26OGH+RZDbrndYNS6+ocYRVI
+ux0HyoyusNyWnerDYJKGgihznFYG/0tk8AwqN0m15c8MfO7xSrtzMGXz1S+Dtn7j5/Weq2D5
+0/GdknSK5ByWrFuA6bX0MYejUfzHfqFvjlN31JfBVTOSPhgvddSthknLla9UBmzYBhONW//h
+JhlZwCS6gXF5kERQaCSUX7izEfEpQWGjQcsjNtXB8TJQEE5/9IaT7ITTjrxLv1wBTgc93BSK
+lAqk6nP7C1HoEwcY+g7xK9FUFX084fe0GUJnYl534KJV7LbZaRfVOq9E7UrFnuR6J3zlddeq
+yyXn32sK2w9Nk06ooM17LvJZAWq3DbgHgX6LOBs45gpXmT3uIeij9QwW3YvsNI6cKhwAFReN
+aIPScJ8YCM0RaNXJa1LNxEaP3LXz2FdzHumUOQS/09443rRT7Gkcon7Ej+QbcK3yovn79xZk
+ZmmfSVGi4hUYZwZKf9VstU2zM+Bh612+6ZgPMtcdSzwuWgFSkQny3+qN2AZAY6oR5P7DN54U
+Uj/04szyYZPR/Wdr11Kuv2irQEOgVzVTePBT+GFCB2TG12+bTDgNY6xirzaLonMKDfUhvXSq
+TepyA0nbx18dYmPH/d2R7DPu9W20bjBo3sjWJrB1Xnu0ByCYoXYyuE1sTwIDAQABo0IwQDAP
+BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTJgHfgYpKC9Uac87r3TMPeuKOtOTAOBgNVHQ8B
+Af8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAFNfIfW6sDpSOSySsGwAye/OIO8G8pae6aR0
+f3oW/Lf1tvsVGz+rpsByXRCxce68T+OtrANtLnEur8TjraO9DBGntP9KsnsQEB+nV0GywK70
+LFnWRxCI8yFRKTDKYIavRqsd7TpbsJTeRONBCKLB7B3W/U+21kfQFAvK5sq1e3d+QR9eg8e2
+jDmWsD+WgUFvYJDi6Pn7InHZfbM9Rr+0hK+QHA+PEmqv7+4eeq4CSooXK3b+rFSJJCxPP7ay
+p06MqJGX+ynGe1wtuctmtreoWxJRhbUJfmJ4cP6pamC2HQ55DP3K6iSAcsOXP/J3q0MiCsfr
+tgyEgiyAa0GKCMDrpWvfmRLLitVegAyR4CYINkjF+jgRNf8lgy3yer/a/Y7+pctFLB/EiFOu
+dw7ZmnbFjiwdo7rV7DKuwKqs99F6TevUB+JI9yKOsKSfas6OsrJg9KMi0CPrlFp6ad0Pv0BX
+rGtZUNmjmeFu/o0BeScjFd6SnXsJTVrnS0gwWhjmCm3mj+DSu+bffG4hgsFoOU20mFhmYsxK
+kF7D+icEsXkVdJnMvq0g3iZgHOtWUaaj6uSjP6f/YdzxWk1sMiND7qyo7u5KEgk8XXHCvnn6
+wodoHQv9XGnMBtCafVSZKsk5GhmvSypD82NdWljiL+Md5KnW0ArQnr/XgQnxyccmDayYFlag
+AAAAAgAXZGlnaWNlcnRhc3N1cmVkaWRyb290ZzMAAAF8EFmtSAAFWC41MDkAAAJKMIICRjCC
+Ac2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJVUzEV
+MBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYD
+VQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwHhcNMTMwODAxMTIwMDAwWhcNMzgw
+MTE1MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD
+VQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
+b3QgRzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8Q
+dJ+1YlJfZn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q
+RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGG
+MB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQDAwNnADBkAjAlpIFF
+AmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlYJjZ91eQ0hjkCMHw2U/Aw5WJj
+OpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv6pZjamVFkpUBtAAAAAIAFmNlcnR1bXRy
+dXN0ZWRuZXR3b3JrY2EAAAF8EFmtSAAFWC41MDkAAAO/MIIDuzCCAqOgAwIBAgIDBETAMA0G
+CSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xv
+Z2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAg
+BgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkx
+MjMxMTIwNzM3WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dp
+ZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIwIAYD
+VQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rHUV+rpDKmYYe2bg+G0jAC
+l/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LMTXPb865Px1bVWqeWifrzq2jUI4ZZ
+J88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVUBBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKk
+nvISjFH4fOQtf/WsX+sWn7Et0brMkUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv
++XLTOcr+H9g0cvW0QM8xAcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQAB
+o0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAO
+BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15ysHhE
+49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfLI9MA4GxWL+Fp
+DQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8J9RHjboNRhx3zxSkHLmk
+McScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhO
+gQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/no
+nFWIGUbWtzT1fs45mtk48VH3TywAAAACABdkaWdpY2VydGFzc3VyZWRpZHJvb3RnMgAAAXwQ
+Wa1IAAVYLjUwOQAAA5owggOWMIICfqADAgECAhALkxw61jln6mcjv8OvmvRLMA0GCSqGSIb3
+DQEBCwUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsT
+EHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBH
+MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGUxCzAJBgNVBAYTAlVTMRUwEwYD
+VQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMT
+G0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBANnnKC9SPzZySYiTNPP4ah4xVICfrVRBtUfflqjUr4AtuQrPdf2JpX0k+uMiDCu8
+lRcLM78ZTUEGkAC9DE0Q/ge15xxuIlUxZZe90xfSHmLz2+psUIw/hAyWz7fLA+DKbaEUTBuJ
+3e0AsFJ8r5FssTgT0ekSCMAAsBwrEdp3cDabrs55h9yCcOYJdHBVaa+jaJ+/3bZ5s/KdcClV
+9Kv/lWHzyUBvHdG+k7vTiCq7nb9yWlZxOz/U89EK/ijvo+7Zma8D049gt/KSobG9iYkfMM3D
+pi5iM64WAndEWueBCjynRC55uD8EvFygh+Ebr1GOzews+vj+bfA6fKqL5GeVMY0CAwEAAaNC
+MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFM7DSrmZVfK4
+22C/qX69VrWXNqfWMA0GCSqGSIb3DQEBCwUAA4IBAQDKpVWM48hBbmknp3UR7zyGNm/SncZ4
+OB1plqKSaS44bJt9BNSJpbExN4rJIcyrbM2LHJrWv0jSMmbBisDzLzrvwOPUkYbRUOMD23N3
+b0o5U+3eJse1fa8rQtF1YuNKKwLHUEvgaeKWbA5EZhBEj60F6/h5rKYb6Dc0nVPJYaqiUq9K
+cBaGwjrIsRNwNtjP7vQKNNVbTP0HnKK62QFyXPNNwd0OsRwNxGO+rfQU+4nsokEOTMzIV0DQ
+bgOqzQyOiZmZbPA8MK8432+8o74pICerdP8TInjel1JVHoO1VCAD7q7AT1beN8zDf6oEJ7vT
+d7hi2xd8nCgiE3Nszyb1iinnAAAAAgAKaXNyZ3Jvb3R4MQAAAXwQWa1IAAVYLjUwOQAABW8w
+ggVrMIIDU6ADAgECAhEAghDPsNJA41lEY+C7Y4KLADANBgkqhkiG9w0BAQsFADBPMQswCQYD
+VQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTAT
+BgNVBAMTDElTUkcgUm9vdCBYMTAeFw0xNTA2MDQxMTA0MzhaFw0zNTA2MDQxMTA0MzhaME8x
+CzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBJbnRlcm5ldCBTZWN1cml0eSBSZXNlYXJjaCBHcm91
+cDEVMBMGA1UEAxMMSVNSRyBSb290IFgxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+AgEAregkc/QUN/ObnitXKByHvty33ziQjG485legePd1wqL+9Wpu9gBPKNveaIZsRJO2sWP9
+FBJrvx/S6jGbIX7RMzy6SPXded+zuP8S8SGaS8GKhnFpSmZmbI9+PHC/rSkiBvPkwOaAruJL
+j7eZfpQDn9NHl3yZSCNT6DiuTwpvgy7RSVeMgHS22i/QOI17A3AhG3XyMDz6j67d2mOr6xZP
+wo4RS37PC+j/tXcu9LJ7SuBMEiUMcI0DKaDhUyTsE9nuGb8Qs0qMP4mjYVHerIcHlPRjcewu
+4m9bmIHhiVw0eWx27zuQYnnm26SaLybF0BDhDt7ZEI4W+7f3qPfH5QIHmI82CJXn4jeWDTZ1
+nvsOcrEdm7wD+UkF2IHdBbQq1kHprAF2lQoP2N/VvRIfNS8oF2zSmMGoCWR3bkc3us6sWV5o
+nX9y1onFBkEpPlk+3Sb1JMkRp1qjTEAfRqGZtac6UW6GO559cqcSBXhZ7T5ReBULA4+N0C8F
+sj57ShxLcwUS/Mbq4FATfEOTdLPKdOeOHwEI0DDUW3E2tAe6wTAwXEi3gjuYpn1giqKjKYLM
+ur2DBBuigwNBodYF8RvCtvCofIY7RqhIKojcdpp2vx9qpT0Zj+s482TeyCsNCij/99viFULU
+ItAnXeF5/hjncIitTubZizrG3SdRbv+8ZPUzQ08CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG
+MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26ZtuMA0GCSqG
+SIb3DQEBCwUAA4ICAQBVH1ipvLKoUNAMsdgaaSAnKQisYXVcim74guVpL9X2Vku5uHMQWdMh
+l37nTHH7stJgrTmoC+oXIVaF8VAOWevO4FnpuskV74adj4SA9uTpkZDcF5tiG0XwZpXSfG/C
+6jvvH8/L1q4n8amwyK79fX6a+iIE6//Zf+qRKyKxFw6P8oo0W1jY/AHJVLm4JsyKiDOJTC2E
+PILf7pZXBbosu/fEt8dOO4K+Mcgic3OS0cKApDk5EDMjgkw8n4ayVZgdvimGjCKbnuJrO1c6
+gnBN3AnHicsKB01s6F2Oye/Oq8e7tStORdZK0CbM5XLKCGqlleMVofek7cksX6X7/6woAi6+
+13u743F7kBbTB15GU3w3B0KM08SWnNWZtSrglRqASK5MOQfOzEekUpUrurj7rdIzU33lHU1t
+1aGxx0Jv5kAnNVyjKLcHjeeNM5DnI5/7UJx5bEbVtBWzlm5+mwyWOrhSLT/WW+H7CMKE/iSo
+o4narGrhGCqxqENhW9Mf3DuNdvIt6I113xczbD1T+3vLQV//3KLQYTjhlrisXYs313XVM8CZ
+Ea6dQcFydYS+AkFCX2ckSJTRmye+Bz+5uE+BdFHherftnSPivuDVKAQTPDEDnt16bI/GBxjG
+f95Hjj8ongQGz6VUNHe97Imb6RdD31vbX/6OHleizUCdfmIi2t4YJwAAAAIAGXVjYWV4dGVu
+ZGVkdmFsaWRhdGlvbnJvb3QAAAF8EFmtSAAFWC41MDkAAAVeMIIFWjCCA0KgAwIBAgIQT9Ir
+j/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJDTjERMA8GA1UECgwI
+VW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwHhcNMTUw
+MzEzMDAwMDAwWhcNMzgxMjMxMDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5p
+VHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrsiWog
+D4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvSsPGP2KxF
+Rv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aopO2z6+I9tTcg1367r
+3CTueUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dksHYf5BA1FxvyDrFspCqjc/wJ
+Hx4yGVMR59mzLC52LqGj3n5qiAno8geK+LLNEOfic0CTuwjRP+H8C5SzJe98ptfRr5//lpr1
+kXuYC3fUfugH0mK1lTnj8/FtDw5lhIpjVMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhT
+A8ykADNkUVkLo4KRel7sFsLzKuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fV
+UbGAIAEBtHoIppB/TuDvB0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfb
+lLkWU41Gsx2VYVdWf6/wFlthWG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs
+1+lvK9JKBZP8nm9rZ/+I8U6laUpSNwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQDfwIDAQAB
+o0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS3H5aBZ8eNJr34RQwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBADaNl8xCFWQpN5smLNb7rhVpLGsa
+GvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAURap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZL
+cpHIojG5qtr8nR/zXUACE/xOHAbKsxSQVBcZEhrxH9cMaVr2cXj0lH2RC47skFSOvG+hTKv8
+dGT9cZr4QQehzZHkPJrgmzI5c6sq1WnIeJEmMX3ixzDx/BR4dxIOE/TdFpS/S2d7cFOFyrC7
+8zhNLJA5wA3CXWvp4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb+7lsq+KePRXBOy5nAliR
+n+/4Qh8st2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOWF3sGPjLtx7dCvHaj
+2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwiGpWOvpaQXUJX
+xPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2CxR9GUeOcGMyNm43s
+Set1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmxcmtpzyKEC2IPrNkZAJSidjzU
+LZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbMfjKaiJUINlK73nZfdklJrX+9ZSCyycEr
+dhh2n1axAAAAAgAGZWMtYWNjAAABfBBZrUgABVguNTA5AAAFWjCCBVYwggQ+oAMCAQICEO4r
+PevUId4UqGKsBPPdxAEwDQYJKoZIhvcNAQEFBQAwgfMxCzAJBgNVBAYTAkVTMTswOQYDVQQK
+EzJBZ2VuY2lhIENhdGFsYW5hIGRlIENlcnRpZmljYWNpbyAoTklGIFEtMDgwMTE3Ni1JKTEo
+MCYGA1UECxMfU2VydmVpcyBQdWJsaWNzIGRlIENlcnRpZmljYWNpbzE1MDMGA1UECxMsVmVn
+ZXUgaHR0cHM6Ly93d3cuY2F0Y2VydC5uZXQvdmVyYXJyZWwgKGMpMDMxNTAzBgNVBAsTLEpl
+cmFycXVpYSBFbnRpdGF0cyBkZSBDZXJ0aWZpY2FjaW8gQ2F0YWxhbmVzMQ8wDQYDVQQDEwZF
+Qy1BQ0MwHhcNMDMwMTA3MjMwMDAwWhcNMzEwMTA3MjI1OTU5WjCB8zELMAkGA1UEBhMCRVMx
+OzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2VydGlmaWNhY2lvIChOSUYgUS0wODAx
+MTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYD
+VQQLEyxWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMG
+A1UECxMsSmVyYXJxdWlhIEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzAN
+BgNVBAMTBkVDLUFDQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALMix0/il0KV
+iEeDQPYdF/ODcyQeUfOYisOSuP9AkAVwh2DJAKm1lGUZIhUXwkNsZkSaDQQ+OW+lS3qqY7eK
+RJ3ZY5GEZuAoD7pC426O9xQnk2nukQ6jXw6x62aick8SE4Zlej7bTwf0pwlg2jpCmceyf7MW
+lRzH+TS1lIXVmV6gSKB+5xdluKJ1uB7z5UJ9r+3zikhkXYIUk9jA5P+zUHLydvazXUJQedCU
+PmsMAL7Yaw5OKuw+0syCohhlMxN3nppdGhPYw9s9yJd67nDtp+Z823HPLZRi323W9Ti+P6WF
+Chm4qNgJdUJwxOrvyw7INKgSIpgMuBOUtkvs8NCQ5ycCAwEAAaOB4zCB4DAdBgNVHREEFjAU
+gRJlY19hY2NAY2F0Y2VydC5uZXQwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+HQYDVR0OBBYEFKDDi0SqN6VFv5eAWtHxeKKb6V2NMH8GA1UdIAR4MHYwdAYLKwYBBAH1eAED
+AQowZTAsBggrBgEFBQcCARYgaHR0cHM6Ly93d3cuY2F0Y2VydC5uZXQvdmVyYXJyZWwwNQYI
+KwYBBQUHAgIwKRonVmVnZXUgaHR0cHM6Ly93d3cuY2F0Y2VydC5uZXQvdmVyYXJyZWwgMA0G
+CSqGSIb3DQEBBQUAA4IBAQCgSFuCAfZNSLg5VTWcgHpTmdVa/7FxO8w5CZRe1trvvgFbXdMe
+2P19T82gQeA0k7/L4oacN5KQVhzc6ykF5cSexzXfigzNxSFD6aqI5TXAGUJjWgJepEgYOoVv
+3J28P52cwYe4emEI6XcLf3Cret3ZlyxkHoW/vHSWocN6EuwMGm6DDDzockaf+0jVXpfmsaH4
+5O9GJZScidtpOL7sXA5Wx2VR5VCIiL9C1Ss95fm6ni6zyvRzkgILvkxm6yD+ucu1mX/mthP6
+yktN2e5TRgY7xk6tk1qBfmwqS2oFRYzyIaQxkIdsZZydpWCVOlJ/9dGrCG7z7lv5iD1+uG9u
+A+RCAAAAAgAmc3NsLmNvbWV2cm9vdGNlcnRpZmljYXRpb25hdXRob3JpdHllY2MAAAF8EFmt
+SAAFWC41MDkAAAKYMIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkG
+A1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T
+U0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNTIzWhcNNDEwMjEyMTgxNTIzWjB/MQswCQYD
+VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NT
+TCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NMLmNvbSBFViBSb290IENlcnRpZmljYXRpb24g
+QXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuBBAAiA2IABKoSR5CYG/vvw0AHgyBO8TCC
+ogbR8pKGYfL2IWjKAMTH6kMAVIbc/R/fALhBYlzccBYy3h+Z1MzFB8gIH2EWB1E9fVwHU+M1
+OIzfzZ/ZLg1KthkuWnBaBu2+8KGwytAJKaNjMGEwHQYDVR0OBBYEFFvKXuXe0oGqzagtZFG2
+2XKbl+ZPMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe5d7SgarNqC1kUbbZcpuX
+5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJN+vp1RPZytRrJPOw
+PYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZgh5Mmm7I1HrrW9zzR
+HM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSgAAAAIAFGRpZ2ljZXJ0Z2xvYmFscm9vdGNh
+AAABfBBZrUgABVguNTA5AAADszCCA68wggKXoAMCAQICEAg74FaQQkaxoXVqyVmRx0owDQYJ
+KoZIhvcNAQEFBQAwYTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcG
+A1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xvYmFsIFJvb3Qg
+Q0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBhMQswCQYDVQQGEwJVUzEVMBMG
+A1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQD
+ExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAOI74RFy3qik06NXqlCijwt3kMmipe4SzpZbAQkgzAGTp04wt1P3Q8RpAFed4o0i3YcG
+QACBCc7OG4O/3807cUbi1mbHBbN2JxaPe54elX3ut0ijCNrWr3oMOQZlf0pdH7wX+Ku+7ijX
+dH96eJlZhWhuXCMyS79OwOhabeNwv3cQv/wB9oXZqEQQWDKpdRjV0aK+R+InavSaM/hJCGCL
+1F+0OoS/oapKTH0+z09fbHZeoEs3kZ7cIuZtzhQajmrL/s2zFGQXx1spnjK/8u760wtC1Ku3
+QTLaDNTv+IHVu41YP7Ub6EkoonDaMQTd97IW8kwKTgeo7Uo9XrV/o5DDrycCAwEAAaNjMGEw
+DgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAPeUDVW0Uy7ZvCj
+4hsbw5eyPdFVMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB
+BQUAA4IBAQDLnDeqSBMSCvrdRJxPUrD0364E9Xl5CKMkGPxLK4TALbnVx/70wR9Yy7htnHp0
+55gpqxG143Cgoc1MiJmTjJFw4qsPHL6Tqf9j1eQHYNOjv51bCfHVjuNT9I5j+j+n27Rm32Jm
+1tFuQY3yLbXqd0qfnVjiK1nAQCPtLSiCRT55VJImmOCASKg37/DWeWAW3qzoDs1urEQXOC9J
+2uFFPiq5NlPPOlAG9y7oxFdJbGEhGNUErXg8LDqAa6frrxUU6diJwbk4bOKRbIr/ZLl3JVcw
+wBsko+Hc6d9HfLW0JAgFMOwtvQu/Rb9Quanz65gBEq3IiMaYNF+NCjzG6dWVlW3eAAAAAgAY
+ZC10cnVzdHJvb3RjbGFzczNjYTIyMDA5AAABfBBZrUgABVguNTA5AAAENzCCBDMwggMboAMC
+AQICAwmD8zANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJERTEVMBMGA1UECgwMRC1UcnVz
+dCBHbWJIMScwJQYDVQQDDB5ELVRSVVNUIFJvb3QgQ2xhc3MgMyBDQSAyIDIwMDkwHhcNMDkx
+MTA1MDgzNTU4WhcNMjkxMTA1MDgzNTU4WjBNMQswCQYDVQQGEwJERTEVMBMGA1UECgwMRC1U
+cnVzdCBHbWJIMScwJQYDVQQDDB5ELVRSVVNUIFJvb3QgQ2xhc3MgMyBDQSAyIDIwMDkwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTskrPekfvdZsj+jov1lBFiTU6xmvb/tsA
+aKjgAxEdN1AIn01KaJQ1s1PRlGOnIFav3lF47Co980hIUD4K30ZViydtwxBNDZFSQ9iH4F1O
+NrUhyl85QARfW37Mo8YrqUAe2TaE1kjzkh40RiAkwaRRjkoa71A/aV0Zf0XDxwGPUckj6HKu
+tLxWCX8SyxyxrymQCslVzA/TtBrtRzVaSu2ccwQh0Kq9DBO1AMombMRrDJRalZTaUJrx/6Ur
+ZjGkyTig3x0fuAku86foZ1KrlR/gRj7YpMPKWsUxgOhImp+Uaf4Z3dhzfIHKlt6O7bMyBWWE
+NObm/VcQtV92vy+wEA3FAgMBAAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
+BBT92hTEnzDeIb0eQjn8q2MjSeDxhDAOBgNVHQ8BAf8EBAMCAQYwgdMGA1UdHwSByzCByDCB
+gKB+oHyGemxkYXA6Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQvQ049RC1UUlVTVCUyMFJvb3Ql
+MjBDbGFzcyUyMDMlMjBDQSUyMDIlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0
+aWZpY2F0ZXJldm9jYXRpb25saXN0MEOgQaA/hj1odHRwOi8vd3d3LmQtdHJ1c3QubmV0L2Ny
+bC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yXzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUAA4IB
+AQB/l9swyN+knH0heoBwzhQSaYgUlWBEAayy6TBPm1DCZth+jTC1cDHp4mnH83DbIBWG0A3w
+vqwBdYTOfp9Nv7dgO5zzyh3iXmjYo52X5UBg0jYh/tC0uBfadKN/1N+wmAKsb2trLCUkcqFl
+7iVa5eYy5/Lfq0n685BpI9sE2edcWPxl1Je+zPwuCswlKjUE+GCRFXU9Qf8jHxnIbOuCUwSm
+5EwiTY2Mus5bc+xkVFBt0ZxV+2nDNsOMvDyFpmsKJg3gk5hgrn7GJJeKYV+RjmaSCYc2zYub
+LT72UdRQ1FkovYPyzCh7U4Zt2CaIcNfqkc0+ucrAkG5axl50Zddc/qPiAAAAAgAsc3RhcmZp
+ZWxkc2VydmljZXNyb290Y2VydGlmaWNhdGVhdXRob3JpdHktZzIAAAF8EFmtSAAFWC41MDkA
+AAPzMIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAO
+BgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVs
+ZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290
+IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz
+NTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290
+dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQD
+EzJTdGFyZmllbGQgU2VydmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58g
+E20pOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpW
+riu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1KTs9DkTvnVtYA
+cMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufehRhJfGZOozptqbXuNC66
+DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFBrMnUVN+HL8cisibMn1lUaJ/8
+viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
+BAMCAQYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IB
+AQBLNqaEd2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSd
+HynVv/heyNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdBy
+Pq1zqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkdiEDP
+fUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jza
+YyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6AAAAAgAOY2VydGln
+bmFyb290Y2EAAAF8EFmtSAAFWC41MDkAAAZfMIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZB
+bcTjpuEwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3Rp
+czEcMBoGA1UECwwTMDAwMiA0ODE0NjMwODEwMDAzNjEZMBcGA1UEAwwQQ2VydGlnbmEgUm9v
+dCBDQTAeFw0xMzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjdaMFoxCzAJBgNVBAYTAkZSMRIw
+EAYDVQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYzMDgxMDAwMzYxGTAXBgNV
+BAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDN
+GDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sOty3tRQgXstmzy9YXUnIo
+245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9MCiBtnyN6tMbaLOQdLNyzKNAT8kxO
+AkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPuI9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8JXrJ
+hFwLrN1CTivngqIkicuQstDuI7pmTLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16
+XdG+RCYyKfHx9WzMfgIhC59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQw
+FsWq4NYKpkDfePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBB
+e3YzIoejwpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWTCo/1
+VTp2lc5ZmIoJlXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1kJWumIWmbat10
+TWuXekG9qxf5kBdIjzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5hwjCxAnxl4YqKE3idMDa
+xIzb3+KhF1nOJFl0Mdp//TBt2dzhauH8XwIDAQABo4IBGjCCARYwDwYDVR0TAQH/BAUwAwEB
+/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1Ud
+IwQYMBaAFBiHVuBud+4kNTxOc5of1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsG
+AQUFBwIBFiNodHRwczovL3d3d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBk
+MC+gLaArhilodHRwOi8vY3JsLmNlcnRpZ25hLmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+g
+LYYraHR0cDovL2NybC5kaGlteW90aXMuY29tL2NlcnRpZ25hcm9vdGNhLmNybDANBgkqhkiG
+9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOItOoldaDgvUSILSo3L6btdPrtcPbEo
+/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxPTGRGHVyH41neQtGbqH6mid2P
+HMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH60BGM+RFq7q89w1DTj18zeTyGqHNF
+kIwgtnJzFyO+B2XleJINugHA64wcZr+shncBlA2c5uk5jR+mUYyZDDl34bSb+hxnV29qao6p
+K0xXeXpXIs/NX2NGjVxZOob4Mkdio2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd8VRY+WCv2hik
+LyhF3HqgiIZd8zvn/yk1gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS6Cvu5zHb
+ugRqh5jnxV/vfaci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaYtlu3
+zM63Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayhjWZS
+aX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw3kAP+HwV96LO
+PNdeE4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0AAAACABNhdG9zdHJ1c3Rl
+ZHJvb3QyMDExAAABfBBZrUgABVguNTA5AAADezCCA3cwggJfoAMCAQICCFwzy2IsX7MyMA0G
+CSqGSIb3DQEBCwUAMDwxHjAcBgNVBAMMFUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UE
+CgwEQXRvczELMAkGA1UEBhMCREUwHhcNMTEwNzA3MTQ1ODMwWhcNMzAxMjMxMjM1OTU5WjA8
+MR4wHAYDVQQDDBVBdG9zIFRydXN0ZWRSb290IDIwMTExDTALBgNVBAoMBEF0b3MxCzAJBgNV
+BAYTAkRFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYU7l28qOy47z6bzKTW+
+zxisPqrZ+E2gPhpHubya3/L+zD5H6HqWwiSONfSpDPyC/W3BcmInvepr6+eKzFQ+kFDPgNSV
+++i1gtQUxbapVSVX27FQ9rBgZFl6ac8Dt28Nvso+b3Ry6qowKnNivkmRYcgR/g4DKvdqINwC
+FQ1eFWr844LBtcWdZAlso1mYByfHG5YrYXRxbEPx9zWJEOCe7FWhNyKihwQFLEd9tBy5Yilm
+KMq34ZP1pJQDmblwhbXmSOqNUPzZ3sxvBw7dC3KdgDAWB5U/KA79xXVPU9Z0mrQkLo4Ckc92
+xZseVXSceCGx8C3xC5/C1ZYYH/BUInqMBwIDAQABo30wezAdBgNVHQ4EFgQUp6UGsSymCWDu
+0ZfpcK68Oxls2yEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSnpQaxLKYJYO7Rl+lw
+rrw7GWzbITAYBgNVHSAEETAPMA0GCysGAQQBsC0DBAEBMA4GA1UdDwEB/wQEAwIBhjANBgkq
+hkiG9w0BAQsFAAOCAQEAJnc025RIhipBnSw+BpBgxIysC1S4H7l70wc55Po+e7I9Tu2fI72X
+82tc7+79QKbfoZOhCoas7yDQeQG9ePcZ2CQxNAQBproVmsMn3NhPD8wYY/+ZDw6Ra3UW4SH8
+2CbHR7emz1hycX664U2VRzvJr22htMHsifa0Dzi14mTcJc+m2+uaXJmhxQje/eba1dZaRQzE
+t8K1FO+0Ef8OFbX19dvGvetap/BWIqk8ZVTGFai9hp7Ng5ZoenGBieEL4eoRG2gIzGme7J5B
+nkQyJnrihwpxPevkWqTS28XNxt5gf7nzT0SS7yq3GD6nGdkLfbE3QUKwumAd8v4JEbDwh3un
+nQAAAAIAE2NlcnR1bXRydXN0ZWRyb290Y2EAAAF8EFmtSAAFWC41MDkAAAXEMIIFwDCCA6ig
+AwIBAgIQHr9ZULjJgDdMBvfrVU+17TANBgkqhkiG9w0BAQ0FADB6MQswCQYDVQQGEwJQTDEh
+MB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2Vy
+dGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0Ew
+HhcNMTgwMzE2MTIxMDEzWhcNNDMwMzE2MTIxMDEzWjB6MQswCQYDVQQGEwJQTDEhMB8GA1UE
+ChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDRLY67tzbqbTeRn06TpwXkKQMlzhyC93yZn0EG
+ze2jusDbCSzBfN8pfktlL5On1AFrAygYo9idBcEq2EXxkd7fO9CAAozPOA/qp1x4EaTByIVc
+JdPTsuclzxFUl6s1wB52HO8AU5853BSlLCIls3Jy/I2z5T4IHhQqNwuIPMqw9MjCoa68wb4p
+Z1Xi/K1ZXP69VyywkI3C7Te2fJmItdUDmj0VDT06qKhF8JVOJVkdzZhpu9PMMsmN74H+rX2J
+u7pgE8pllWeg8xn2A1bUatMn4qGtg/BKEiJ3HAVz4hlxQsDsdUaakFjgao4rpUYwBI4Zshfj
+vqm6f1bxJAPXsiEodg42MEx51UGamqi4NboMOvJEGyCI98Ul1z3G4z5D3Yf+xOr1Uz5MZf87
+Sst4WmsXXw3Hw09Omiqi7VdNIuJGmj8PkTQkfVXjjJU30xrwCSss0smNtA0Aq2cpKNgB9RkE
+th2+dv5yXMSFytKAQd8FqKPVhJBPC/PgP5sZ0jeJP/J7UhyM9uH3PAeXjA6iWYEMspA90+NZ
+Ru0PqafegGtaqge2Gcu8V/OXIXoMsSt0Puvap2ctTMSYnjYJdmZm/Bo/6khUHL4wvYBQv3y1
+zgD2DGHZ5yQD4OMBgQ692IU0iL2yNqh7XAjlRICMb/gv1SHKHRzQ+8S1h9E6Tsd2tTVItQID
+AQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSM+xx1vALTn04uSNn5YFSqxLNP
++jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQADggIBAEii1QALLtA/vBzVtVRJHlpr
+9OTy4EA34MwUe7nJ+jW1dReTagVphZzNTxl4WxmB82M+w85bj/UvXgF2Ez8sALnNllI5SW0E
+TsXpD4YN4fqzX4IS8TrOZgYkNCvozMrnadyHncI013nR03e4qllY/p0m+jiGPp2Kh2RX5Rc6
+4vmNueMzeMGQ2Ljdt4NR5MTMI9UGfOZR0800McD2RrsLrfw9EAUqO0qRJe6M1ISHgCq8CYyq
+OhNf6DR5UMEQGfnTKB7U0VEwKbOukGfWHwpjscWpxkIxYxeU72nLL/qMFH3EQxiJ2fAyQOaA
+4kZf5ePBAFmo+eggvIksDkc0C+pXwlM2/KfUrzHN/gLldfq5Jwn58/U7yn2fqSLLiMmq0Uc9
+NneoWWRrJ8/vJ8HjJLWG965+Mk2weWjROeiQWMODvA8s1pfrzgzhIMfatz7DP78v3DSk+ysh
+zWePS/Tj6tQ/50+6uaWTRRxmHyH6ZF5v4HaUMst19W7l9o/HuKTMqJZ9ZPskWkoDbGs4xugD
+Q5r3V7mzKWmTOPQD8rv7gmsHINFSH5pkAnuYZttcTVoP0ISVoDwUQwbKytu4QTbaakRnh6+v
+40URFWkIsr4WOZckbxJF0WddCajJFdr60qZfE2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyR
+VJ12AMXDuDjbAAAAAgAaaWRlbnRydXN0Y29tbWVyY2lhbHJvb3RjYTEAAAF8EFmtSAAFWC41
+MDkAAAVkMIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK
+MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3Qg
+Q29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBK
+MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3Qg
+Q29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCn
+UBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZsh
+q0PirK1ehm7zCYofWjK9ouuU+ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN
+2WIrvyQfYo3fw7gpS0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9
+t++uP0D1bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi
+T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCLvYf5jysj
+CiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjKVsk9+w8YfYs7wRPC
+TY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzVWYfCP04MXFL0PfdSgvHq
+o6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAgxGds8AgDelWAf0ZO
+lqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6
+aMN7/zHwcz09lCqxC0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcN
+AQELBQADggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH
+6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqa
+s6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cnd
+JZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7v
+mrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0
+jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpC
+dNTDd1lzzY9GvlU47/rokTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyq
+orkqG5w2gXjtw+hG4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0
+K+l+J6fZmUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A
+7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6HAAAAAgAbc3RhYXRkZXJuZWRl
+cmxhbmRlbmV2cm9vdGNhAAABfBBZrUgABVguNTA5AAAFdDCCBXAwggNYoAMCAQICBACYlo0w
+DQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRlciBOZWRl
+cmxhbmRlbjEpMCcGA1UEAwwgU3RhYXQgZGVyIE5lZGVybGFuZGVuIEVWIFJvb3QgQ0EwHhcN
+MTAxMjA4MTExOTI5WhcNMjIxMjA4MTExMDI4WjBYMQswCQYDVQQGEwJOTDEeMBwGA1UECgwV
+U3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFhdCBkZXIgTmVkZXJsYW5kZW4g
+RVYgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOPHfon5JEs60jOD
+NSxp7NwJpONRqCUrebgIPeCRuoSFxoWkyubJLlOkySQe/VVmcV0sxWBoBLfZwlImOIik1jtA
+psLNP82Yk7NUFFiWVdVQ/oatpGN/XIf2juYnkmcXkgIDLNzWZnTt3Wf/wWGNY08Pm20XMCbv
+q9IfEKD5xX8WaYEDR+0eaI1yoU2yJsa6bF9t1q/RsROOqa3zXml1Jhg+QSshf+6LXQcGnUPE
+KQor/Co+hss8gzr5yQ3axZnivHhBM3bhvy9d5aSYUAwV3eD6nH84aNCypnqn0TG9fopYJ0Oz
+ujOR06eYFVya5tMPddn8QZiXPqol24+SLrB7DF/xY6k3+Zt1aUwoJiXa1fIScEVV499zXjf1
+IWyQjjVaydMj69PAvnisQihYZqVGbXAC1xD5S1T8XYZKh89/ykWsEVq1IFGNL4hHlznAz7rA
+QgFAmUghC2un0v2W1dG+Rp1J4AumoCJOONDBPDC8cI8sdczQxYxROz2UCGQmYX25w2WPFJwh
+0Kr9F3IDj72bjOZeU565ne+Cu+G84nJBWyGU00U3lNHfCTld5yOqmh3KbagKhoWKgr5CB9by
+OIJz2odb5TzTnj6nO570A7P58X0TdAL/u6Hl+gB5HKZmQYhcYFemLgnEuv2az6cfQMO7zFoK
+VUs7OHZRuGOLhJQW5lbzAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgEGMB0GA1UdDgQWBBT+qwCQmJ4k/KnMGor7J7i/MG6oOzANBgkqhkiG9w0BAQsFAAOCAgEA
+z3csbla+TrO2hACUq0fJDdJ2x4afHQfTtrS7CHivadILSd4zxaytwogCfQa3NQLBYMm/xOiU
+3tTTqRMlWv5uoq59Bdx982zwfqaN7tnXzlgX6KkprnNIh+ebym4poWRfGRP3rgYQ/1HGm01V
+JU+TmRABU3XxE87HpkFB0r+IpX9F/Ky4pbUzDILE+wf2auUlhF8GysGGORHbWM13OyzCTA9e
+muPwqz5hG1AkwsD08RnwESm2pRgCm9djTHCMR6MDQ1y5XUagDW//WY6+3Z9yw1sr34xbzuUM
+RmySsgqjTFRCGBUSGL3a/Lp0bv/BtqBk2KlfVa6fXGp2lthzZ4f7TX9c7mnKcxD7iqn9nr02
+OElJh/QOFPDph7g/p096Wo551JPku2hShKxs6fOYcFVyMvk0qytJtc0gYuQ6emdjq5bcba6X
+7PyfdlaILmbPW7bJpLDXBbrhJy+TuyYqopOwG/OOvh1Ao7k2jz6CGhpeiOpQ+Fnig0YpC+NE
+XOGVtmmQmhRvl66Bz2jvmZq+tefhf/j6E0cWTMxtCEDni3hvUIJEUD9mBoqrQ4RWSg8gLYYO
+9dLb0nqKS82l6E7xXiYlAVkjoH7S9n4hV9cnvBVXTKRGweCDHgxMTR9PBhni+aj0OoKhsnlD
+edatb3onkAOk6iSHP9m92enyX1BJHO7s1y4AAAACACV0dWJpdGFra2FtdXNtc3Nsa29rc2Vy
+dGlmaWthc2ktc3VydW0xAAABfBBZrUgABVguNTA5AAAEZzCCBGMwggNLoAMCAQICAQEwDQYJ
+KoZIhvcNAQELBQAwgdIxCzAJBgNVBAYTAlRSMRgwFgYDVQQHEw9HZWJ6ZSAtIEtvY2FlbGkx
+QjBABgNVBAoTOVR1cmtpeWUgQmlsaW1zZWwgdmUgVGVrbm9sb2ppayBBcmFzdGlybWEgS3Vy
+dW11IC0gVFVCSVRBSzEtMCsGA1UECxMkS2FtdSBTZXJ0aWZpa2FzeW9uIE1lcmtlemkgLSBL
+YW11IFNNMTYwNAYDVQQDEy1UVUJJVEFLIEthbXUgU00gU1NMIEtvayBTZXJ0aWZpa2FzaSAt
+IFN1cnVtIDEwHhcNMTMxMTI1MDgyNTU1WhcNNDMxMDI1MDgyNTU1WjCB0jELMAkGA1UEBhMC
+VFIxGDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxpbXNl
+bCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0wKwYDVQQLEyRL
+YW11IFNlcnRpZmlrYXN5b24gTWVya2V6aSAtIEthbXUgU00xNjA0BgNVBAMTLVRVQklUQUsg
+S2FtdSBTTSBTU0wgS29rIFNlcnRpZmlrYXNpIC0gU3VydW0gMTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAK91MDOqu2vTmSwSN4TZjXuXgNNu5/+bUJU+kJVWQtcZfCaEjZL6
+AR06D+JkOLeMvOiI+Yskqy6j9TfkQI4YJXmDdR87/2yoxcZW+LTtikSjq2xM/B3Q3O9ovc/k
+qs7wVfeiNNSDazd8HML+tQPsV868tLXF7QAPUzcqTfRPDIP7hs/L/oxOvYf5p4shV5x63wNn
+iSydl2GnELhVkH8OLSc4dN/n/dpOEuNNFSICyODg/A+titfJVFDMOw/KFoCE0FFWw45Wf4ki
+My/mhQq9pagbNt7T3CxtO8cTvVkjLOblpPfYC+3qkEBEqJW7k9XQgDS2RngOHwCTRuHu6fns
+TxcCAwEAAaNCMEAwHQYDVR0OBBYEFGU/x4qGxjzdPFRcNfg67VIMR1fIMA4GA1UdDwEB/wQE
+AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAqP+HxMo6u4ZhcS17P
+ax5qCdIiqRLHXld9c1ZkgIR6k+QJuRDNnyon4QB3vkjINaiBn+S4LMl/DrDSSzdd6rnVC140
+vfRzKcPtJhWcfghTiliN0Eso38Gz3yDz+ePjOt/MnJTYTk/Daxe393LorWYztSVTq+D4TKmd
+/fINuq652arGa/mTu66ruJc8Axq6Q8aWuUVyOLOnoZY9kXt+wCFTTIft8gtUlVGT1SKlDYrx
+kw4+VA6w2MlO3PIxMlbqZPnqtZ0WZkJy83/TsTFD/KSOF/FtI6uUZvit+w8IbiYtfxcHCbKM
++1DAn5aNz7b9AJ1aFJq/AkT1wcKfIl6iD6HjAAAAAgANdHJ1c3Rjb3JlY2EtMQAAAXwQWa1I
+AAVYLjUwOQAABCQwggQgMIIDCKADAgECAgkAhIIsXxxi0EAwDQYJKoZIhvcNAQELBQAwgZwx
+CzAJBgNVBAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw
+IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29y
+IENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3IgRUNBLTEwHhcNMTYw
+MjA0MTIzMjMzWhcNMjkxMjMxMTcyODA3WjCBnDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBh
+bmFtYTEUMBIGA1UEBwwLUGFuYW1hIENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMg
+Uy4gZGUgUi5MLjEnMCUGA1UECwweVHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
+FQYDVQQDDA5UcnVzdENvciBFQ0EtMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AM+P4BG1n6h2dtvfD1Tvc2Mpgq1HxqNr7f5fM/hDUekaM5ExF6B0xNSnAeaykj5qne0O+XSY
+QNM/A4AGgkDoseKnUacdgyZrq976F5Er2MasHrGeGQHVl6bqDbfEVR8nfNII1XYfKRWHQDnd
+OEURddCapzTgv83IUh25R34NuLvGDPZzVxZafkORH1U6xm1EBKqcqZynTIkXg66jBF5SgIse
+EiURGdcMfX0xREHq26+wHO+B0CzFmiGbPe1CO1Am8uzOcWEGYiFUTn/BnT5/IIyAyyrYl2LI
+gzORfbCiWg9X6DvM8iWy1Hwv7E3GoToVeue2XTX19khKNkVm1LqYWMECAwEAAaNjMGEwHQYD
+VR0OBBYEFESeSPXMbUjUoEt//lkkL4OXmZqGMB8GA1UdIwQYMBaAFESeSPXMbUjUoEt//lkk
+L4OXmZqGMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUA
+A4IBAQAFPjVcFXCbycdzYW9yK9TCj/JDXQLOxJS5lBGDZ13iZ2x1dr+7DKo2xq1Hk2PcHn7W
+3i7+6RkyOAN/FPYAcyxZsSEG4fusGJUMo/+ZlvcrJ5vVJMwd3cE64JhEsMTkPnexc6lkLPYc
+AXw/XUWFwIXnJY+V3BfzPJ8abrDK4x0q6Uxj+iRhYtbafrYcbPUCHdQq3VWQ6yoRRzwuXnSy
+giKlfVMfRewnkX3nIhbowGg22MbxT4BEMvnh0dEdqt6oq5wEr60gDmSYTaVrwEhYlmlN3AeM
+UZOi358PPYtgtIKNqghOYkXg+QvS4OA8W95ccSclwuYDgYsQU+PHVaK0n9fmAAAAAgAPZW1z
+aWducm9vdGNhLWcxAAABfBBZrUgABVguNTA5AAADmDCCA5QwggJ8oAMCAQICCjH15GIMbFjt
+1tgwDQYJKoZIhvcNAQELBQAwZzELMAkGA1UEBhMCSU4xEzARBgNVBAsTCmVtU2lnbiBQS0kx
+JTAjBgNVBAoTHGVNdWRocmEgVGVjaG5vbG9naWVzIExpbWl0ZWQxHDAaBgNVBAMTE2VtU2ln
+biBSb290IENBIC0gRzEwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBnMQswCQYD
+VQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9s
+b2dpZXMgTGltaXRlZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBHMTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJNLu+lmiu6dW9U0k9AbHsPnnrhkM39jeGi0zS5xddeb
+IMZNKby2aGCK9yGaVjVa83a92M2a/5NWS6VZBqGTNCndFjR1TvKBtMeWTq0ZFVJK/jxwdXDN
+ryurFZozPKqzi6rNQ/316nD/7c8RO5TOTjIW0yNAKnezrzwBLGztmSyL2U5pmLL3j0GwMnhh
+1g1fw/qiQJIdXBfmcD4156K3wmLiq6Q4TLU5NW/qA2n6OlRohW3W8i9DVR6RDQ7Y1WqkltET
+PCx4UOg6ktIXVuU1GkAcPo0s7TnfQuCDQXTfo83ChmBIaONpC1QAi+R2aSENeU40CF4Uwsyx
+t63XfHCKx4UCAwEAAaNCMEAwHQYDVR0OBBYEFPvvDYaesOPdqbnxIRd/PvzwdysaMA4GA1Ud
+DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBZ//KM9Yd9
+cT2jnxtb0dr405xrNr2bqWHr3hYsdD2e5nXa17qnvEIX5z2R6+V93T6c8c+SrGxIzMIiP2k7
+xbYVL6M1xmgqHFevOe+N0DXDGAx7AFYczYsZdN6+DxLg0KqhPwI0sXDOnRjWCAMJRu5g4H62
+xEkEUX1wYLyqsv95cnqmHT1fKvjK4v05t0e5637fBCOv+pwGB+n7Y5OAQLXGbAoxKM4Mn8+z
+IzWAQY1sxDd7gS+AoUBChenZOI3ooVPNAb9p6FoG8kULkPqu4b+d8q5XPKWuslb0i2VA6f0x
+gSz0OQnY7muntKYdFaWY9wGB2IV981FccYjeuswfgH5KAAAAAgAPdWNhZ2xvYmFsZzJyb290
+AAABfBBZrUgABVguNTA5AAAFSjCCBUYwggMuoAMCAQICEF3fsdpao+1dvlplIGUDkO8wDQYJ
+KoZIhvcNAQELBQAwPTELMAkGA1UEBhMCQ04xETAPBgNVBAoMCFVuaVRydXN0MRswGQYDVQQD
+DBJVQ0EgR2xvYmFsIEcyIFJvb3QwHhcNMTYwMzExMDAwMDAwWhcNNDAxMjMxMDAwMDAwWjA9
+MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBHbG9iYWwg
+RzIgUm9vdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMXmK2987yYFJ6OBJNpv
+ywH5mZqpMsIih2FBkTvLw2gbBsVMqSvBZxciHSvt+SmJk6J4vZJroKMNon7Kk7Om0Yw11XX5
+F/bPRcXleux3k6CPI64OGgN/vtTQ7S57q0YjW/8s5lR6lMAqFfDJjbB6OyTh12jiMTwGM0a2
+VBGmpS8iVCpYDQEC8foVUWdswPrXtht/0VaILxo6jTu7ghHgRwDQUoer+4Z+DyRrQJ00Z7yN
+xy2Gb3k+jqk8F0t/sJnjsHFg3Av1ZMPOQ7xtcbnS3idbiujYxq7hWX3PKC01uJVWGvGyWEu3
+EjfIfLPtS4DhjfoyI7Zvt0iVCLFEToWMOgJUIC/fv1dPOzqQIdfBJjVUIOzHP0fs71q/S3rB
+rTsXUFxi2A9LStwr+m68c5LN7MdQ6EGW16l+bdjpHY+KtblYkrpKkisMVv2A6wjwXiluGxwM
+r4+Tia3bvaOeIcqJGezftcMa6xb+eDZM1m7QPhcckBdrJrr7ei+/ERwYDi1zA4+g5TWgWuJM
+dR1x4Tk4U3hAzIOT1wqenVuPiuTl4EjkSLJHzU4qdSp78iL2yb4JkZZXeoiIrO5wrPncKeMM
+HDsSTkTWp06wJsjz2RqXkWjq741GBtJWRViaPAwPg7gFJcM5zzukNIm3eRIvR8XnqZdp/KZ3
+Z7Xfe/F6ZRXkYVZlAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
+MB0GA1UdDgQWBBSBxIzM9eQw/6UMCF+MFWchdAHf3zANBgkqhkiG9w0BAQsFAAOCAgEAE2Ui
+9Y4rrUTky/+5aObDgEg9BHv6Iy967Tbass5t9uae5V9Yj8s3MqHIZbauOD01Gz68O7YE0Lz5
+SfWb94XFNrbLvPjIOdXkXwe9FVSXdMrK7U+6umR2n4G4hEVJTI1vouuxzNHDlNpEwubi6hjo
+oh8nBbrX5dapzd3vdpiNAA7NG/oDt46AWA4nP1L7lKLKXmXJ1oTauTVx8ybAT3fmgSfSdzua
+FG959PbQ4dOUutBXUb0nBQ3B/cgSMO5vjRErCJ3U1L+ARRSaiETaMOq0p+Pu71uC1T7WrXiS
+21w889it+rhrf8Q2KLYCFYpULJywF3OO0DejFDyYlQAMKQVbnklJsV/H48vPJ2WONRe3V8gw
+2UFbuRS26MIPlDGnlJjMauu14Sf1EKgB6I4SYuiIzLV/RpfAmxBmOBo2Rl8iaD3fycYTJ6tT
+BqyiPIYGZW+xfrEpRJqjuklpKGmP1+VfrQSGZG8aoAzFCGLOgKPQ8+xo3r4zxxdbf4DETEyx
+poSKwzu4Cc0UgboY41RXNv7bL3xHoTozyPlYO0RPscoCiQSWKGjFS7gmibvWMy9Q1f6aiboY
+MpJUxlvgnfle5Q0im/ba4sghsmIhqoZAsi5k01/I434RZ0UfBf7jou+zqLPzfY/4DB8iHy1w
+tLgBNHYwAOUjeKdW11AfivsG9cIZ8NAAAAACABJlbXNpZ25lY2Nyb290Y2EtZzMAAAF8EFmt
+SAAFWC41MDkAAAJSMIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQsw
+CQYDVQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNo
+bm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMwHhcN
+MTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBrMQswCQYDVQQGEwJJTjETMBEGA1UECxMK
+ZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEgMB4G
+A1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQj
+pQy4LRL1KPOxst3iAhKAnjlfSU2fySU0WXTsuwYc58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyz
+dc6LBtCGI79G1Y4PPwT01xySfvalY8L1X44uT6EYGQIrMgqCZH0Wk9GjQjBAMB0GA1UdDgQW
+BBR8XQKEE9TMipuBzhccLikenEhjQjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
+/zAKBggqhkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+DCBeQyh+KTOgNG3qxrdWB
+CUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7jHvrZQnD+JbNR6iC
+8hZVdyR+EhCVBCyjAAAAAgAbc2VjdXJpdHljb21tdW5pY2F0aW9ucm9vdGNhAAABfBBZrUgA
+BVguNTA5AAADXjCCA1owggJCoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwUDELMAkGA1UEBhMC
+SlAxGDAWBgNVBAoTD1NFQ09NIFRydXN0Lm5ldDEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVu
+aWNhdGlvbiBSb290Q0ExMB4XDTAzMDkzMDA0MjA0OVoXDTIzMDkzMDA0MjA0OVowUDELMAkG
+A1UEBhMCSlAxGDAWBgNVBAoTD1NFQ09NIFRydXN0Lm5ldDEnMCUGA1UECxMeU2VjdXJpdHkg
+Q29tbXVuaWNhdGlvbiBSb290Q0ExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+s7P+f9Ntse8WfFelDG12ii9Lv2T7TO6K8PMpfPX/7irg6em6W2QimppvLDomaVEFmSbc1Rxq
+ccaafR6d3XxsxoxnZ0o++HGwGSepCQymlb9LjAz6VZg72OgioUtxOHmsl5Jps4l+6iFoBpgU
+lofSYTa8bSdWnlfuwMBW/TLPpNmOwiPXjajz2CWsl+RwOPS2OrSdO5cmQ6OhvElZckwjMIcB
+WPZOvhxoVmavzUFdyLNNKlVGqx/aHuJAPdvNfbmSgJw33QyWZJ3cIvdki99h3hWUUhWgfVLJ
+S6ghycax7cvDlWDRD/CrcPjfy01+7Nb6q9m9f1Typel5+tnWdiQocwIDAQABoz8wPTAdBgNV
+HQ4EFgQUoHNJmWjchVtl45soL1efvTO8B0gwCwYDVR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMB
+Af8wDQYJKoZIhvcNAQEFBQADggEBAGhAqai75E9debMFtRezYBPrxpJd4NHTav77vpttv8cF
+bVkgxBzwt9qEWAJj+kgW70+lC/dKmPI/nhutR2tjzghH61I/eJyvTa741U/PmpgqEEE5UsTd
+2ZsO75MBrrIuymhCJEJssLM6Ps3p2kjEFcvp+QcPklBJit0xl1/J6TeqO1lll5QyybOfPjpi
+WMVJrWIOcaUyqi/GiXZDQBMTZz2iVCUQy/E68tn620lWu6b+p0E1w+CIYcmIx982ECKYWeqw
+SvtWFnNurE33IqFPrR16LUUn5TDBXvLaE8slQlGVRwOMbCHMdELtU/8zi48PVwEWL8+m7slw
+IhS9/b5sCwMAAAACABxjb21vZG9jZXJ0aWZpY2F0aW9uYXV0aG9yaXR5AAABfBBZrUgABVgu
+NTA5AAAEITCCBB0wggMFoAMCAQICEE6BLYqCZeALAu4+NQJG5T0wDQYJKoZIhvcNAQEFBQAw
+gYExCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcT
+B1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMScwJQYDVQQDEx5DT01PRE8g
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5
+WjCBgTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
+BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNVBAMTHkNPTU9E
+TyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBANBAi4ty45Eb91HBG1QEmNOpv8Hmil07h/u7iM4N4y8/BpbwoilQma7bO6FXsHRRcc3t
+QpFNQf6pyNhqhndEu1lml1BetNQscETP2jeVQmk8MMRxs1LwIU2h2Lo5fByeoySd8oMWmKoW
+fEObFVu3rjSR/tRiJhhGmj/rwfnxkFfrrHoNi9tyMGpm1eBGo3DcaNn/BEiJd9616ftnbUHp
+vDm9MtliAvGxqD1uN5ziL+LToiaLxrhVQ4jhIz6l0iQ5akerANShs6kl/g0/px2601HBC6Ta
+rDjvVVAkBWVGkzRPLY2txtQhGdKOygVhcQdzR+WKGRK9BE3OTpylSKy7JvcCAwEAAaOBjjCB
+izAdBgNVHQ4EFgQUC1jli8ZMFTekQKkwqSG+RzZaVv8wDgYDVR0PAQH/BAQDAgEGMA8GA1Ud
+EwEB/wQFMAMBAf8wSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v
+Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwDQYJKoZIhvcNAQEFBQADggEBAD6Y
+npv2G+nXObd4rh1yGEnTh+RDgus/yar1qLXvVXwhUmX51Q3hbPQ+jJNzkS4CxE4HcW/Ajzhh
+CKgegQrALyAvQYuR3EhFvPHG3rp2azPIAC0xRkzt553PiJT/M8BW6CSGJrjYODjfKmvdEszH
+P0cXTKLCBpYJ1tv+PzxGQd9Y4lYPPDvBHJM12ThSrO7I7C4wTpQ1tCQfS3hp2vICOMyVUpPw
+cCVZnCBnxO75i1dh9JJ2fT+EjVW36OWs1fH1GVamWvuQHK+T6+Uc1GeXXQQOvguDpheDuTAS
+oMUzFQW5DfvHBXbj2EqN/DQXo8YhKL4wRTEex3i+WGE4rDviAWUAAAACABF4cmFtcGdsb2Jh
+bGNhcm9vdAAAAXwQWa1IAAVYLjUwOQAABDQwggQwMIIDGKADAgECAhBQlGzsGOrVnE3Vl+91
+j6CtMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYDVQQGEwJVUzEeMBwGA1UECxMVd3d3LnhyYW1w
+c2VjdXJpdHkuY29tMSQwIgYDVQQKExtYUmFtcCBTZWN1cml0eSBTZXJ2aWNlcyBJbmMxLTAr
+BgNVBAMTJFhSYW1wIEdsb2JhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDExMDEx
+NzE0MDRaFw0zNTAxMDEwNTM3MTlaMIGCMQswCQYDVQQGEwJVUzEeMBwGA1UECxMVd3d3Lnhy
+YW1wc2VjdXJpdHkuY29tMSQwIgYDVQQKExtYUmFtcCBTZWN1cml0eSBTZXJ2aWNlcyBJbmMx
+LTArBgNVBAMTJFhSYW1wIEdsb2JhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJgkHr0VtLrfx4ylJ7Y4C2nztk6oLC4hHVxE3yFd
+fiN0/l5+tEq3pq0fruAGFuKbW9lndGtdgI8pnYYb2ZwNmG12EChY5GWwf0qYeZ/gwzF+gCu1
+jMBAOxGG0MuihjZgpNUwgm3ZbtAPEgQzl19PYVrw5PmRq+cdO7zoz/RrLTR84khhHI7zYUTM
+b6BKqZSwTdrnqTR6cjioQcw8lBF968imjLeGy8ozO9k9N4v7ej6GLOdz1wpXrGSbGev0DwQI
+iqwDFxlk9FolIo00LLL2aB0SbdOKHhTaxI+m4iOF1XoNvWrg6ezsF7tCG2eqJe1FgyH8wcl8
+1WI++vLFLdP91GUCAwEAAaOBnzCBnDATBgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMC
+AYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUxk+iPQZjhAmczmLkBKyNXLXpthswNgYD
+VR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC54cmFtcHNlY3VyaXR5LmNvbS9YR0NBLmNybDAQ
+BgkrBgEEAYI3FQEEAwIBATANBgkqhkiG9w0BAQUFAAOCAQEAkRU5AwEbZ/tKHPkKYFuh2k2X
+YvkkUyfXgmROkC7DSRsrmtz8qHhnNfEd8BG9t0jjEPYN3z/SybaqVaRIugLb3lkuFVs7nRZ9
+R9c36l9NdhI2ux/XoYEERiCjLG2pngF+PynOAJPf/cmSc4mJZJ7nK+QckSzSuc59zm8xmdPm
+vtIekPAJFHlcI6tN0tohH02ZeZ3hzyefEJsciA2wimRBMbgObJAkpJtccY+6u34cG9tqgA8h
+vOnbprdA9LKLqbHk75oa0D1pme6oKKPhPLPwshGcz3xA5t3nQ32i2Dq1qY3yNJnE1BDhBv0J
+hBA77sRM9OwnfELCdHyCignJtAMlvAAAAAIAEXF1b3ZhZGlzcm9vdGNhM2czAAABfBBZrUgA
+BVguNTA5AAAFZDCCBWAwggNIoAMCAQICFC71mwIop9t6/9Wjqe69A6DPEmodMA0GCSqGSIb3
+DQEBCwUAMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYD
+VQQDExVRdW9WYWRpcyBSb290IENBIDMgRzMwHhcNMTIwMTEyMjAyNjMyWhcNNDIwMTEyMjAy
+NjMyWjBIMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEeMBwGA1UE
+AxMVUXVvVmFkaXMgUm9vdCBDQSAzIEczMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+AgEAs8sOEGeO6hSXpzIqClY2f2hMx7NvOiMUkf8Zf6XKrO6zdp166Ysbq2sx2/oLU0yvxaUa
+eTyKTP+s3yXeTtmCMgtE3srbjKyjbhaDO6ZkSzKJ+xYWOH7rQ+LTdErCYgpzCt1Js1fSsAqF
+nXE83qPLwDLzATkgQxs10VOzse7Fk2mCPha1KEah3uqJCe1DuAVGiob1WUe+G28BIRC5/anS
+KMoQOQnKEzbPnK2tQHR5KwI/NP/6IGl90+5h9bqz5zDQNyOGcmFFKUhZaG93pi6BvgdNb6/O
+xEUTkRRwBo8fn/iHabEO78OJGevqHGH8emyK3NYDC54muhLd1FQ5qyajM+p1gdotzQ9P5APR
+7xWXG2uQxQKQk2YCIbFH3ouaSoC5VY+1oi/A1jNn2n7Ep7QEROtH++ZYufcM8HsrscBwKcNA
+Yi07SGncIzxI63sJealt2qgwmM+AcgOIpltGrnJ5fAgDIWWut+EcpbEqojHeZgT3wHTocd7/
+PVnMliYSi4WVVxqra3ULRD0RKDx7Ybfij2dP5ew8TGCAaVc4HgFbjVXox9/AzHcjNEl1fPaY
+Eest3u1BLhQFAn/g/iDrNecRrCLOVz3eyTBtEAOFzfH/jBa1wbI+iGxgf5BPlff2La0BOQcE
++nWAfb9JUO3vycR8HOuAftu20N0T/snTnNeyl6kCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB
+/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMYX0Lyo6gJD8hsGmV0rkCC515zkMA0GCSqG
+SIb3DQEBCwUAA4ICAQA0YdlWtRKHVU3dozUxRrukB3K8X2Fi6KX7CzexPLaz+imdfwL1pMmo
+k7d6cShpj3PhUpDa1b465bd2alaAId9d5uk6nuU+9qJpxyoKsBhH3CBwfVKjPll8wbrJyBVA
+Ycpy1nCs0rfwHOSGKfDO72hj0LUgihVhmn6GmLTJwnb7zLowFsyjYcZ0E+Vr76MV6gP+E4tk
+5NPB0uiE+0nREE15Zuuq/fSNMR5wFK3c3mcTTIEVYby32ZF3cRmBYLvwWKW1nAv3jyJVJ8BL
+AW07mQ3UHZtjZy/Q7g3KZryUT6at7fzuY6xXP2Ulz7KGj9AI/7h2FG7e5Sfsq3i1U7m2P+gg
++dKovmFGyoeMhPP58aBomyIegSabEASRccAGH9yg07lWp+OYLX+Dnd+MK5wyjjKU8AE8Iiqf
+Q8Iuw5g5Bzh7/F4AQh/zMiZ5g4T25fDBURLACx4EIwxUpUwvScVK0bZuYA1r/GuLhSRkt4kO
+qyVHWzzPfkm9x+kKxtr3fg4XCNNIl9BxkvAPOT40ahx92PIirrtp9DO0pkhV0Q8OJujstgst
+p4U1zf1ZyJ/RzT5aKTS5PYTOsWXUWZGRVnUhwXee+XrhYJ3TrQQY9HzrXpOPU0oiKfhIKz5N
+hqxbf8sGmVlg2FhllY1E0fd/fid/fa6A9QdMtj6ccVSZBEv9WPmY9AAAAAIAEnNlY3VyZXNp
+Z25yb290Y2ExMQAAAXwQWa1IAAVYLjUwOQAAA3EwggNtMIICVaADAgECAgEBMA0GCSqGSIb3
+DQEBBQUAMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZpY2F0aW9uIFNl
+cnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1cmVTaWduIFJvb3RDQTExMB4XDTA5MDQwODA0
+NTY0N1oXDTI5MDQwODA0NTY0N1owWDELMAkGA1UEBhMCSlAxKzApBgNVBAoTIkphcGFuIENl
+cnRpZmljYXRpb24gU2VydmljZXMsIEluYy4xHDAaBgNVBAMTE1NlY3VyZVNpZ24gUm9vdENB
+MTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD9d6qlHJAFO8tMmzOLWhRFpOeQ
+FtHfV9IhEKQX/d+s1h+n5Nt89+zfuAPalFj9XXJ8jD9fAWd0FZbjAjyH267LAY7C82bGhUX0
+AsY6tWKyr/qcv6Tm1IAwmPMNtpOPqdTYNvKw/IrKLKEVM5Ux2sAb8u5imYZjP7/dkyqDqHa5
+Ex+3zk5ChY8i5y4a8pUJsgW1RE53oSC9qfJOCn1QrfUFDUVPRnH9KD5T+wTYLddlHUob+s87
+sDGaNW7IiwbTAJHylAhlTLE0BgB6ieLwxwNZz9XW6Kcys+aYQIbFzScSi8x7zrcRPGJgByM+
+K0BulIAJbbazb3dvNQhQ+wKHxT6JAgMBAAGjQjBAMB0GA1UdDgQWBBRb+E1PsqWG1DrS8WOa
+oL4J9le33jAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF
+AAOCAQEAoKE4FmYup1YfIZwG+h3tuSLFOCbYTk/so3953kYhoYd3jwcImrKkxa8PMpgLfGYp
+tpt9JVJJQ6tMLituenCvFg7jAmz7QuYYnUXYVcjoO93n4fQuCxw0XGxYSvuMiFBflRy/7asi
+tWWzhbqeD7it5XobilA6Hb0NvHtUUAu5Qq9VoBiBrWWZ777knL/EhatBslRv3CXN7XjijgyN
+CUndY3taaZYCIai9UlnpfTXLyFLKf4H+2WvT9xHtJd/45/mk+nKXhFMNpdAyGFF2WRRsD+vs
+X4CMdUODw4WY/0yeLQ3kd4OTTrWWB4soE5uMGY1BJ0lA7t7mI0Q53KEi1roD8gAAAAIAEmFm
+ZmlybXRydXN0cHJlbWl1bQAAAXwQWa1IAAVYLjUwOQAABUowggVGMIIDLqADAgECAghtjBRG
+saYK7jANBgkqhkiG9w0BAQwFADBBMQswCQYDVQQGEwJVUzEUMBIGA1UECgwLQWZmaXJtVHJ1
+c3QxHDAaBgNVBAMME0FmZmlybVRydXN0IFByZW1pdW0wHhcNMTAwMTI5MTQxMDM2WhcNNDAx
+MjMxMTQxMDM2WjBBMQswCQYDVQQGEwJVUzEUMBIGA1UECgwLQWZmaXJtVHJ1c3QxHDAaBgNV
+BAMME0FmZmlybVRydXN0IFByZW1pdW0wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQDEEt+pX/5B3d31n4rj9qzhPHiavNjwf3qgMyrcjSBbri1v55PZNnBqaM+OUaOFW2cEoBAk
+b10ogsGXV9hIKRO24b6RTd+FDFMYmh4kok+P8KKFC8v0KX/SpFjuJk3Jqqh7mtn6ON5EVxXl
++IzI2UjiDRYnHR7Ig4Ult7qqVUHMAyJLLZGNi+aJr2bH6f8r6Tys2tKzw+FonIn4egBW3vRV
+lWz7umTdYovfC3cy62LMJpqbu6pig0y0BnowyCm/7QZNl7kcxDEr1V+8UxIXnJlXKWZ3YSEx
+By4lSZ0Y8u7zK3GMtbo5B0l3/O8ukpAFjS0vd3vvQ781u5rY+XOnLPLQV+4oTiZfj5BoCS+4
++NwG6S6aPlGn0SLECqc4SGyz+f99q4ZX47rWhXh3ukPqSH/22L4jbR6/0TZsWFzx7qQZVBr1
+A9J25uGMvTyz00hL4sj4f5KodkacQmU+pB7BBwNaRi24l/O31bJVIe+63EwAl/sUlSczv+hD
+R0bSCJkWYDuaftLm7Tjq7AEePEhWSQnHTDcAnogOwHPhb2bpckcwPhDlCwPJmkIAbMWUfmHE
+it9/ghoLWcRZMnezvGBpVjn9tAZ7LNZkNtm9SO2EH36lIo8quEL0grfUU5B4Ti0a/YFvRNc7
+AXSWQuAA4i5r6sXucqy7v/7qqqj43PayeYq2ZwIDAQABo0IwQDAdBgNVHQ4EFgQUncBnpgwi
+2Sb1RaumZVIRJ9hFrGMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI
+hvcNAQEMBQADggIBALNXTRBiTjrkrOq4HK8yI8izSVpRnHYojXmqV0YX1fVS9rdE6AhEvxiE
+0guAzcUS/QBVBWGHQdy1JJ48xNjI+3CeL3iWgyA23nwPaROIpXU2mAimxt+szuNY1rc+3rrz
+6zRA2KKB9Xg/L9Wl/Nmi1F4EDhet/kHw5bJy+kSCM0LoLVj3VoxiP7pCsJwMXH4uZSZcU08A
+snh+oQ2ZLY24HY6ixLD9YNAwpI7IBGKpxO013nqX7Q44XpIvk3ClqZxvp30THX7GCEixXmfr
+UQgl6eYla1IpkZzSOXMIV96ZBrRbnRAG4cIAqLgcSgIKFNDBQcr7jDUhfYI48qlUkRk1k5Rt
+ajrFstC7iYaT6JvJDzqnerih8HhG+vw3L+WKhPPf/gTZoWigLyTiCZUG1ZXK4SSW63z2kwW7
+7XPpLdF1OdfnJNvYTl9Dj57QFDm/VXBImVcxtJzuSpgDljAfYAbuGyP+gWAjGkdihaXMGTSA
+b7OsGuOf8HtIrdUB2We2qXKT6i1mtbK45D08su9MjOrrB7+rNZpVhrwYprWoXrSDbGtpQNOf
+3PHDaWu54W0J9PGqUHYKen16F6FVlkKZMQndYBGNBTB+5o5G0Z0U2scX5AWWjMQktRvPFAey
+QPijnkGGvATQa5bIKoA0/b/vBqPdWMWFPT6P/p4p4La4CWgZHBhDAAAAAgAQZ2xvYmFsc2ln
+bnJvb3RjYQAAAXwQWa1IAAVYLjUwOQAAA3kwggN1MIICXaADAgECAgsEAAAAAAEVS1rDlDAN
+BgkqhkiG9w0BAQUFADBXMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z
+YTEQMA4GA1UECxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTk4
+MDkwMTEyMDAwMFoXDTI4MDEyODEyMDAwMFowVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEds
+b2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24g
+Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANoO5pmNzqPjT4p++/GL
+gyVr6kgf8SqwuZURBL3wY9HiZ2bPHN3PG0gr7o2JjpqvKYBlq+nHLRLLqxxMcAehPQowzRWN
+T/jd1IxQFRzvUO7ELvf86VLykX3gbdU1MI5eQ3PyQenVauOyiTpWOThvBjyIaVsqTcWnVLhs
+icyb+TzK5f2J9RI8kniW1tx0bpNEYdGNx0aydQ6G6BmK1W1s1XgWlaLpyAo46/IkE09zVJMT
+hTobvB40tYsFjLl3i7HbHyCRqwlTbpDOezd0uXBHkSJRYxZ5rrGuQSYIyBkr0UaqSNZkKteD
+NP8sKsFsGUNKB4Xn03z2IWjv6vJSn3+TkM8CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8G
+A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA0GCSqGSIb3
+DQEBBQUAA4IBAQDWc+d8T3bQjb/suqK+NMUoMrV8/GycLCu9CZ5Tv2teqhFItuUIo7PKPWFN
+00YJsz7DoONjVRvyuu+tOeFDuTij5i+KJjvvoFBW+cYK/TjNxAtwUZSXmATfw1+U1RXJFEGc
+xF11ZBUN/1Uw7IaP/w3vLLljRvaq/N+8af0uEkhkmuCV8KbvKY8BsRW1DB2l/mksaSR4HrOn
+HHFi7srIl6wXXYrC+EeGbirEVjGV0GeJhSv5bKZdRp0MqoLkmVHdcLfbVj1h5GrhXNb2/j3e
+QcwHrmNSv1NT9Cvpx/2294JfhdJBGNuBswQcxR+kgG8VIMneDIgKHdZmVeL8SMkpJmngAAAA
+AgARcXVvdmFkaXNyb290Y2EyZzMAAAF8EFmtSAAFWC41MDkAAAVkMIIFYDCCA0igAwIBAgIU
+RFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQELBQAwSDELMAkGA1UEBhMCQk0xGTAX
+BgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBH
+MzAeFw0xMjAxMTIxODU5MzJaFw00MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYD
+VQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzMw
+ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFh
+ZiFfqq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMWn4rj
+yduYNM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ymc5GQYaYDFCDy
+54ejiK2toIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+O7q414AB+6XrW7PFXmAq
+MaCvN+ggOp+oMiwMzAkd056OXbxMmO7FGmh77FOm6RQ1o9/NgJ8MSPsc9PG/Srj61YxxSscf
+rf5BmrODXfKEVu+lV0POKa2Mq1W/xPtbAd0jIaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB
+1PLKFAeNilUSxmn1uIZoL1NesNKqIcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt
+9DTEceT/AFr2XK4jYIVz8eQQsSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0y
+kRVKYnLP43ehvNURG3YBZwjgQQvD6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9
+Uy3l7ZizlWNof/k19N+IxWA1ksB8aRxhlRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALGcC4B
+rTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4E
+FgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZIhvcNAQELBQADggIBAJHfgD9DCX5xwvfr
+s4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66AarHakE7kNQIXLJgapDwyM4DYvmL
+7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RCroijQ1h5fq7KpVMNqT1wvSAZYaRsOPxDMuHB
+R//47PERIjKWnML2W2mWeyAMQ0GaW/ZZGYjeVYg3UQt4XAoeo0L9x52ID8DyeAIkVJOviYeI
+yUqAHerQbj5hLja7NQ4nlv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgzdWqTHBLmYF5vHX/J
+HyPLhGGfHoJE+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jw
+DQHVcsaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtddbIN
+WQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNgKCLjsZWDzYWm
+3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeMHVOyToV7BjjHLPj4sHKN
+JeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4WSr2Rz0ZiC3oheGe7IUIarFsNMkd
+7EgrO3jtZsSOeWmD3n+MAAAAAgAVYWZmaXJtdHJ1c3RwcmVtaXVtZWNjAAABfBBZrUgABVgu
+NTA5AAACAjCCAf4wggGFoAMCAQICCHSXJYrHP3pUMAoGCCqGSM49BAMDMEUxCzAJBgNVBAYT
+AlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3QgUHJlbWl1
+bSBFQ0MwHhcNMTAwMTI5MTQyMDI0WhcNNDAxMjMxMTQyMDI0WjBFMQswCQYDVQQGEwJVUzEU
+MBIGA1UECgwLQWZmaXJtVHJ1c3QxIDAeBgNVBAMMF0FmZmlybVRydXN0IFByZW1pdW0gRUND
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEDTBeGxWdA9CheTW3OjySesoVHM1i85wmXAc95VT6
+o9bMEur0FF/ojhmrLy5I5qwYQ3is0DfDvbLNLOZH4hrmY7g9Li94xE/b9A+kaExVcmuVHU4Y
+QpV4zDc8keKbZSspo0IwQDAdBgNVHQ4EFgQUmq8pesARNTUmUTAAw2r+QNWu1jwwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDZwAwZAIwFwnzh4hQWq/I
+wEK/R1/1bGqG4MQndOQ4U9cFfxs048Yvs8oJPDed1+e4RvH9oeJxAjBCWYdD1FHfutMJMlrO
+iH5XPZxfQmv1By218IKT+VlvrmT6WOWLHuNjvrWBzW8CjHkAAAACABNob25na29uZ3Bvc3Ry
+b290Y2EzAAABfBBZrUgABVguNTA5AAAF0zCCBc8wggO3oAMCAQICFAgWX4pMpewAyZNA38TG
+riO4HFqkMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtv
+bmcxEjAQBgNVBAcTCUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UE
+AxMXSG9uZ2tvbmcgUG9zdCBSb290IENBIDMwHhcNMTcwNjAzMDIyOTQ2WhcNNDIwNjAzMDIy
+OTQ2WjBvMQswCQYDVQQGEwJISzESMBAGA1UECBMJSG9uZyBLb25nMRIwEAYDVQQHEwlIb25n
+IEtvbmcxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg
+Um9vdCBDQSAzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAs4jX6s4PIE6+5tYD
+be5Z/MJX3ylooYMOPmjHaFicHGBLiUMMudQVsu7BTnXptafv5ek1meTMHOdLX40zMCAzU9mm
+u9U+E47pH4dJrVAtUMoYvgFYohNwlruJiFaAXPi9LDzhTFeIu9O5le/Lx/baMXQopuZUifVB
+McrlJhrNguBw2jspu9UD9Zm6VfVk0WAOs4lJuIovBdKERSh8j2hQEnj8C7VTy8KYHISjnrC+
+I6Ta3MgrHtpuRR6JmNr5AC4G6Qw7cNVQJYiZy81zYPfV/zVnxaG8XqvNSrhF68hoHg0NFEYS
+49JkYopCmLy0xggI+P2oTGScdgG9L6lsMw/YPyi4PGkBQoZ+acHJBsrlekZl6cLWUEEuP7fk
+7WzXvyYBEaIWKUprNAaQ7BPStvtqdtI87fDWLd3hFeyjmy8syT4r5Gk7/3IlsTaGW8d/a4tV
+G0rFIGE9rstQ4Qg6vrCPY0FTMAhZPJgdd7pjkXrKEFBgv/DXvJWHj5fF/pdqAZSjfFuFHSo5
+OtBUodE5cZ39Ifm1e/Di4AKPbpYkJSygHiyoxImn7+2ZBi+2CkxP26LMNxqvR4Util/ENDRM
+AP0Yk2cT0TfmSLSLBsVXexmGCnnLAMlSr0L/N4/hox56PVCrYwbnFbU/tkU3lDexfvJIw3/F
+df6XjUWPGqcacigaQA8CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwHwYDVR0jBBgwFoAUF53NHovWOStw01zUoLgfsAD8xWEwHQYDVR0OBBYEFBedzR6L1jkr
+cNNc1KC4H7AA/MVhMA0GCSqGSIb3DQEBCwUAA4ICAQBW1Xtu5iIB0kKbGNUO12YjXOP+oMeS
+0umUrUuixuwSfHTVSNJZFJnA67nR6/RIMFutp1dzmanT5bfRLlkkWNxoLi5i2GrkcAstIFAg
+pDKV0QCYu9P99zLySa7GeuBHvm7Oy6NyOi1pXcvI6EU51PpCwRFMd12S+2r/WETl64Ger6CZ
+rb6pAWbLOB0830Mf9E1utLoXRvx9/YeBeWoNMw/6L/gUuYCzXU2ql+H55BjF+NU4jCY8/fIo
+4u5aSYgs33k9jp6QPL1BSjrdW/aatM4/JTB/Mn2iA5TQ3HqhUt5uk40YJv1VrL2Pm9LPr+eG
+LMsfCW+jb6mE1HO/TaF0G04jYPLMDqp/pJxMJaiyZjs4/9mUMPZyhL5oVRAPxnMsFmmTB/6x
+Re27olVqsNq1SgIlJ4XXt7eGRBaJbIArPpepnNV+VUzG3kUQHOrpO58DU+7uegECFnjU6MK+
+RnaIEz8iu0gSHVIAtAJ+IRoenCX08z1eHtIc+bMttvc3XMbLIU6w95lHGIXBK7pVrgbq0Aey
+3KvQgpZ1ztJQ/pnnzy+f53bRYSr7Ibsx0KqfR6SyIsoWOlBXxFtDZ8VlYgNJAetD2dj4nq3P
+sWMORfSgWiybLcWmwK2oR/QnTDgNLhtJO1L06IiDK1Qo1PI1UrQyg2JpZAyRnJ+X6nQW/R8R
+Bpqb9AAAAAIAEmUtc3ppZ25vcm9vdGNhMjAxNwAAAXwQWa1IAAVYLjUwOQAAAkQwggJAMIIB
+5aADAgECAgwBVEjvIf2XWQ31BAowCgYIKoZIzj0EAwIwcTELMAkGA1UEBhMCSFUxETAPBgNV
+BAcMCEJ1ZGFwZXN0MRYwFAYDVQQKDA1NaWNyb3NlYyBMdGQuMRcwFQYDVQRhDA5WQVRIVS0y
+MzU4NDQ5NzEeMBwGA1UEAwwVZS1Temlnbm8gUm9vdCBDQSAyMDE3MB4XDTE3MDgyMjEyMDcw
+NloXDTQyMDgyMjEyMDcwNlowcTELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRYw
+FAYDVQQKDA1NaWNyb3NlYyBMdGQuMRcwFQYDVQRhDA5WQVRIVS0yMzU4NDQ5NzEeMBwGA1UE
+AwwVZS1Temlnbm8gUm9vdCBDQSAyMDE3MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEltw9
+itiwe2/GJ75EkLGzVhV7jkMkfRqEWe5jaLLGXofQFUgeqJCtvVOi2t46kKZgX2gytYZB34db
+LHvF/nx62qNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FIcRFQjRqsF4DLGvzsbJkO+/MATAMB8GA1UdIwQYMBaAFIcRFQjRqsF4DLGvzsbJkO+/MATA
+MAoGCCqGSM49BAMCA0kAMEYCIQC1V93XilULNuGGRPrU2WiNuNwjiooN1C996nPsv01sqAIh
+AMultBL657Xoz36T/PM1j29OWny0vE6y/HKqW1n559wxAAAAAgAfYWNyYWl6Zm5tdC1yY21z
+ZXJ2aWRvcmVzc2VndXJvcwAAAXwQWa1IAAVYLjUwOQAAAnIwggJuMIIB86ADAgECAhBi9jJs
+5cTjaFwbYt2cLp2VMAoGCCqGSM49BAMDMHgxCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1U
+LVJDTTEOMAwGA1UECwwFQ2VyZXMxGDAWBgNVBGEMD1ZBVEVTLVEyODI2MDA0SjEsMCoGA1UE
+AwwjQUMgUkFJWiBGTk1ULVJDTSBTRVJWSURPUkVTIFNFR1VST1MwHhcNMTgxMjIwMDkzNzMz
+WhcNNDMxMjIwMDkzNzMzWjB4MQswCQYDVQQGEwJFUzERMA8GA1UECgwIRk5NVC1SQ00xDjAM
+BgNVBAsMBUNlcmVzMRgwFgYDVQRhDA9WQVRFUy1RMjgyNjAwNEoxLDAqBgNVBAMMI0FDIFJB
+SVogRk5NVC1SQ00gU0VSVklET1JFUyBTRUdVUk9TMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE
+9rpXU8jKq982SlIh5JfSg2ee8GVR0F6Hx0exWfJXR5sAApNEF2nbQsexsjoYDrRdjLNmXaE0
++TYsSdvzRvyzRGlEE2b918X9rzZNzgNNB3HPr2oF0qJDWgpSbwEDTo6Lo0IwQDAPBgNVHRMB
+Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUAbkv778RhmDyT9BBbqtzH+fS
+bkkwCgYIKoZIzj0EAwMDaQAwZgIxAK5K4ytAw3QR8pWtFiPeTgwa5l2lJF5rRHv8OOJPy5xF
+FxFMFCcmVTl1SgPME5CfkgIxAPpKbGCIc/PuuJhiqc4rwtmKpnAxHa+wlEzrT8bj0fNipzz/
+ky4HXEkBZ2kSAnK/5wAAAAIAEXF1b3ZhZGlzcm9vdGNhMWczAAABfBBZrUgABVguNTA5AAAF
+ZDCCBWAwggNIoAMCAQICFHhYXy6tLBlL4zcHNTQTKLWW1GWTMA0GCSqGSIb3DQEBCwUAMEgx
+CzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9W
+YWRpcyBSb290IENBIDEgRzMwHhcNMTIwMTEyMTcyNzQ0WhcNNDIwMTEyMTcyNzQ0WjBIMQsw
+CQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEeMBwGA1UEAxMVUXVvVmFk
+aXMgUm9vdCBDQSAxIEczMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoL5QEI7p
+8mxAtASchbkxytwt5BGpBDwbVcHnWDAdJLTD74XejCzhwT3fguZPrUeHbOxbScFK1buP7Ies
+f4Kahuw9A5lSAdI1nqza8FPJZjzUrAIB2iTTO6gCRq+kHOP4c1h2t/YOkA218M/M+vnGTOXD
+hjAKjRd+NevF37sOnMCNh+OIOIVn+j7Hq+ATnAUYmM+T9bGStPwj08/VxCdJ4J48mwiji10q
+IeD8OapT2n1+zxoJU7xdBQTPoUqPi3aCDaH40scUd1uQNgeBmz4G+lJeY8WmAP6l6VIbUrWS
+OXIDCWK9sGAWbqbdJcIDZt3zBNFA4k6LhvRv5YOgJ4ReBMH1kL0wPcTvqGm8OJukpJbRYtpp
+wAGWrsvEUTTqDKr/IY5Zj0pc5GGap9LpKniNUT06Fe6iWY6pXN7F+ZAi5YhFcd2RmWx6nz09
+mHxe9r4WaKBergsj/FoPqiJ2LcmhEB3k00QjkIifxirm1/Was1geLzCJCBtUorWYI+wIdxyV
+XWHRy4mcX6JKkZrvIapJFgiovWEoMcl0rYX22cWxi9HlEDJNX4sgOjxJHzOFWQ3bywl1Q2lz
++2txffDfxEx9xqMuyJV5y3Oijk5NJPte5AS+chumJy1JWpl611wJILd/lLlP8Q0cXohCGxG3
+55Hbnmz0at+MBpgDrcwo76VH81MCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B
+Af8EBAMCAQYwHQYDVR0OBBYEFKOX1vNeohDhq0WfPBdkPO4BcJzMMA0GCSqGSIb3DQEBCwUA
+A4ICAQAY+lt1/D56x193x8rfz1/DEsRAXdQyqrhq19UVFUaYI6XmkFsYmUzjrUKjgjE2iM3p
++8QElkiLAceNAc9bMwaWRmZ0HU/twba5tA1hzGN+1y53jJYcKiNoa4VXdnAzE/7hT6Yjdxj6
+GozovWXJzz/0yRfc68e8wAQuLUYvaWbDG4/+7D7TypS/dgolDal7Ahyp0DtfC8CBOj1k4b+n
+LU69TcTYKcYiGNDFrHICgj+qOqI6Ipcx3Qhjw3UUuWAoLVto4BapZoIjUfXrU9gxm3vpt51L
+64gWz/ldOIpJMI/t8esZ9HcaMRhNZ1RsL29l+ds97CHsXvT0i8pgZVTRcWT0+aajgTM2M3Hw
+pHhfTq2DId40SY3oWayd8nZaNvIT9K/gCcdhKmz34J2uu4ZKKG8u7rR5zZAzw7N2+vXwbJ0B
+kPqekPaccs9H2sMf5DUgU/JU0d9hg6YC4iU43oUyLV5zkFJdQsTOPUvh+RmEHdWiUMxB+0EU
+w73WyVqjY2YCgL0FOjtHnOwAJkz1iFG/qCN/GAewC+2LJqFk02FK61yf3rOvZwOzH91tXWlo
+aateOux8abzHO4VOnhW5tBVPw5V6WNfJbOlsufMpY160LPAtPe1aZeCpW0DCSJmBbZ4fBio8
+ErSLD5uiJPCmjdZ64Eu2ZJZjlYTCSs0cLiSHM2DlwwAAAAIAE2hvbmdrb25ncG9zdHJvb3Rj
+YTEAAAF8EFmtSAAFWC41MDkAAAM0MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAw
+RzELMAkGA1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr
+b25nIFBvc3QgUm9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzEL
+MAkGA1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25n
+IFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArP84tulm
+AknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQjVrhVcNQhrkpJsLj2aDx
+aQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEnPzlTCeqrauh0ssJlXI6/fMN4hM2e
+Fvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjhZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDV
+yAY45tQM4vM7TG1QjMSDJ8EThFk9nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3
+v/evt3a5pQuEF10Q6m/hq5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8E
+CDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9le
+gYsCmEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI37pio
+l7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clBoiMBdDhViw+5
+LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJsEhTkYY2sEJCehFC78JZv
+RZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpOfMGx+6fWtScvl6tu4B3i0RwsH0Ti
+/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbiAmvZWgAAAAIAInVzZXJ0cnVzdGVjY2NlcnRp
+ZmljYXRpb25hdXRob3JpdHkAAAF8EFmtSAAFWC41MDkAAAKTMIICjzCCAhWgAwIBAgIQXIuZ
+xVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5l
+dyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNU
+IE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg
+VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqfloI+d61SRvU8Za2Eur
+xtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinngo4N+LZfQYcTxmdwlkWOrfzCj
+tHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1
+xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBl
+AjA2Z6EWCNzklwBBHU6+4WMBzzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDp
+KmFHjFJKS04YcPbWRNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1XahgAAAACABRj
+eWJlcnRydXN0Z2xvYmFscm9vdAAAAXwQWa1IAAVYLjUwOQAAA6UwggOhMIICiaADAgECAgsE
+AAAAAAEPhaotSDANBgkqhkiG9w0BAQUFADA7MRgwFgYDVQQKEw9DeWJlcnRydXN0LCBJbmMx
+HzAdBgNVBAMTFkN5YmVydHJ1c3QgR2xvYmFsIFJvb3QwHhcNMDYxMjE1MDgwMDAwWhcNMjEx
+MjE1MDgwMDAwWjA7MRgwFgYDVQQKEw9DeWJlcnRydXN0LCBJbmMxHzAdBgNVBAMTFkN5YmVy
+dHJ1c3QgR2xvYmFsIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD4yLy9
+FFBmE//w03nsI/K3GseOhfESc6YZqhDbnKJldFp3PlF9VvbcI7bU7V9YsTdN1UkObvVqh9bS
+jNInxuL/Np+YZaATTsYqZJvVkBLPFAb0O+PUKL7oDvirTkiUbY6VMRBc7aItvdU6bbIcu2DA
+RksB9UmufkaK0HSNoQwCzu7854+4a2bzf0QAv2YlFCvdEDAdB5Y/TfZruI+3ewylOOveR9vV
+XTn8iKfz1yp08ehaojufULqmjEU1wlBlldxjgu/dv3dNnGLJY3MW0CkPSalI8LOqt2zFpzA5
+QF2uxOJdJlPwzhwjCGGolBm6BGJA7B84cHcSBnGnMBhdJSelAgMBAAGjgaUwgaIwDgYDVR0P
+AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLYIew16zKwgTIZWMl7Pq26F
+LXBXMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly93d3cyLnB1YmxpYy10cnVzdC5jb20vY3Js
+L2N0L2N0cm9vdC5jcmwwHwYDVR0jBBgwFoAUtgh7DXrMrCBMhlYyXs+rboUtcFcwDQYJKoZI
+hvcNAQEFBQADggEBAFbvCiOgVE6Vl8n4idpFwdSjACX0HxOrt6OFWGnCMK3YFYot48nNgVr4
+cyNap3wF8/0iOw7RBsTbNkxzBI7lsCLkxfMupdkj47hOSiCnbgIknyJgZ3uLHXIJxTFc6Xmf
+gEc9raELBxQ9R/8DaRoMC0TnYyWnf7LJuHaE7SP2fQerRX7T37O/6Yq2zaiiZytS1bdl8DlM
+Y6CReZNSD1Tdg7uf0Y+nU3PDy/8w7HwEuNhEH5NfcQkit24+6hwDTp0aIGH7gTfsXvwKRavX
+5xdV0KDqYJum9uOMWynCBmAUnS2XTKmTFZ1hxAFfSNZYvVYxEk4RyCHgsxGRZdu0pog4zlUA
+AAACAChtaWNyb3NvZnRyc2Fyb290Y2VydGlmaWNhdGVhdXRob3JpdHkyMDE3AAABfBBZrUgA
+BVguNTA5AAAFrDCCBagwggOQoAMCAQICEB7Tlwlf2LSzR3Aeqr5/RbMwDQYJKoZIhvcNAQEM
+BQAwZTELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE2MDQG
+A1UEAxMtTWljcm9zb2Z0IFJTQSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE3MB4X
+DTE5MTIxODIyNTEyMloXDTQyMDcxODIzMDAyM1owZTELMAkGA1UEBhMCVVMxHjAcBgNVBAoT
+FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE2MDQGA1UEAxMtTWljcm9zb2Z0IFJTQSBSb290IENl
+cnRpZmljYXRlIEF1dGhvcml0eSAyMDE3MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+AgEAylu+lDOMKZWRFgqVvUdiwYnzmTbfRpDJpe14am9HkWj4J2dQMx2hpvvg5UOjhAJXAV2c
+SECCUxC8v8c7aJC2gi3l9GXQzG0ZzJX5e6xKlK0O3ktDHYcHkhOQgINkNTkE/OXpbLO2H1CU
+OGVQXBdGubaFtRy1F+jWRZ3YsiawysRwSq5gpN2z2ez8O9VXcrw/yMmy3ktr+CNsA8AFvZXH
+zXM7ZoBk4xqsLvlHBfIGtptz9XgzW8eh+ycqobSakYyR0zqCPnZAtM1SYVFwKD/FxVryyYxJ
+uxRbTcj/Z01MEpat9f54qJeH1/1eIIDcoUsi+9SJrbrOR5dHVXuPRchnKISVHGgw7+9J4DV7
+ZOeYsJTaTYU7PlXEKK9X854T20Ynnx6iXkSDpKXK1ROzSz/E48LmhmGkUjC5eiBPbw84U8sz
+DBMrj9aavSrILbEcfUtRykfRSCdyXYfr1UXmSGWdr1KQuluiGGVXEp9oudQVa5TEaSKY9DPg
+7flRjkFQyTRPdpCs/DjB2OF7uePjlOFGacsOClBrE7qsDzdatxK1kIEeVq5XIobZydLR11Hj
+qzvGVf0eDtN0CtHaquppuJcoj0jEB/hSQzr0ylU1LLCmasCc+fKB4RJqwEXZZ7PO/yOiiQpU
+1BS5KqjX7PmrzSVYMnmPkFuYOcQIBsGsfw49AKUCAwEAAaNUMFIwDgYDVR0PAQH/BAQDAgGG
+MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAnLWX+GsnCPGsM548DZ6b+7TbIjMBAGCSsG
+AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBDAUAA4ICAQCsrz5dwhGWiY6j55LWlxW4E6KmQi4C
+zRYFWSfKIOi6uOga7E2ol1auZUOxjwCbUs1VzVM5bWJMiw1bfC5Ev4MQj/NTgoDDTzrHbhE/
+5uMWkYT7bYR/NHStiafOudfXn4Rkkr6Voa0JUzPd7grqSlGOb1WrurWURq6Mf9iiUCVlYIBG
+2zMErmy1mHRUJdyT5PjjVRU9uG3DCqQSwWmFbt9k8VOZ4Up1IJ2VD+TW3APxWRjoR4myV1qU
+tqnYFysXSeV2y8FWmTo3sf9pLJGRk+HfTKM3dk2hn/htHh3T+uz79EUdE23P91nlIidyK4bz
+V7sw7SRN3H1Wu6Oz+DR5icHg8gJh96b8D7scFwuuQdl8vSej/S460ZOUsXMdJIuvWyCJrbdn
+Znn1OsamljP+U5LIRrERkcaZf4/J1mYxIEEQhy0M1sGvNJjKZIP7E1fRwfA8eoylwf2VIaBx
+wZNncRLqj4gKaRlkmSNW+6wqLnC+ZsQMhO/li/OTAfhqkJNnS7Joo7Vij+k/jHo7Xg/njLjG
+fO83/XTiyE8zcuGUOW29Eq++DE5wfBtvjbMyk3NEFm3o9PfglYCPll04pPSr3gowh5PYTQBx
+YkUnSzpChFt/ZbdnNFItnBZrqqjYe6NCTHHHDMo+g+Sm77cBMF5Ro3n1cGmmQUQPhrAskcY9
+6q4PhAAAAAIAD2dvZGFkZHljbGFzczJjYQAAAXwQWa1IAAVYLjUwOQAABAQwggQAMIIC6KAD
+AgECAgEAMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNVBAYTAlVTMSEwHwYDVQQKExhUaGUgR28g
+RGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdvIERhZGR5IENsYXNzIDIgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTcwNjIwWhcNMzQwNjI5MTcwNjIwWjBjMQswCQYD
+VQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhH
+byBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIDANBgkqhkiG9w0B
+AQEFAAOCAQ0AMIIBCAKCAQEA3p3X6lcYSaFb69dfSIbqvt3/5O9nHPRlaLNXcaBed7vtm0np
+cIA9VhhjCG/a8szQP38CVCJUENiygdTAdT1Lf8d3wz54qxoDtSBrL2orscWIfsS7HrDB2EUn
+b6o3WPeHJtfYLfapF7cfcjZOphc/ZZiS2ypuXaL+iOAL3n/ljRXh68s61eISohMt2I6vXxI9
+oAgFCLZcpWU4BEWZHqNgYHTFQaVyYhtixR9vXxpCvgJRZaiuIxhq/HgDqU1/gMP6q1r8oUCk
+yhkW/rLI715zDe53vZr2eZi8sQdnohUN3aBYxkR7Cj5iKF+6QQdTWM8Rfjh0xfj/tWmQj4R0
+6pcbrwIBA6OBwDCBvTAdBgNVHQ4EFgQU0sSw0pHUTBFxs2HLPaH+3ahq1OMwgY0GA1UdIwSB
+hTCBgoAU0sSw0pHUTBFxs2HLPaH+3ahq1OOhZ6RlMGMxCzAJBgNVBAYTAlVTMSEwHwYDVQQK
+ExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdvIERhZGR5IENsYXNzIDIg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUF
+AAOCAQEAMkvzsso+kfwSxqEHjI53oDMGFFyQHhj3CKY9Chn5h4ARbmnklhcw/zSRY3I47swc
+AaMdlCikMfZ6xFTX9uUxWAOizM5i25RFc7W/RckktdWCAq0jeWmNuLZNzs9MyjMj6ByIqp2L
+QW4WySDliZ7NO9pw936ZJiAUVCWrbnOF5pshnQpsgg6o+MIM+hAebJbvhw3ED2GLre6DK5X4
+jpKEcjnrIOqD7YPNl24IvOtOJrZzK+TT9kz+JnHiYRF0Sv9XGocPdUguz1FpF6ACEmGV1dFA
+shBM7sSsEEOmpZ4K1ZVimg3PiILFMgzkK59F5g2fKJyxuSpaV603D68df9u9nwAAAAIAGm1p
+Y3Jvc2VjZS1zemlnbm9yb290Y2EyMDA5AAABfBBZrUgABVguNTA5AAAEDjCCBAowggLyoAMC
+AQICCQDCfkMETkc/GTANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCSFUxETAPBgNVBAcM
+CEJ1ZGFwZXN0MRYwFAYDVQQKDA1NaWNyb3NlYyBMdGQuMScwJQYDVQQDDB5NaWNyb3NlYyBl
+LVN6aWdubyBSb290IENBIDIwMDkxHzAdBgkqhkiG9w0BCQEWEGluZm9AZS1zemlnbm8uaHUw
+HhcNMDkwNjE2MTEzMDE4WhcNMjkxMjMwMTEzMDE4WjCBgjELMAkGA1UEBhMCSFUxETAPBgNV
+BAcMCEJ1ZGFwZXN0MRYwFAYDVQQKDA1NaWNyb3NlYyBMdGQuMScwJQYDVQQDDB5NaWNyb3Nl
+YyBlLVN6aWdubyBSb290IENBIDIwMDkxHzAdBgkqhkiG9w0BCQEWEGluZm9AZS1zemlnbm8u
+aHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDp+I/zY63ahtin4EL7z5Hepib4
+maVjcK2brsozQH1tlm6hDkTu4ROdlEJSmr11hXQsqA4dk7YYt4wsqM/7XHG52uz+6H6P5C8d
+sqh1h9i3oeU7z5lKRtCDGX3AoRIclW1K9NjHpU0zLoU5QHV+FHyAEphQx0FnuKCAYVSmbE4f
+4J0OB+nJujPn/sBVKCwCgKcZ9Z7cVVMDl3sHSP+Z+zeKJMRZzFAQY46qqRqwhBqG+V+7sVBu
+pNEKzNVxfh+nG3z1U24iX8sr5tR8Xa7WwsZM5QUB2e1X/MEjefz6yCSDlfO1alEB0HfW6RKh
++RqD+4IbubCX9HYGM0NJoP8Ltfq1AgMBAAGjgYAwfjAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBBjAdBgNVHQ4EFgQUyw/G30JDzD3LtUgjoRp6piq7NGgwHwYDVR0jBBgwFoAU
+yw/G30JDzD3LtUgjoRp6piq7NGgwGwYDVR0RBBQwEoEQaW5mb0BlLXN6aWduby5odTANBgkq
+hkiG9w0BAQsFAAOCAQEAydEOXi7VzLN8Psv8Pf8NKJWTBMi/2s15uEOQ8KS+7/LvIZi81NRd
+BvbuQuwwbKCqqcrxr4r6Pwtzaj7qLkB+H65UYXnrLgg31yPzjJ++HbHhpHXboOJUFLG6HCmk
+GPYSuqIUFOMxNchA/7fgBXZXwRxZ8vi/5O0lYlyE8H5+H7O++bchEcwDAVZwpxCSHhs0gR6t
+nBrDBDztAmHWHgbzXzqH8ivxRYflPazRx1eEvWuu3Nj5thticAs9NslC8jLXemHm0ts9z8ip
+yZvc21hE1284r39406OtGnW6HME2fI8ebRzDdUauNQWm9lw9Ie5W8MmCIi16VKtww30iZYJw
+lgAAAAIAMWhlbGxlbmljYWNhZGVtaWNhbmRyZXNlYXJjaGluc3RpdHV0aW9uc3Jvb3RjYTIw
+MTUAAAF8EFmtSAAFWC41MDkAAAYPMIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCB
+pjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh
+ZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNV
+BAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENB
+IDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAxMTIxWjCBpjELMAkGA1UEBhMCR1Ix
+DzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2Vh
+cmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMTN0hlbGxlbmljIEFj
+YWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIwMTUwggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQDC+Kk/G4n8PDwEXT2QNrCROnk8ZlrvbTkBSRq0t89/
+TSNTt5AA4xMqKKYx8ZEA4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+ehiGsxr/CL
+0BgzuNtFajT0AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+6PAQ
+Ze104S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06CojXd
+FPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV9Cz82XBST3i4
+vTwri5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrDgfgXy5I2XdGj2HUb4Ysn
+6npIQf1FGQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6Y5ZLKTBOhE5iGV48zpeQpX8B653g
++IuJ3SWYPZK2fu/Z8VFRfS0myGlZYeCsargqNhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+O
+AXqlD3pk9Q0Yh9muiNX6hME6wGkoLfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZ
+SRm2Ekax+0VVFqmjZaycBw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQAB
+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJ
+vXVdctA4GGqd83EkVAswDQYJKoZIhvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0IXtVs
+yIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+D1hYc2Ryx+hFjtyp8iY/xnmMsVMIM4GwVhO+5lFc
+2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrMd/K4kPFox/la/vot9L/J9UUbzjgQKjeKeaO0
+4wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+yd+2VZ5fkscWrv2oj6NSU4kQoYsRL4vDY
+4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/eaj8GsGsVn82800vpzY4zvFrCopEYq+OsS7HK0
+7/grfoxSwIuEVPkvPuNVqNxmsdnhX9izjFk0WaSrT2y7HxjbdavYy5LNlDhhDgcGH0tGEPEV
+vo2FXDtKK4F5D7Rpn0lQl033DlZdwJVqwjbDG2jJ9SrcR5q+ss7FJej6A7na+RZukYT1HCjI
+/CbM1xyQVqdfbzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVtJ94Cj8rDtSvK6evI
+IVM4pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGaJI7ZjnHKe7iG
+2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0vm9qp/UsQu0y
+rbYhnr68AAAAAgAobWljcm9zb2Z0ZWNjcm9vdGNlcnRpZmljYXRlYXV0aG9yaXR5MjAxNwAA
+AXwQWa1IAAVYLjUwOQAAAl0wggJZMIIB36ADAgECAhBm8j2vh96LsUrqDFcxAcLsMAoGCCqG
+SM49BAMDMGUxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x
+NjA0BgNVBAMTLU1pY3Jvc29mdCBFQ0MgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAx
+NzAeFw0xOTEyMTgyMzA2NDVaFw00MjA3MTgyMzE2MDRaMGUxCzAJBgNVBAYTAlVTMR4wHAYD
+VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xNjA0BgNVBAMTLU1pY3Jvc29mdCBFQ0MgUm9v
+dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzB2MBAGByqGSM49AgEGBSuBBAAiA2IABNS8
+PQJCdUETI82ABIYCUS9qqIFiC2XM9sqdHm9KZlGiA9mdkfq2FrGMbt58zdt5pi/Ou85xL+Wl
+qyjsYwRmmfj68pMQBeGBKELjxmj05huEYEqJr+15DzvO8fZE9QF4wKNUMFIwDgYDVR0PAQH/
+BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMjLmXJwUgz45r6yBFcpKs9CEO01
+MBAGCSsGAQQBgjcVAQQDAgEAMAoGCCqGSM49BAMDA2gAMGUCMFjyTeoM+V9e7mApyzry29Yy
+hBk/fNUvwrHMk65Quwkyxsbtfsk2lBLkaIUGohvQLwIxAJnpFrQO+lZI1KQwFpF421SMZQGK
+51BmwjG3Obq4GiIHTvxrVBYg/yu150wMTaZPcwAAAAIAMWhlbGxlbmljYWNhZGVtaWNhbmRy
+ZXNlYXJjaGluc3RpdHV0aW9uc3Jvb3RjYTIwMTEAAAF8EFmtSAAFWC41MDkAAAQ1MIIEMTCC
+AxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1IxRDBCBgNVBAoTO0hl
+bGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9y
+aXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRp
+b25zIFJvb3RDQSAyMDExMB4XDTExMTIwNjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJ
+BgNVBAYTAkdSMUQwQgYDVQQKEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5z
+dGl0dXRpb25zIENlcnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMg
+YW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPzdYmNUeTD
+N9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJfel3r+0ae50X+bOd
+OFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEnsbgzImjeN9/E2YEsmLIKe0Hjz
+DQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD75O6aRXxYp2fmTmCobd0LovUxQt7L/DI
+Cto9eQqakxylKHJzkUOap9FNhYS5qXSPFEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyN
+h+UCAwEAAaOBiTCBhjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU
+ppFC/RNhSiOeCKQp5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVk
+dTAGggQub3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA
+A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p6z0GW5k6
+x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8TqBTnbI6nOulnJEW
+tk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7dIsXRSZMFpGD/md9zU1jZ/rz
+AxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8AcysNnq/onN694/BtZqhFLKPM58N7yLcZnuE
+vUUXBj08yrl3NI/K6s8/MT7jiOOASSXIl7WdmplNsDz4SgCbZN2fOUvRJ9e4AAAAAgAiZ29k
+YWRkeXJvb3RjZXJ0aWZpY2F0ZWF1dGhvcml0eS1nMgAAAXwQWa1IAAVYLjUwOQAAA8kwggPF
+MIICraADAgECAgEAMA0GCSqGSIb3DQEBCwUAMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH
+QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIElu
+Yy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIw
+HhcNMDkwOTAxMDAwMDAwWhcNMzcxMjMxMjM1OTU5WjCBgzELMAkGA1UEBhMCVVMxEDAOBgNV
+BAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29t
+LCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAt
+IEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3FiCPH6WTT3G8kYo/eASVjp
+IoMTpsUgQwE7hPHmhUmfJ+r2hBtOoLTbcJjHMgGxBT4HTu70+k8vWTAi56sZVmvigAf88xZ1
+gDlRe+X5NbZ0TqmNghPktj+pA4P6or6KFWp/3gvDthkUBcrqw6gElDtGfDIN8wBmIsiNaW02
+jBEYt9OyHGC0OPoCjM7T3UYH3go+6118yHz7sCtTpJJiaVElBWEaRIGMLKlDliPfrDqBmg4p
+xRyp6V0etp6eMAo5zvGIgPtLXcwy7IViQyU0AlYnAZG0O3AqP26x6JyIAX2f1PnbU21gnb8s
+51iruF9G/M7EGwM8CetJMVxpRrPgRwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBBjAdBgNVHQ4EFgQUOpqFBxBnKLbv9r0FQW4gwZTaD94wDQYJKoZIhvcNAQEL
+BQADggEBAJnbXXnV+ZdZZwNh8X47BjF1LaEgjk9lh7T3ppy82Okv0Nta7s90jHO0OELaBXv4
+AnW4/aWx1672194Ty1MQfopG0Zf6ty4rEauQsCeA+eifWuk3n6vk32yzhRedPdkkT3mRNdZf
+BOuAg6uaAi21EPTYkMcEc0DtciWgqZ/snqtoEplXxo8SOgmkvUT9BhU3wZvkMqPtOOjYZPMs
+fhT8Auqfzf8HaBfbIpA4LXqN0VTxaeNfM8p6PXsK48p/Xznl4nW6xXYYM84s8C9Mrfex585P
+qMSbSlQGxX991QgP4hz+fhe4rF721BayQwkMTfana7SZhGXKeoji4kS+XPfqHPUAAAACAB5l
+cGtpcm9vdGNlcnRpZmljYXRpb25hdXRob3JpdHkAAAF8EFmtSAAFWC41MDkAAAW0MIIFsDCC
+A5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJU
+VzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kg
+Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAw
+MjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwg
+THRkLjEqMCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEh
+ajfqhFAHSyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh
+ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3XDZoTM1PR
+Yfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT
+1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJfzcq+Xd4z1TtW0ado4AOkUPB
+1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffAsgRFelQArr5T9rXn4fg8ozHSqf4hUmTF
+pmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uUWH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8i
+QkEeb5mKPtf5P0B6ebClAZLSnT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhB
+md8hh+iVBmoKs2pHdmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2bi
+nZB1NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC
+AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQFMAMBAf8w
+OQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLHClZ87lt4DJX5GFPB
+phzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGBuvl2ICO1J2B01GqZNF5sAFPZ
+n/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr
+8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsS
+tZf0X4OFunHB2WyBEXYKCrC/gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEP
+NXubrjlpC2JgQCA2j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWv
+Y9+rGNm65ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB
+o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS/jQ6fbjp
+Kdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2zGp1iro2C6pSe3VkQ
+w63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6
+aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZwAAAAC
+ACx0cnVzdHdhdmVnbG9iYWxlY2NwMzg0Y2VydGlmaWNhdGlvbmF1dGhvcml0eQAAAXwQWa1I
+AAVYLjUwOQAAAqEwggKdMIICJKADAgECAgwIvYWXbJknpIBoRzswCgYIKoZIzj0EAwMwgZEx
+CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9pczEQMA4GA1UEBxMHQ2hpY2FnbzEhMB8G
+A1UEChMYVHJ1c3R3YXZlIEhvbGRpbmdzLCBJbmMuMTowOAYDVQQDEzFUcnVzdHdhdmUgR2xv
+YmFsIEVDQyBQMzg0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE3MDgyMzE5MzY0M1oX
+DTQyMDgyMzE5MzY0M1owgZExCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9pczEQMA4G
+A1UEBxMHQ2hpY2FnbzEhMB8GA1UEChMYVHJ1c3R3YXZlIEhvbGRpbmdzLCBJbmMuMTowOAYD
+VQQDEzFUcnVzdHdhdmUgR2xvYmFsIEVDQyBQMzg0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEa9oNdTUIMUcFrkWZVfEREy5K+BAxI6N+g9N/KAg6
+Jho6z5eCH4C3JwmP0Y4wxAqbDqxYBKv3Nn2UI6SbCoqLq+v9OSVm8V7+jK6NQXmdCWDOKKnT
+im3z1kXU8piEOGWgo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwHQYD
+VR0OBBYEFFWphInSwTK9GMtspgdOyOedvoKQMAoGCCqGSM49BAMDA2cAMGQCMDcBkpdFEn6g
+8z6tGTpy3fRQkwMSvkTST0GkjJydH6P2wpLnSBT+TpulkVeuxjdyuwIwZyUKsQxe7qljkm/l
+kAv+ZiLKR/2KMfeD/nq/EL4YKx6P9ikelFnvjiE3y1GYpW5LAAAAAgARZ2xvYmFsc2lnbnJv
+b3RlNDYAAAF8EFmtSAAFWC41MDkAAAIPMIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQd
+mOhDMAoGCCqGSM49BAMDMEYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52
+LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJvb3QgRTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2
+MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2Ex
+HDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASc
+DrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkBjtjqR+q+soArzfwoDdus
+vKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGddyXqBPCCjQjBAMA4GA1UdDwEB
+/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQxCpCPtsad0kRLgLWi5h+xEk8b
+lTAKBggqhkjOPQQDAwNoADBlAjEA31SQ7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZkvLtoURMM
+A/cVi4RguYv/Uo7njLwcAjA8+RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+CAez
+NIm8BZ/3Hobui3AAAAACACRzdGFyZmllbGRyb290Y2VydGlmaWNhdGVhdXRob3JpdHktZzIA
+AAF8EFmtSAAFWC41MDkAAAPhMIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzEL
+MAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAj
+BgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs
+ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3
+MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH
+EwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTIw
+MAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNH
+ttfKPTUuiUP3oWmb3ooa/RMgnLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtr
+X8WJpRBSiUZV9Lh1HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/h
+bVNMYq/NHwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN
+dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0HZbUJtQI
+BFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0GCSqGSIb3DQEBCwUAA4IBAQAR
+WfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjUsHU48TRqneSfioYmUeYs0cYtbpUgSpIB
+7LiKZ3sx4mcujJUDJi5DnUox9g61DLu34jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoN
+AX3FWOdt5oUwF5okxBDgBPfg8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6
+nH7PfrHxBy22/L/KpL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztA
+gfd9fDL1mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0AAAAAgAoc3NsLmNvbWV2
+cm9vdGNlcnRpZmljYXRpb25hdXRob3JpdHlyc2FyMgAAAXwQWa1IAAVYLjUwOQAABe8wggXr
+MIID06ADAgECAghWtinNNLx49jANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCVVMxDjAM
+BgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRp
+b24xNzA1BgNVBAMMLlNTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBS
+U0EgUjIwHhcNMTcwNTMxMTgxNDM3WhcNNDIwNTMwMTgxNDM3WjCBgjELMAkGA1UEBhMCVVMx
+DjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9y
+YXRpb24xNzA1BgNVBAMMLlNTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eSBSU0EgUjIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCPNmVA4dZNwNe06Uba
+a+ozR81M+X19vr0tPfDbeOGGpdm6CVdo7Vc+oNAIQYPnKEEkH+NyFdABGvtecCOyy58548/F
+TsaSbSbGe7uz2iedCobpgTcF/vBxcezDHOljohcUne8bZ9OFVQIC1knJzFrhsfdvMp/J1DuI
+Qaicvcur2217CR+iTHKQ2isI/M88VM5nD6jPXZYZC8Tjcuut0X0dJ++S6xC/W+s7r8+A3cHS
+lgRben6kqTw4dqRijqA5Xup3z10AWY9mLD4HoqMFJhFpl+qFtw+WC0vIQOFQui6Ky/cPmiLn
+f5o3E83yTRNrIdHAzCLyoUb2RGmcymE1BwBv1mEIEeq6uPbps2DlTbnsnxRmyVdY282HafiK
+hhIDR79mE3asd300JIWDzdeqnJAanyEsf3i3ZLjY6Kb0eLNVy4TSMsR4rqOPYd3OCFOt7Ij8
+FeSaDeafGnfOTI+4FBU9YpyGOAYAZhLkWXZaU8ACmKIQK2hEe455zjNKdqpbgRYbtYrY0AB7
+XmK0CdaGYw6mBZVJuiiLiJOyNBzYpFVutxzQ3plVOyP0IuD5KWYm7CBQd9tKC4++5QJgcEFe
+1K5QOSIUJsuyO3N0VUcHeYE5qDATROUEiq6WEyVCD7lTxJv8zeQc3jz6q9YGSh9nppgwHN0s
+29wYlVdmxv9ci1b1dwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFPlg
+u9Tj1TT2uPUGgCWnc9tGaaieMB0GA1UdDgQWBBT5YLvU49U09rj1BoAlp3PbRmmonjAOBgNV
+HQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAFazjssKnUmOv6TEkbtmFwVRmHX75VAs
+ep7xFPqr04o+/5Epj2OL2LSpVAENvpOGL/lKbcde9Vf5ylUcEr5HDzbF32q323XCRyV/ufFj
++GgtVQTR8o2wpM+8PF4feOeloCBwsATFt/dyp94iDb0zJUaMZJIm4z4uY5bam4w9+BgJ1wPM
+fYaC4MoEB1FQ1/+S1Qzv2oafmdfrt69o4jkmlLpot7+D0+p6Zz1iZ64l5XLo4uTsrhL2Sys8
+n+mwQPM4VLP9t2jI2saPUTyy+5HcHOebneG3DXKP4qTEqXj56xSsxkMFwmU5KBgCw4KynQW+
+Ze2WX2V0PPsJNS57nBP9Gw9dx22BOlYPzDvhrwIvIqxGykY8oBxM1kS0Xi5cFWYJ4SYp/sZS
+Ybqxc//DDJzlbGqUPxTKQBaVhPNZqaxfTGGTbdE7zKKVDCKmZ2dELrnZ0opBs2YLWvt9I6Xy
+GrD/3puDlC7RP9+St5GvBTtlx6Bssc1iEsOQG+MlzjS8b3d2sRDD9wUawNavdGJIF3eSaZBh
+HN6VgHRUjxgcw/MD0L+kQ3WGUxh6Ci4JHDafkf2CiiJL0Q5QJd3LAwwXyYMACE41TYqL7fAC
+lGYsRH/LlSeWF60JMKy2cRduixf2HAnULTuYpXHTVBPZYPP1S2ZP+vHuIBKNtKxXsUVjoax2
+qcL7CnxeFrtkDGW4gmo4NgQZjJ1bHLk=
{{- $suffix := "set-tls-secret" }}
metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
spec:
+ backoffLimit: 20
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers: {{ include "common.certInitializer.initContainer" (dict "dot" . "initRoot" .Values) | nindent 6 }}
containers:
- - name: create tls secret
+ - name: create-tls-secret
command:
- /ingress/onboard.sh
image: {{ include "repositoryGenerator.image.kubectl" . }}
configMap:
name: {{ include "common.fullname" . }}-ingress
defaultMode: 0777
+ restartPolicy: Never
{{- end}}
cd /opt/app/config/cache
for file in $(ls feed*); do
NUM=$(echo "$file" | sed 's/feedConfig-\([0-9]\+\)-resp.json/\1/')
- export DR_LOG_URL_"$NUM"="$(grep -o '"logURL":"[^"]*' "$file" | cut -d '"' -f4)"
+ export DR_LOG_URL_"$NUM"="$(grep -o '"logURL":"[^"]*' "$file" | grep -w "feedlog" | cut -d '"' -f4)"
export DR_FILES_PUBLISHER_URL_"$NUM"="$(grep -o '"publishURL":"[^"]*' "$file" | cut -d '"' -f4)"
done
for file in $(ls drpub*); do
{{- $entry := dict }}
{{- $uid := tpl (default "" $secret.uid) $global }}
{{- $keys := keys $secret }}
- {{- range $key := (without $keys "annotations" "filePaths" )}}
+ {{- range $key := (without $keys "annotations" "filePaths" "envs" )}}
{{- $_ := set $entry $key (tpl (index $secret $key) $global) }}
{{- end }}
{{- if $secret.annotations }}
{{- $_ := set $entry "filePaths" $secret.filePaths }}
{{- end }}
{{- end }}
+ {{- if $secret.envs }}
+ {{- $envsCache := (list) }}
+ {{- range $env := $secret.envs }}
+ {{- $tplValue := tpl (default "" $env.value) $global }}
+ {{- $envsCache = append $envsCache (dict "name" $env.name "policy" $env.policy "value" $tplValue) }}
+ {{- end }}
+ {{- $_ := set $entry "envs" $envsCache }}
+ {{- end }}
{{- $realName := default (include "common.secret.genNameFast" (dict "global" $global "uid" $uid "name" $entry.name) ) $entry.externalSecret }}
{{- $_ := set $entry "realName" $realName }}
{{- $_ := set $secretCache $uid $entry }}
{{- end }}
{{- $_ := set $global.Values "_secretsCache" $secretCache }}
{{- end }}
+
{{- end -}}
{{/*
{{- end }}
{{- end -}}
+{{/*
+ generate needed scheme:
+ - https if needTLS
+ - http if not
+*/}}
+
+{{- define "common.scheme" -}}
+ {{- ternary "https" "http" (eq "true" (include "common.needTLS" .)) }}
+{{- end -}}
+
{{- define "common.port.buildCache" -}}
{{- $global := . }}
{{- if not $global.Values._DmaapDrNodePortsCache }}
{{- end -}}
{{- end -}}
{{- end -}}
+
+{{- define "common.serviceMesh.killSidecar" -}}
+{{- if (include "common.onServiceMesh" .) }}
+RCODE="$?";
+echo "*** script finished with exit code $RCODE" ;
+echo "*** killing service mesh sidecar" ;
+curl -sf -X POST http://127.0.0.1:15020/quitquitquit ;
+echo "" ;
+echo "*** exiting with script exit code" ;
+exit "$RCODE"
+{{- end }}
+{{- end -}}
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-dgbuilder-image:1.1.1
+image: onap/ccsdk-dgbuilder-image:1.2.1
pullPolicy: Always
# flag to enable debugging - application support required
{{/*
-# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2018 Amdocs
+# Copyright © 2018,2021 Bell Canada
# Copyright © 2019 Samsung Electronics
# Copyright © 2019-2020 Orange
# Copyright © 2020 Bitnami
httpGet:
path: /metrics
port: metrics
- initialDelaySeconds: 30
- timeoutSeconds: 5
+ initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }}
readinessProbe:
httpGet:
path: /metrics
port: metrics
- initialDelaySeconds: 5
- timeoutSeconds: 1
+ initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }}
{{ include "common.containerSecurityContext" . | indent 10 | trim }}
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
-# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2018 Amdocs
+# Copyright © 2018,2021 Bell Canada
# Copyright © 2019 Samsung Electronics
# Copyright © 2020 Bitnami, Orange
#
requests:
cpu: 0.5
memory: 256Mi
+ ## MariaDB Galera metrics container's liveness and readiness probes
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+ ##
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 3
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 3
## MySQL Prometheus exporter service parameters
##
service:
-#!/bin/bash
+#!/bin/sh
+
{{/*
-#
# ============LICENSE_START==========================================
# org.onap.music
# ===================================================================
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-apps-ms-neng:1.1.1
+image: onap/ccsdk-apps-ms-neng:1.2.0
pullPolicy: IfNotPresent
# application configuration
CREATE SCHEMA IF NOT EXISTS "${PG_USER}";
CREATE TABLE IF NOT EXISTS "${PG_USER}".testtable (
- name varchar(30) PRIMARY KEY,
- value varchar(50) NOT NULL,
- updatedt timestamp NOT NULL
+ name varchar(30) PRIMARY KEY,
+ value varchar(50) NOT NULL,
+ updatedt timestamp NOT NULL
);
INSERT INTO "${PG_USER}".testtable (name, value, updatedt) VALUES ('CPU', '256', now());
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
-# ============LICENSE_START==========================================
-# ===================================================================
-# Copyright (C) 2021 Pantheon.tech
-#
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-#============LICENSE_END============================================
-
-# Helm Chart for CPS Applications
-
-ONAP Configuration Persistence Service (CPS) includes the following Kubernetes services:
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
-1) cps-core - Configuration Persistence Service together with Nf Configuration Persistence Service
\ No newline at end of file
+apiVersion: v1
+appVersion: "1.0"
+description: ONAP timescaledb
+name: timescaledb
+version: 8.0.0
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: 'file://../repositoryGenerator'
--- /dev/null
+#!/bin/sh
+
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+set -e
+set echo on;
+psql --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+ CREATE USER $DB_USERNAME WITH PASSWORD '$DB_PASSWORD';
+ CREATE SCHEMA $POSTGRES_DB;
+ GRANT ALL PRIVILEGES ON SCHEMA $POSTGRES_DB TO $DB_USERNAME;
+ CREATE EXTENSION IF NOT EXISTS timescaledb WITH SCHEMA $POSTGRES_DB;
+EOSQL
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-init
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+ init-schema.sh: |-
+{{ .Files.Get "resources/init/init-schema.sh" | indent 4}}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.PV" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ serviceName: {{ include "common.servicename" . }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ initContainers:
+ - name: chowm-mount-path
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }} /var/lib/postgresql/data
+ image: {{ include "repositoryGenerator.image.busybox" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /var/lib/postgresql/data
+ name: {{ include "common.fullname" . }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ livenessProbe:
+ exec:
+ command: ["psql", "-w", "-U", "{{ .Values.config.pgRootUserName }}", "-c", "select 1"]
+ initialDelaySeconds: 5
+ periodSeconds: 60
+ readinessProbe:
+ exec:
+ command: ["psql", "-w", "-U", "{{ .Values.config.pgRootUserName }}", "-c", "select 1"]
+ initialDelaySeconds: 5
+ periodSeconds: 30
+ env:
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "user-creds" "key" "login") | indent 14 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "user-creds" "key" "password") | indent 14 }}
+ - name: POSTGRES_DB
+ value: {{ .Values.config.pgDatabase }}
+ - name: POSTGRES_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-creds" "key" "login") | indent 14 }}
+ - name: POSTGRES_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-creds" "key" "password") | indent 14 }}
+ - name: PGDATA
+ value: /var/lib/postgresql/data/pgdata
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-init
+ mountPath: /docker-entrypoint-initdb.d
+ - name: {{ include "common.fullname" . }}
+ mountPath: /var/lib/postgresql/data
+ volumes:
+ - name: {{ include "common.fullname" . }}-init
+ configMap:
+ name: {{ include "common.fullname" . }}-init
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
+ volumeClaimTemplates:
+ - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "data" "persistenceInfos" .Values.persistence) | indent 6 | trim }}
+{{- end }}
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+replicaCount: 1
+global:
+ persistence: {}
+
+#################################################################
+# Secrets.
+##############################################################
+image: timescale/timescaledb:2.1.1-pg13
+
+pullPolicy: Always
+containerPorts: 5432
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+ nameOverride: timescaledb
+ roles:
+ - read
+
+podSecurityContext: {}
+ # fsGroup: 2000
+
+securityContext:
+ # Uid and gid to run the entrypoint of the container process (uid 70 is postgres user and gid 70 is postgres group)
+ runAsUser: 70
+ runAsGroup: 70
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+
+resources:
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ limits:
+ cpu: 0.5
+ memory: 256Mi
+ requests:
+ cpu: 20m
+ memory: 256Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+service:
+ type: ClusterIP
+ name: timescaledb
+ ports:
+ - name: tcp-timescaledb
+ port: 5432
+
+persistence:
+ enabled: true
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+
+ ## database data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ accessMode: ReadWriteOnce
+ size: 1Gi
+ mountPath: /dockerdata-nfs
+
+config:
+ pgUserName: timescaledb
+ pgRootUserName: postgres
+ pgDatabase: timescaledb
+
+secrets:
+ - uid: root-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.pgRootPasswordExternalSecret) . }}'
+ login: '{{ .Values.config.pgRootUserName }}'
+ password: '{{ .Values.config.pgRootpassword }}'
+ - uid: user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.pgUserExternalSecret) . }}'
+ login: '{{ .Values.config.pgUserName }}'
+ password: '{{ .Values.config.pgUserPassword }}'
+
-#!/bin/bash
+#!/bin/sh
#function to provide help
#desc: this function provide help menu
#remove attional prefix and postfix
imageNameFinal=`echo "$imageName" | sed -e 's/^"//' -e 's/"$//' `
- #check if line contain Version as a subtag in lines if yes then call docker pull with version
+ #check if line contain Version as a subtag in lines if yes then call docker pull with version
if echo $line | grep -q $IMAGE_VERSION_TEXT ; then
echo docker pull "$imageNameWithVersion":"$imageNameFinal"
docker pull $imageNameWithVersion:$imageNameFinal &
Bag Attributes
friendlyName: tomcat
- localKeyID: 54 69 6D 65 20 31 34 39 33 33 32 33 39 32 32 37 35 31
+ localKeyID: 54 69 6D 65 20 31 34 39 33 33 32 33 39 32 32 37 35 31
subject=/C=CA/ST=Ontario/L=Ottawa/O=ONAP/OU=ONAP/CN=ONAP
issuer=/C=CA/ST=Ontario/L=Ottawa/O=ONAP/OU=ONAP/CN=ONAP
-----BEGIN CERTIFICATE-----
Bag Attributes
friendlyName: tomcat
- localKeyID: 54 69 6D 65 20 31 34 39 33 33 32 33 39 32 32 37 35 31
+ localKeyID: 54 69 6D 65 20 31 34 39 33 33 32 33 39 32 32 37 35 31
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCbEKYweVNHsWR1
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
externalPort: 5432
resources: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: awx-postgres
+ roles:
+ - read
- name: awx-postgres
version: ~8.x-0
repository: 'file://components/awx-postgres'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
cpu: 500m
memory: 1Gi
serviceAccount: {{ include "common.fullname" . }}
- serviceAccountName: {{ include "common.fullname" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- configMap:
defaultMode: 420
externalPort: 5672
resources: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: awx
+ roles:
+ - read
- name: cmpv2Config
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
-#!/bin/bash
+#!/bin/sh
waitForEjbcaToStart() {
until $(curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth --output /dev/null --silent --head --fail)
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
resources: {{ include "common.resources" . | nindent 10 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- configMap:
name: "{{ include "common.fullname" . }}-config-script"
cpu: 20m
memory: 1Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: ejbca
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
-external-key:
+external-key:
description: "The external-key uniquely identify the resources to a service within ONAP."
filterable: true
label: ONAP external key
- on_objects:
+ on_objects:
- ipam.models.IPAddress
required: true
type: text
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
periodSeconds: 10
resources: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: netbox-app
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
nodePort: 20
resources: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: netbox-nginx
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
externalPort: 5432
resources: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: netbox-postgres
+ roles:
+ - read
1. You can add the following entry after DNS deploy on running cluster at the end of cluster.yaml file (rke)
~~~yaml
dns:
- provider: coredns
- upstreamnameservers:
- - <cluster_ip>:31555
+ provider: coredns
+ upstreamnameservers:
+ - <cluster_ip>:31555
~~~
2. You can edit coredns configuration with command:
- kubectl -n kube-system edit configmap coredns
+ kubectl -n kube-system edit configmap coredns
-#!/bin/bash -e
+#!/bin/sh -e
# Copyright 2020 Samsung Electronics Co., Ltd.
#
usage() {
cat << ==usage
$0 [cluster_domain] [lb_ip] [helm_chart_args] ...
- [cluster_domain] Default value simpledemo.onap.org
- [lb_ip] Default value LoadBalancer IP
- [helm_chart_args] ... Optional arguments passed to helm install command
+ [cluster_domain] Default value simpledemo.onap.org
+ [lb_ip] Default value LoadBalancer IP
+ [helm_chart_args] ... Optional arguments passed to helm install command
$0 --help This message
$0 --info Display howto configure target machine
==usage
}
-target_machine_notice_info() {
+target_machine_notice_info()
+{
cat << ==infodeploy
Extra DNS server already deployed:
1. You can add the DNS server to the target machine using following commands:
- sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT
- sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT
- sudo sysctl -w net.ipv4.conf.all.route_localnet=1
- sudo sysctl -w net.ipv4.ip_forward=1
+ sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT
+ sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT
+ sudo sysctl -w net.ipv4.conf.all.route_localnet=1
+ sudo sysctl -w net.ipv4.ip_forward=1
2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine
==infodeploy
}
list_node_with_external_addrs()
{
- local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
- for worker in $WORKER_NODES; do
- local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
- local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
- if [ $internal_ip != $external_ip ]; then
- echo $external_ip
- break
- fi
- done
+ local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
+ for worker in $WORKER_NODES; do
+ local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
+ local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
+ if [ $internal_ip != $external_ip ]; then
+ echo $external_ip
+ break
+ fi
+ done
}
ingress_controller_ip() {
- local metal_ns=$(kubectl get ns --no-headers --output=custom-columns=NAME:metadata.name |grep metallb-system)
- if [ -z $metal_ns ]; then
- echo $CLUSTER_IP
- else
- list_node_with_external_addrs
- fi
+ local metal_ns=$(kubectl get ns --no-headers --output=custom-columns=NAME:metadata.name |grep metallb-system)
+ if [ -z $metal_ns ]; then
+ echo $CLUSTER_IP
+ else
+ list_node_with_external_addrs
+ fi
}
deploy() {
- local ingress_ip=$(ingress_controller_ip)
- initdir = $(pwd)
- cd $SPATH/bind9dns
- if [ $# -eq 0 ]; then
- local cl_domain="simpledemo.onap.org"
- else
- local cl_domain=$1
- shift
- fi
- if [ $# -ne 0 ]; then
- ingress_ip=$1
- shift
- fi
- helm install . --set dnsconf.wildcard="$cl_domain=$ingress_ip" $@
- cd $initdir
- target_machine_notice_info
+ local ingress_ip=$(ingress_controller_ip)
+ initdir = $(pwd)
+ cd $SPATH/bind9dns
+ if [ $# -eq 0 ]; then
+ local cl_domain="simpledemo.onap.org"
+ else
+ local cl_domain=$1
+ shift
+ fi
+ if [ $# -ne 0 ]; then
+ ingress_ip=$1
+ shift
+ fi
+ helm install . --set dnsconf.wildcard="$cl_domain=$ingress_ip" $@
+ cd $initdir
+ target_machine_notice_info
}
if [ $# -eq 1 ] && [ "$1" = "-h" ]; then
- usage
+ usage
elif [ $# -eq 1 ] && [ "$1" = "--help" ]; then
- usage
+ usage
elif [ $# -eq 1 ] && [ "$1" = "--info" ]; then
target_machine_notice_info
else
- deploy $@
+ deploy $@
fi
-#!/bin/bash -e
+#!/bin/sh -e
+
#
# Copyright 2020 Samsung Electronics Co., Ltd.
#
# limitations under the License.
#
-usage() {
+usage()
+{
cat << ==usage
$0 Automatic configuration using external addresess from nodes
$0 --help This message
find_nodes_with_external_addrs()
{
- local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
- for worker in $WORKER_NODES; do
- local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
- local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
- if [ $internal_ip != $external_ip ]; then
- echo $external_ip
- fi
- done
+ local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
+ for worker in $WORKER_NODES; do
+ local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
+ local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
+ if [ $internal_ip != $external_ip ]; then
+ echo $external_ip
+ fi
+ done
}
generate_config_map()
}
generate_config_from_single_addr() {
- generate_config_map "$1 - $1"
+ generate_config_map "$1 - $1"
}
install_metallb() {
- kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/namespace.yaml
- kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/metallb.yaml
- # Only when install
- kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
+ kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/namespace.yaml
+ kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/metallb.yaml
+ # Only when install
+ kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
}
automatic_configuration() {
- install_metallb
- generate_config_from_single_addr $(find_nodes_with_external_addrs)
+ install_metallb
+ generate_config_from_single_addr $(find_nodes_with_external_addrs)
}
manual_configuration() {
- install_metallb
- generate_config_map $@
+ install_metallb
+ generate_config_map $@
}
if [ $# -eq 1 ] && [ "$1" = "-h" ]; then
- usage
+ usage
if [ $# -eq 1 ] && [ "$1" = "--help" ]; then
- usage
+ usage
elif [ $# -eq 0 ]; then
- automatic_configuration
+ automatic_configuration
else
- manual_configuration $@
+ manual_configuration $@
fi
-#!/bin/bash
+#!/bin/sh
# Copyright © 2020 Samsung Electronics
#
-#!/bin/bash
+#!/bin/sh
+
#############################################################################
# Copyright © 2019 Bell.
#
# limitations under the License.
*/}}
-server:
- port: 8080
-
-rest:
- api:
- cps-base-path: /cps/api
- xnf-base-path: /cps-nf-proxy/api
-
spring:
- main:
- banner-mode: "off"
- jpa:
- ddl-auto: create
- open-in-view: false
- properties:
- hibernate:
- enable_lazy_load_no_trans: true
- dialect: org.hibernate.dialect.PostgreSQLDialect
-
datasource:
url: jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }}
username: ${DB_USERNAME}
driverClassName: org.postgresql.Driver
initialization-mode: always
- cache:
- type: caffeine
- cache-names: yangSchema
- caffeine:
- spec: maximumSize=10000,expireAfterAccess=10m
-
liquibase:
change-log: classpath:changelog/changelog-master.yaml
labels: {{ .Values.config.liquibaseLabels }}
security:
- # comma-separated uri patterns which do not require authorization
- permit-uri: /manage/health/**,/manage/info,/swagger-ui/**,/swagger-resources/**,/v3/api-docs
- auth:
- username: ${CPS_USERNAME}
- password: ${CPS_PASSWORD}
-
-# Actuator
-management:
- endpoints:
- web:
- base-path: /manage
- exposure:
- include: info,health,loggers
- endpoint:
- health:
- show-details: always
- # kubernetes probes: liveness and readiness
- probes:
- enabled: true
- loggers:
- enabled: true
-
+ # comma-separated uri patterns which do not require authorization
+ permit-uri: /manage/**,/swagger-ui/**,/swagger-resources/**,/api-docs
+ auth:
+ username: ${CPS_USERNAME}
+ password: ${CPS_PASSWORD}
logging:
level:
org:
springframework: {{ .Values.logging.level }}
+dmi:
+ auth:
+ username: ${DMI_USERNAME}
+ password: ${DMI_PASSWORD}
+
+{{- if .Values.config.eventPublisher }}
+{{ toYaml .Values.config.eventPublisher | nindent 2 }}
+{{- end }}
+
{{- if .Values.config.additional }}
{{ toYaml .Values.config.additional | nindent 2 }}
{{- end }}
-
# Last empty line is required otherwise the last property will be missing from application.yml file in the pod.
+
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
selector: {{- include "common.selectors" . | nindent 4 }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
- name: CPS_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
+ - name: DMI_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "login") | indent 12 }}
+ - name: DMI_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "password") | indent 12 }}
+
volumeMounts:
- mountPath: /config-input
name: init-data-input
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
\ No newline at end of file
#################################################################
secrets:
- uid: pg-root-pass
- name: &pgRootPassSecretName '{{ include "common.release" . }}-cps-pg-root-pass'
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-cps-core-pg-root-pass'
type: password
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "cps-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "cps-core-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
password: '{{ .Values.postgres.config.pgRootpassword }}'
policy: generate
- uid: pg-user-creds
- name: &pgUserCredsSecretName '{{ include "common.release" . }}-cps-pg-user-creds'
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-cps-core-pg-user-creds'
type: basicAuth
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "cps-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "cps-core-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
login: '{{ .Values.postgres.config.pgUserName }}'
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
login: '{{ .Values.config.appUserName }}'
password: '{{ .Values.config.appUserPassword }}'
passwordPolicy: generate
+ - uid: dmi-plugin-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.dmiPluginUserExternalSecret) . }}'
+ login: '{{ .Values.config.dmiPluginUserName }}'
+ password: '{{ .Values.config.dmiPluginUserPassword }}'
+ passwordPolicy: generate
#################################################################
# Global configuration defaults.
virtualhost:
baseurl: "simpledemo.onap.org"
-image: onap/cps-and-nf-proxy:1.0.1
+image: onap/cps-and-ncmp:2.0.0
containerPort: &svc_port 8080
+managementPort: &mgt_port 8081
service:
type: ClusterIP
ports:
- name: &port http
port: *svc_port
+ - name: management
+ port: *mgt_port
+ targetPort: *mgt_port
+
+prometheus:
+ enabled: true
+
+metrics:
+ serviceMonitor:
+ enabled: true
+ port: management
+ ## specify target port if name is not given to the port in the service definition
+ ##
+ # targetPort: 8080
+ path: /manage/prometheus
+ interval: 60s
+ basicAuth:
+ enabled: false
pullPolicy: Always
# flag to enable debugging - application support required
# in debugger so K8s doesn't restart unresponsive container
enabled: true
path: /manage/health
- port: *port
+ port: *mgt_port
readiness:
initialDelaySeconds: 15
periodSeconds: 15
path: /manage/health
- port: *port
+ port: *mgt_port
ingress:
enabled: true
spring:
profile: helm
#appUserPassword:
-
+ dmiPluginUserName: dmiuser
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format insead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
+ eventPublisher:
+ spring.kafka.bootstrap-servers: message-router-kafka:9092
+ spring.kafka.security.protocol: SASL_PLAINTEXT
+ spring.kafka.properties.sasl.mechanism: PLAIN
+ spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username=admin password=admin_secret;
+ spring.kafka.producer.client-id: cps-core
+
+ additional:
+ notification.data-updated.enabled: true
+ notification.data-updated.topic: cps.data-updated-events
+ notification.data-updated.filters.enabled-dataspaces: ""
+ notification.async.enabled: false
+ notification.async.executor.core-pool-size: 2
+ notification.async.executor.max-pool-size: 1
+ notification.async.executor.queue-capacity: 500
+ notification.async.executor.wait-for-tasks-to-complete-on-shutdown: true
+ notification.async.executor.thread-name-prefix: Async-
+
logging:
level: INFO
path: /tmp
# Postgres overriding defaults in the postgres
#################################################################
postgres:
- nameOverride: &postgresName cps-postgres
+ nameOverride: &postgresName cps-core-postgres
service:
name: *postgresName
- name2: cps-pg-primary
- name3: cps-pg-replica
+ name2: cps-core-pg-primary
+ name3: cps-core-pg-replica
container:
name:
- primary: cps-pg-primary
- replica: cps-pg-replica
+ primary: cps-core-pg-primary
+ replica: cps-core-pg-replica
persistence:
- mountSubPath: cps/data
- mountInitPath: cps
+ mountSubPath: cps-core/data
+ mountInitPath: cps-core
config:
pgUserName: cps
pgDatabase: cpsdb
readinessCheck:
wait_for:
- - cps-postgres
+ - *postgresName
+
+minReadySeconds: 10
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Configuration Persistance Service (CPS) - Temporal
+name: cps-temporal
+version: 8.0.0
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: timescaledb
+ version: ~8.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+spring:
+ datasource:
+ url: jdbc:postgresql://{{ .Values.timescaledb.service.name }}:5432/{{ .Values.timescaledb.config.pgDatabase }}
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+
+security:
+ auth:
+ username: ${APP_USERNAME}
+ password: ${APP_PASSWORD}
+
+# Event consumption properties (kafka)
+{{- if .Values.config.eventConsumption }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
+{{- end }}
+
+# Additional properties
+{{- if .Values.config.additional }}
+{{ toYaml .Values.config.additional | nindent 2 }}
+{{- end }}
+
+# Last empty line is required otherwise the last property will be missing from application.yml file in the pod.
<!--
============LICENSE_START=======================================================
- Copyright (C) 2021 Nordix Foundation
+ Copyright (C) 2020 Bell Canada.
================================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
============LICENSE_END=========================================================
-->
-<configuration scan="true" scanPeriod="30 seconds" debug="false">
+<configuration>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d - %highlight(%-5level) [%-20.20thread] %cyan(%logger{36}) - %msg%n</pattern>
</encoder>
</appender>
- <appender name="AsyncSysOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="STDOUT" />
- </appender>
- <root level="INFO">
- <appender-ref ref="AsyncSysOut" />
- </root>
+ <!-- Logger for cps classes -->
+ <logger name="org.onap.cps" level="info"/>
+
+ <!-- Logger for sql statements. Set to info to disable, debug to enable -->
+ <logger name="org.hibernate.SQL" level="info"/>
-</configuration>
+ <!-- Logger for sql bindings. Set to info to disable, to trace to enable -->
+ <logger name="org.hibernate.type.descriptor.sql.BasicBinder" level="info"/>
+
+ <!-- Logger for hibernate statistics. Set to warn to disable, to info to enable -->
+ <logger name="org.hibernate.engine.internal.StatisticalLoggingSessionEventListener" level="warn"/>
+
+ <root level="info">
+ <appender-ref ref="STDOUT" />
+ </root>
+</configuration>
\ No newline at end of file
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | nindent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim}}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+ - name: {{ include "common.name" . }}-update-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+ - name: APP_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
+ - name: APP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: init-data-input
+ - mountPath: /config
+ name: init-data
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ httpGet:
+ port: {{ .Values.liveness.port }}
+ path: {{ .Values.liveness.path }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ httpGet:
+ port: {{ .Values.readiness.port }}
+ path: {{ .Values.readiness.path }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: SPRING_PROFILES_ACTIVE
+ value: {{ .Values.config.spring.profile }}
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /app/resources/application-helm.yml
+ subPath: application-helm.yml
+ name: init-data
+ - mountPath: /app/resources/logback.xml
+ subPath: logback.xml
+ name: init-data
+ - mountPath: /tmp
+ name: init-temp
+ volumes:
+ - name: init-data-input
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: init-data
+ emptyDir:
+ medium: Memory
+ - name: init-temp
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.ingress" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+passwordStrengthOverride: basic
+global:
+ ingress:
+ virtualhost:
+ baseurl: "simpledemo.temporal.onap.org"
+
+secrets:
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-cps-temporal-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.timescaledb.config.pgUserExternalSecret) .) (hasSuffix "cps-temporal-pg-user-creds" .Values.timescaledb.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.timescaledb.config.pgUserName }}'
+ password: '{{ .Values.timescaledb.config.pgUserPassword }}'
+ passwordPolicy: generate
+ - uid: app-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
+ login: '{{ .Values.config.appUserName }}'
+ password: '{{ .Values.config.appUserPassword }}'
+ passwordPolicy: generate
+
+image: onap/cps-temporal:1.0.0
+containerPort: &svc_port 8080
+managementPort: &mgt_port 8081
+
+prometheus:
+ enabled: true
+
+service:
+ type: ClusterIP
+ name: cps-temporal
+ ports:
+ - name: http
+ port: *svc_port
+ targetPort: *svc_port
+ - name: management
+ port: *mgt_port
+ targetPort: *mgt_port
+
+metrics:
+ serviceMonitor:
+ enabled: true
+ port: management
+ ## specify target port if name is not given to the port in the service definition
+ ##
+ # targetPort: 8080
+ path: /manage/prometheus
+ interval: 60s
+ basicAuth:
+ enabled: false
+
+pullPolicy: IfNotPresent
+# flag to enable debugging - application support required
+debugEnabled: false
+nodeSelector: {}
+affinity: {}
+# Resource Limit flavor -By Default using small
+flavor: small
+# default number of instances
+replicaCount: 1
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 20
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ path: /manage/health
+ port: *mgt_port
+
+readiness:
+ initialDelaySeconds: 15
+ periodSeconds: 15
+ path: /manage/health
+ port: *mgt_port
+
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "cps-temporal"
+ path: "/"
+ name: "cps-temporal"
+ port: *svc_port
+
+serviceAccount:
+ nameOverride: cps-temporal
+ roles:
+ - read
+
+securityContext:
+ user_id: 100
+ group_id: 655533
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+config:
+ # REST API basic authentication credentials (passsword is generated if not provided)
+ appUserName: cpstemporal
+ spring:
+ profile: helm
+ #appUserPassword:
+
+ # Event consumption (kafka) properties
+ # All Kafka properties must be in "key: value" format instead of yaml.
+ eventConsumption:
+ spring.kafka.bootstrap-servers: message-router-kafka:9092
+ spring.kafka.security.protocol: PLAINTEXT
+ spring.kafka.consumer.group-id: cps-temporal-group
+ app.listener.data-updated.topic: cps.data-updated-events
+
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
+# additional:
+# spring.config.max-size: 200
+# spring.config.min-size: 10
+
+logging:
+ level: INFO
+ path: /tmp
+
+timescaledb:
+ nameOverride: cps-temporal-db
+ container:
+ name: cps-temporal-db
+ name: cpstemporaldb
+ service:
+ name: cps-temporal-db
+ persistence:
+ mountSubPath: cps-temporal/data
+ mountInitPath: cps-temporal
+ config:
+ pgUserName: cpstemporaldb
+ pgDatabase: cpstemporaldb
+ pgUserExternalSecret: *pgUserCredsSecretName
+ serviceAccount:
+ nameOverride: cps-temporal-db
+
+readinessCheck:
+ wait_for:
+ - cps-temporal-db
+
+minReadySeconds: 10
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
\ No newline at end of file
# ============LICENSE_END=========================================================
*/}}
-server:
- port: 8080
+dmi:
+ service:
+ name: {{ .Values.config.dmiServiceName }}
cps-core:
- baseUrl: http://${CPS_CORE_HOST:cps}:${CPS_CORE_PORT:8080}
- dmiRegistrationUrl : /cps-ncmp/api/ncmp-dmi/v1/ch
+ baseUrl: {{ .Values.config.cpsCore.url }}
auth:
username: ${CPS_CORE_USERNAME}
password: ${CPS_CORE_PASSWORD}
sdnc:
- baseUrl: http://${SDNC_HOST:sdnc}:${SDNC_PORT:8181}
- topologyId: ${SDNC_TOPOLOGY_ID:topology-netconf}
+ baseUrl: {{ .Values.config.sdnc.url }}
+ topologyId: {{ .Values.config.sdnc.topologyId }}
auth:
username: ${SDNC_USERNAME}
password: ${SDNC_PASSWORD}
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- export SERVICE_PORT=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.spec.ports[0].port}')
- echo http://$SERVICE_IP:$SERVICE_PORT
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- export POD_PORT=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].spec.containers[0].ports[0].containerPort}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:$POD_PORT
-{{- end }}
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
selector: {{- include "common.selectors" . | nindent 4 }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "common.name" . }}
app.kubernetes.io/instance: {{ include "common.release" . }}
- {{- if .Values.prometheus.enabled }}
- annotations:
- prometheus.io/scrape: "true"
- prometheus.io/path: 'manage/prometheus'
- prometheus.io/port: {{ .Values.managementPort | quote }}
- {{- end }}
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim}}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
- "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: DMI_PLUGIN_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "user-creds" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
- name: DMI_PLUGIN_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "user-creds" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
- name: SDNC_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "login") | indent 12 }}
- name: SDNC_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "password") | indent 12 }}
- name: CPS_CORE_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "core-creds" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-core-creds" "key" "login") | indent 12 }}
- name: CPS_CORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "core-creds" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-core-creds" "key" "password") | indent 12 }}
volumeMounts:
- mountPath: /config-input
name: init-data-input
- mountPath: /app/resources/application-helm.yml
subPath: application-helm.yml
name: init-data
- - mountPath: /app/resources/logback.xml
- subPath: logback.xml
- name: init-data
- mountPath: /tmp
name: init-temp
volumes:
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
\ No newline at end of file
# Secrets.
#################################################################
secrets:
- - uid: user-creds
+ - uid: app-user-creds
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
login: '{{ .Values.config.appUserName }}'
- uid: sdnc-creds
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
- login: '{{ .Values.config.sdncUser }}'
- password: '{{ .Values.config.sdncPassword }}'
+ login: '{{ .Values.config.sdnc.username }}'
+ password: '{{ .Values.config.sdnc.password }}'
passwordPolicy: required
- - uid: core-creds
+ - uid: cps-core-creds
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.coreCredsExternalSecret) . }}'
- login: '{{ .Values.config.coreUser }}'
- password: '{{ .Values.config.corePassword }}'
+ externalSecret: '{{ tpl (default "" .Values.config.cpsCore.credsExternalSecret) . }}'
+ login: '{{ .Values.config.cpsCore.username }}'
+ password: '{{ .Values.config.cpsCore.password }}'
passwordPolicy: generate
#################################################################
virtualhost:
baseurl: "simpledemo.onap.org"
-image: onap/ncmp-dmi-plugin:0.0.1
+image: onap/ncmp-dmi-plugin:1.0.0
containerPort: &svc_port 8080
managementPort: &mgt_port 8081
prometheus:
enabled: true
- interval: 60s
service:
type: ClusterIP
- name: ncmp-dmi-plugin
+ name: &svc_name ncmp-dmi-plugin
ports:
- name: &port http
port: *svc_port
port: *mgt_port
targetPort: *mgt_port
+metrics:
+ serviceMonitor:
+ enabled: true
+ port: management
+ ## specify target port if name is not given to the port in the service definition
+ ##
+ # targetPort: 8080
+ path: /manage/prometheus
+ interval: 60s
+ basicAuth:
+ enabled: false
+
pullPolicy: IfNotPresent
# flag to enable debugging - application support required
debugEnabled: false
service:
- baseaddr: "ncmp-dmi-plugin"
path: "/"
- name: "ncmp-dmi-plugin"
+ name: *svc_name
port: *svc_port
serviceAccount:
# REST API basic authentication credentials (passsword is generated if not provided)
appUserName: ncmpuser
+ #appUserPassword:
spring:
profile: helm
- #appUserPassword:
- sdncUser: admin
- sdncPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-
- coreUser: cpsuser
+ dmiServiceName: http://*svc_name:*svc_port
+ sdnc:
+ url: http://sdnc:8181
+ username: admin
+ password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ topologyId: topology-netconf
+ cpsCore:
+ url: http://cps-core:8080
+ username: cpsuser
+ #password:
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format insead of yaml.
readinessCheck:
wait_for:
- - cps-postgres
+ - cps-core
+
+minReadySeconds: 10
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
version: ~8.x-0
repository: '@local'
condition: cps-core.enabled
+ - name: cps-temporal
+ version: ~8.x-0
+ repository: '@local'
+ condition: cps-temporal.enabled
- name: ncmp-dmi-plugin
version: ~8.x-0
repository: '@local'
login: '{{ .Values.config.coreUserName }}'
password: '{{ .Values.config.coreUserPassword }}'
passwordPolicy: generate
-
+ - uid: dmi-plugin-user-creds
+ name: &dmi-plugin-creds-secret '{{ include "common.release" . }}-cps-dmi-plugin-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.dmiPluginUserExternalSecret) . }}'
+ login: '{{ .Values.config.dmiPluginUserName }}'
+ password: '{{ .Values.config.dmiPluginUserPassword }}'
+ passwordPolicy: generate
passwordStrengthOverride: basic
global:
config:
coreUserName: cpsuser
+ dmiPluginUserName: dmiuser
# Enable all CPS components by default
cps-core:
enabled: true
config:
appUserExternalSecret: *core-creds-secret
+ dmiPluginUserExternalSecret: *dmi-plugin-creds-secret
+
+cps-temporal:
+ enabled: true
ncmp-dmi-plugin:
enabled: true
config:
- coreCredsExternalSecret: *core-creds-secret
+ appUserExternalSecret: *dmi-plugin-creds-secret
+ cpsCore:
+ credsExternalSecret: *core-creds-secret
Policy-sync sidecar polls PolicyEngine (PDP) periodically based
on .Values.policies.duration and configuration retrieved is shared with
DCAE Microservice container by common volume. Policy can be retrieved based on
-list of policyID or filter. An optional policyRelease parameter can be specified
+list of policyID or filter. An optional policyRelease parameter can be specified
to override the default policy helm release (used for retreiving the secret containing
pdp username and password)
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.components.bbs-event-processor:2.1.0
+image: onap/org.onap.dcaegen2.services.components.bbs-event-processor:2.1.1
pullPolicy: Always
# Log directory where logging sidecar should look for log files
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.6.0
+image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.6.1
pullPolicy: Always
# Log directory where logging sidecar should look for log files
plain_port: 8100
port_protocol: http
+# Environment variables
+applicationEnv:
+# Empty path forces DFC to use Consul configuration, which allows app runtime reconfiguration.
+# It's a workaround because DMAAP specific env variables are not available in main container.
+ CBS_CLIENT_CONFIG_PATH: ''
+
# Initial Application Configuration
applicationConfig:
dmaap.certificateConfig.keyCert: /opt/app/datafile/etc/cert/cert.p12
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.datalakeadminui:1.1.0
+image: onap/org.onap.dcaegen2.services.datalakeadminui:1.1.1
# Log directory where logging sidecar should look for log files
# if absent, no sidecar will be deployed
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.heartbeat:2.2.0
+image: onap/org.onap.dcaegen2.services.heartbeat:2.3.1
pullPolicy: Always
# Log directory where logging sidecar should look for log files
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.9.0
+image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.9.1
pullPolicy: Always
# log directory where logging sidecar should look for log files
applicationEnv:
JAVA_OPTS: '-Dlogback.configurationFile=/etc/ONAP/dcae-hv-ves-collector/logback.xml'
+ CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
# Resource Limit flavor -By Default using small
flavor: small
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.components.kpi-ms:1.0.0
+image: onap/org.onap.dcaegen2.services.components.kpi-ms:1.0.1
pullPolicy: Always
# Log directory where logging sidecar should look for log files
tlsServer: true
enable_tls: true
+dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
+policies:
+ policyID: |
+ '["com.Config_KPIMS_CONFIG_POLICY"]'
+
# Dependencies
readinessCheck:
wait_for:
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.pm-mapper:1.7.0
+image: onap/org.onap.dcaegen2.services.pm-mapper:1.7.2
pullPolicy: Always
# Log directory where logging sidecar should look for log files
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.pmsh:1.3.1
+image: onap/org.onap.dcaegen2.services.pmsh:1.3.2
pullPolicy: Always
# Log directory where logging sidecar should look for log files
value: "Basic `echo -n ${AAI_USER}:${AAI_PASSWORD} | base64`"
# initial application configuration
-# Configuration used for in-app substitution must be defined as $${undefined}{<parameter>} under applicationConfig
-# inorder to get ${<parameter>} post envsubst (done part of dcae helm service-common templates)
applicationConfig:
dmaap.dmaapConsumerConfiguration.dmaapContentType: "application/json"
dmaap.dmaapConsumerConfiguration.consumerId: "c12"
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.0.4
+image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.0.6
# Log directory where logging sidecar should look for log files
# if absent, no sidecar will be deployed
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.son-handler:2.1.3
+image: onap/org.onap.dcaegen2.services.son-handler:2.1.4
pullPolicy: Always
# Log directory where logging sidecar should look for log files
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.0
+image: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.1
pullPolicy: Always
# log directory where logging sidecar should look for log files
# policyRelease: "onap"
# policyID: |
# '["onap.vfirewall.tca","onap.vdns.tca"]'
-# filter: |
-# '["DCAE.Config_vfirewall_.*"]'
+
aaiCreds:
user: DCAE
tca.aai.generic_vnf_path: aai/v11/network/generic-vnfs/generic-vnf
tca.aai.node_query_path: aai/v11/search/nodes-query
tca.aai.password: ${AAI_PASSWORD}
- tca.aai.url: http://aai
+ tca.aai.url: https://aai:8443
tca.aai.username: ${AAI_USERNAME}
tca.policy: '{"domain":"measurementsForVfScaling","metricsPerEventName":[{"eventName":"vFirewallBroadcastPackets","controlLoopSchemaType":"VM","policyScope":"DCAE","policyName":"DCAE.Config_tca-hi-lo","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedTotalPacketsDelta","thresholdValue":300,"direction":"LESS_OR_EQUAL","severity":"MAJOR","closedLoopEventStatus":"ONSET"},{"closedLoopControlName":"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedTotalPacketsDelta","thresholdValue":700,"direction":"GREATER_OR_EQUAL","severity":"CRITICAL","closedLoopEventStatus":"ONSET"}]},{"eventName":"vLoadBalancer","controlLoopSchemaType":"VM","policyScope":"DCAE","policyName":"DCAE.Config_tca-hi-lo","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedTotalPacketsDelta","thresholdValue":300,"direction":"GREATER_OR_EQUAL","severity":"CRITICAL","closedLoopEventStatus":"ONSET"}]},{"eventName":"Measurement_vGMUX","controlLoopSchemaType":"VNF","policyScope":"DCAE","policyName":"DCAE.Config_tca-hi-lo","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value","thresholdValue":0,"direction":"EQUAL","severity":"MAJOR","closedLoopEventStatus":"ABATED"},{"closedLoopControlName":"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value","thresholdValue":0,"direction":"GREATER","severity":"CRITICAL","closedLoopEventStatus":"ONSET"}]}]}'
tca.processing_batch_size: 10000
$ref: '#/components/schemas/SmfFunction-Multiple'
UpfFunction:
$ref: '#/components/schemas/UpfFunction-Multiple'
- N3iwfFunction:
+ N3iwfFunction:
$ref: '#/components/schemas/N3iwfFunction-Multiple'
PcfFunction:
$ref: '#/components/schemas/PcfFunction-Multiple'
$ref: '#/components/schemas/Configurable5QISet-Multiple'
Dynamic5QISet:
$ref: '#/components/schemas/Dynamic5QISet-Multiple'
-
+
AmfFunction-Single:
allOf:
- $ref: 'genericNrm.yaml#/components/schemas/Top-Attr'
configurable5QIs:
type: array
items:
- $ref: '#/components/schemas/FiveQICharacteristics'
-
+ $ref: '#/components/schemas/FiveQICharacteristics'
+
Dynamic5QISet-Single:
allOf:
- $ref: 'genericNrm.yaml#/components/schemas/Top-Attr'
dynamic5QIs:
type: array
items:
- $ref: '#/components/schemas/FiveQICharacteristics'
-
+ $ref: '#/components/schemas/FiveQICharacteristics'
+
GtpUPathQoSMonitoringControl-Single:
allOf:
- $ref: 'genericNrm.yaml#/components/schemas/Top-Attr'
predefinedPccRules:
type: array
items:
- $ref: '#/components/schemas/PccRule'
+ $ref: '#/components/schemas/PccRule'
#-------- Definition of JSON arrays for name-contained IOCs ----------------------
type: array
items:
$ref: '#/components/schemas/AmfRegion-Single'
-
+
EP_N2-Multiple:
type: array
items:
variables:
MnSRoot:
description: See subclause 4.4 of TS 32.158
- default: http://example.com/3GPPManagement
+ default: http://example.com/3GPPManagement
version:
description: Indicates the current version of the specification
default: 16.5.0
paths: {}
components:
schemas:
-
+
Float:
type: number
format: float
schemas:
#---- Definition of AlarmRecord ----------------------------------------------------#
-
+
AlarmId:
type: string
AlarmType:
type: string
#---- Definition of alarm notifications --------------------------------------------#
-
+
AlarmNotificationTypes:
type: string
enum:
- perceivedSeverity
- serviceUser
- serviceProvider
- - securityAlarmDetector
+ - securityAlarmDetector
properties:
alarmId:
$ref: '#/components/schemas/AlarmId'
$ref: '#/components/schemas/AlarmListAlignmentRequirement'
#---- Definition of query parameters -----------------------------------------------#
-
+
AlarmAckState:
type: string
enum:
- ALL_ACTIVE_AND_UNACKNOWLEDGED_ALARMS
- ALL_CLEARED_AND_UNACKNOWLEDGED_ALARMS
- ALL_UNACKNOWLEDGED_ALARMS
-
+
#---- Definition of patch documents ------------------------------------------------#
MergePatchAcknowledgeAlarm:
enum:
- FILE_BASED_LOC_SET_BY_PRODUCER
- FILE_BASED_LOC_SET_BY_CONSUMER
- - STREAM_BASED
+ - STREAM_BASED
monitorGranularityPeriods:
type: array
items:
type: integer
#-------- Definition of types used in Trace control NRM fragment------------------
-
+
tjJobType-Type:
type: string
description: Specifies whether the TraceJob represents only MDT, Logged MBSFN MDT, Trace or a combined Trace and MDT job. Applicable for Trace, MDT, RCEF and RLF reporting. See 3GPP TS 32.422 clause 5.9a for additional details.
required:
- TargetIdType
- TargetIdValue
-
+
tjTriggeringEvent-Type:
type: object
description: Specifies when to start a Trace Recording Session and which message shall be recorded first, when to stop a Trace Recording Session and which message shall be recorded last respectively. See 3GPP TS 32.422 clause 5.1 for additional detials.
required:
- NetworkElement
- EventBitmap
-
+
tjMDTAnonymizationOfData-Type:
description: Specifies level of MDT anonymization. For additional details see 3GPP TS 32.422 clause 5.10.12.
type: string
enum:
- NO_IDENTITY
- TAC_OF_IMEI
-
+
tjMDTAreaConfigurationForNeighCell-Type:
description: Used for logged NR MDT and defines the area for which UE is requested to perform measurement logging for neighbour cells which have list of frequencies. For additional details see 3GPP TS 32.422 clause 5.10.26.
type: array
type: string
cell:
type: string
-
+
tjMDTAreaScope-Type:
description: defines the area in terms or Cells or Tracking Area/Routing Area/Location Area where the MDT data collection shall take place. For additional details see 3GPP TS 32.422 clause 5.10.2.
allOf:
- $ref: 'comDefs.yaml#/components/schemas/DnList'
-
+
tjMDTCollectionPeriodRrmLte-Type:
description: See details in 3GPP TS 32.422 clause 5.10.20.
type: string
- 5120ms
- 10240ms
- 1min
-
+
tjMDTCollectionPeriodRrmNR-Type:
description: See details in 3GPP TS 32.422 clause 5.10.30.
type: string
type: integer
minimum: 0
maximum: 97
- EventThresholdRSRQ:
+ EventThresholdRSRQ:
type: integer
minimum: 0
maximum: 34
- 3600s
- 5400s
- 7200s
-
+
tjMDTLoggingInterval-Type:
description: See details in 3GPP TS 32.422 clause 5.10.8.
type: string
tjJobType:
$ref: '#/components/schemas/tjJobType-Type'
tjListOfInterfaces:
- $ref: '#/components/schemas/tjListOfInterfaces-Type'
+ $ref: '#/components/schemas/tjListOfInterfaces-Type'
tjListOfNeTypes:
$ref: '#/components/schemas/tjListOfNeTypes-Type'
tjPLMNTarget:
GGnbIdList:
type: array
- items:
+ items:
$ref: '#/components/schemas/GGnbId'
GEnbIdList:
type: array
- items:
+ items:
$ref: '#/components/schemas/GEnbId'
NrPci:
RSSetId:
type: integer
maximum: 4194303
-
+
RSSetType:
type: string
enum:
type: string
enum:
- ENABLE
- - DISABLE
+ - DISABLE
RIMRSScrambleTimerMultiplier:
type: integer
RIMRSScrambleTimerOffset:
type: string
enum:
- ENABLE
- - DISABLE
+ - DISABLE
enablenearfarIndicationRS2:
type: string
enum:
- ENABLE
- - DISABLE
+ - DISABLE
RimRSReportInfo:
type: object
- RS1
- RS2
- RS1forEnoughMitigation
- - RS1forNotEnoughMitigation
+ - RS1forNotEnoughMitigation
RimRSReportConf:
type: object
type: string
enum:
- ENABLE
- - DISABLE
+ - DISABLE
reportInterval:
type: integer
nrofRIMRSReportInfo:
- $ref: 'genericNrm.yaml#/components/schemas/Top-Attr'
- type: object
properties:
- attributes:
+ attributes:
type: object
properties:
dmroControl:
type: array
items:
$ref: '#/components/schemas/ExternalNrCellCu-Single'
-
+
ExternalENBFunction-Multiple:
type: array
items:
- $ref: '#/components/schemas/CommonBeamformingFunction-Single'
- $ref: '#/components/schemas/Beam-Single'
- $ref: '#/components/schemas/RRMPolicyRatio-Single'
-
+
- $ref: '#/components/schemas/NRCellRelation-Single'
- $ref: '#/components/schemas/EUtranCellRelation-Single'
- $ref: '#/components/schemas/NRFreqRelation-Single'
- $ref: '#/components/schemas/DPCIConfigurationFunction-Single'
- $ref: '#/components/schemas/CPCIConfigurationFunction-Single'
- $ref: '#/components/schemas/CESManagementFunction-Single'
-
+
- $ref: '#/components/schemas/RimRSGlobal-Single'
- $ref: '#/components/schemas/RimRSSet-Single'
-
+
- $ref: '#/components/schemas/ExternalGnbDuFunction-Single'
- $ref: '#/components/schemas/ExternalGnbCuUpFunction-Single'
- $ref: '#/components/schemas/ExternalGnbCuCpFunction-Single'
- $ref: '#/components/schemas/EP_NgU-Single'
- $ref: '#/components/schemas/EP_X2U-Single'
- $ref: '#/components/schemas/EP_S1U-Single'
-
+
description: >-
The open API server of the performance threshold monitoring service is
located in the consumer side, see monitoringNotifTarget attribute of
- the IOC ThresholdMonitor defined in 3GPP TS 28.622 [11].
+ the IOC ThresholdMonitor defined in 3GPP TS 28.622 [11].
default: http://example.com/3GPPManagement
paths:
/notificationSink:
ServiceProfile:
type: object
properties:
- serviceProfileId:
+ serviceProfileId:
type: string
plmnInfoList:
$ref: 'nrNrm.yaml#/components/schemas/PlmnInfoList'
type: array
items:
$ref: '#/components/schemas/ServiceProfile'
-
+
SliceProfileList:
type: array
items:
ipAddress:
$ref: '#/components/schemas/IpAddress'
logicInterfaceId:
- type: string
+ type: string
nextHopInfo:
- type: string
+ type: string
qosProfile:
- type: string
+ type: string
epApplicationRefs:
$ref: 'comDefs.yaml#/components/schemas/DnList'
-
+
#-------- Definition of JSON arrays for name-contained IOCs ----------------------
SubNetwork-Multiple:
type: array
disableNfsProvisioner: true
# application image
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.3.4
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.3.5
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
# Use to override default setting in blueprints
componentImages:
- tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.0
+ tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.1
ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.1
prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.1
- hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.9.0
+ hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.9.1
# Resource Limit flavor -By Default using small
flavor: small
# DCAE Cloudify Manager Chart
-This chart is used to deploy a containerized version of
+This chart is used to deploy a containerized version of
[Cloudify Manager](http://docs.getcloudify.org/4.3.0/intro/cloudify-manager/),
-the orchestration tool used by DCAE. DCAE uses Cloudify Manager ("CM") to
+the orchestration tool used by DCAE. DCAE uses Cloudify Manager ("CM") to
deploy the rest of the DCAE platform as well to deploy DCAE monitoring and
analytics services dynamically, in response to network events such as VNF startups.
-Deployment of CM is the first of two steps in deploying DCAE into ONAP. After this chart
-brings up CM, a second chart (the "bootstrap" chart) installs some plugin extensions onto CM
-and uses CM to deploy some DCAE components.
+Deployment of CM is the first of two steps in deploying DCAE into ONAP. After this chart
+brings up CM, a second chart (the "bootstrap" chart) installs some plugin extensions onto CM
+and uses CM to deploy some DCAE components.
## Prerequisites
The chart requires one Kubernetes secret to be available in the namespace where it is
## DCAE Namespace
DCAE will use CM deploy a number of containers into the ONAP Kubernetes cluster. In a production
environment, DCAE's dynamic deployment of monitoring and analytics services could result in dozens
-of containers being launched. This chart allows the configuration, through the `dcae_ns` property
+of containers being launched. This chart allows the configuration, through the `dcae_ns` property
in the `values.yaml` of a separate namespace used by CM when it needs to deploy containers into
Kubernetes. If `dcae_ns` is set, this chart will:
- - create the namespace.
+ - create the namespace.
- create the Docker registry key secret in the namespace.
- create some Kubernetes `Services` (of the `ExternalName` type) to map some addresses from the common namespace into the DCAE namespace.
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.platform.configbinding:2.5.3
+image: onap/org.onap.dcaegen2.platform.configbinding:2.5.4
pullPolicy: Always
# probe configuration parameters
{
- "appenders": {
- "out": {"type": "stdout"},
- "audit": {
- "type": "file",
- "filename": "log/audit.log",
- "maxLogSize": 10240000,
- "backups": 10,
- "layout": {
- "type": "messagePassThrough"
- }
- },
- "metrics": {
- "type": "file",
- "filename": "log/metrics.log",
- "maxLogSize": 10240000,
- "backups": 10,
- "layout": {
- "type": "messagePassThrough"
- }
- },
- "error": {"type": "stdout"},
- "debug": {"type": "stdout"}
- },
- "categories": {
- "default": {"appenders": ["out"], "level": "debug"},
- "audit": {"appenders": ["audit"], "level": "info"},
- "metrics": {"appenders": ["metrics"], "level": "info"},
- "error": {"appenders": ["error"], "level": "error"},
- "debug": {"appenders": ["debug"], "level": "debug"}
- }
+ "appenders": {
+ "out": {"type": "stdout"},
+ "audit": {
+ "type": "file",
+ "filename": "log/audit.log",
+ "maxLogSize": 10240000,
+ "backups": 10,
+ "layout": {
+ "type": "messagePassThrough"
+ }
+ },
+ "metrics": {
+ "type": "file",
+ "filename": "log/metrics.log",
+ "maxLogSize": 10240000,
+ "backups": 10,
+ "layout": {
+ "type": "messagePassThrough"
+ }
+ },
+ "error": {"type": "stdout"},
+ "debug": {"type": "stdout"}
+ },
+ "categories": {
+ "default": {"appenders": ["out"], "level": "debug"},
+ "audit": {"appenders": ["audit"], "level": "info"},
+ "metrics": {"appenders": ["metrics"], "level": "info"},
+ "error": {"appenders": ["error"], "level": "error"},
+ "debug": {"appenders": ["debug"], "level": "debug"}
+ }
}
\ No newline at end of file
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
value: {{ .Values.config.nifiJarsIndexURL }}
- name: NIFI_DCAE_DISTRIBUTOR_API_URL
value: {{ .Values.config.distributorAPIURL }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcaemod-designtool
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- name : ONBOARDING_API_URL
value: {{ .Values.config.onboardingAPIURL }}
resources: {{ include "common.resources" . | nindent 12 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcaemod-distributor-api
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
- mountPath: /www/data
name: genprocessor-data
readOnly: true
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: genprocessor-data
persistentVolumeClaim:
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcaemod-genprocessor
+ roles:
+ - read
+
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
value: {{ include "common.namespace" . }}
- name: HELM_RELEASE
value: {{ include "common.release" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-expected-components
configMap:
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcaemod-healthcheck
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dbsecret" "key" "login") | indent 12 }}
- name: NIFI_REGISTRY_DB_PASS
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dbsecret" "key" "password") | indent 12 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: flow-storage
persistentVolumeClaim:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcaemod-nifi-registry
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
value: "5432"
- name: PG_DB_NAME
value: dcae_onboarding_db
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcaemod-onboarding-api
+ roles:
+ - read
+
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
value: {{ .Values.config.bpResourcesCpuLimit }}
- name: BP_RESOURCES_MEMORY_LIMIT
value: {{ .Values.config.bpResourcesMemoryLimit }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcaemod-runtime-api
+ roles:
+ - read
+
# Service Dependencies
message-router depends on AAF
-dmaap-prov depends on AAF and Postgresql.
+dmaap-prov depends on AAF and Postgresql.
last (right-most) file specified. For example, if both myvalues.yaml and override.yaml
contained a key called 'Test', the value set in override.yaml would take precedence:
- $ helm deploy demo ./onap --namespace onap -f openstack.yaml -f overrides.yaml
+ $ helm deploy demo ./onap --namespace onap -f openstack.yaml -f overrides.yaml
You can specify the '--set' flag multiple times. The priority will be given to the
last (right-most) set specified. For example, if both 'bar' and 'newbar' values are
set for a key called 'foo', the 'newbar' value would take precedence:
- $ helm deploy demo local/onap --namespace onap -f overrides.yaml --set log.enabled=false --set vid.enabled=false
+ $ helm deploy demo local/onap --namespace onap -f overrides.yaml --set log.enabled=false --set vid.enabled=false
Usage:
helm deploy [RELEASE] [CHART] [flags]
# validate params
if [ -z "$1" ] || [ -z "$2" ]; then
usage
- exit 0
+ exit 1
fi
RELEASE=$1
fi
# determine if set-last-applied flag is enabled
SET_LAST_APPLIED="false"
- if expr"$FLAGS" : ".*--set-last-applied.*" ; then
+ if expr "$FLAGS" : ".*--set-last-applied.*" ; then
FLAGS="$(echo $FLAGS| sed -n 's/--set-last-applied//p')"
SET_LAST_APPLIED="true"
fi
else
echo "release \"${RELEASE}-${subchart}\" deployed"
fi
- # Add annotation last-applied-configuration if set-last-applied flag is set
+ # Add annotation last-applied-configuration if set-last-applied flag is set
if [ "$SET_LAST_APPLIED" = "true" ]; then
helm get manifest "${RELEASE}-${subchart}" \
| kubectl apply set-last-applied --create-annotation -n onap -f - \
- > $LOG_FILE.log 2>&1
+ > $LOG_FILE.log 2>&1
fi
fi
- if [ "$DELAY" = "true" ]; then
- echo sleep 3m
- sleep 180
- fi
+ if [ "$DELAY" = "true" ]; then
+ echo sleep 3m
+ sleep 180
+ fi
else
array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}"))
n=${#array[*]}
name: "deploy"
version: "1.0.0"
-usage: "install (upgrade if release exists) parent chart and subcharts as separate
+usage: "install (upgrade if release exists) parent chart and subcharts as separate
but related releases"
-description: "install (upgrade if release exists) parent charty and all subcharts as separate
+description: "install (upgrade if release exists) parent charty and all subcharts as separate
but related releases"
command: "$HELM_PLUGIN_DIR/deploy.sh"
\ No newline at end of file
name: "undeploy"
version: "1.0.0"
-usage: "delete parent chart and subcharts that were deployed as separate
+usage: "delete parent chart and subcharts that were deployed as separate
releases"
-description: "delete parent chart and subcharts that were deployed as separate
+description: "delete parent chart and subcharts that were deployed as separate
releases"
command: "$HELM_PLUGIN_DIR/undeploy.sh"
\ No newline at end of file
done
}
-if [ $# < 1 ]; then
+if [ -z "$1" ]; then
echo "Error: command 'undeploy' requires a release name"
- exit 0
+ exit 1
fi
case "${1:-"help"}" in
- name: certInitializer
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
value: {{ .Values.config.pgConfig.dbHost }}
- name: DB_PORT
value: "{{ .Values.config.pgConfig.dbPort }}"
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-config
configMap:
# Application configuration defaults.
#################################################################
# application image
-image: onap/holmes/engine-management:1.3.3
+image: onap/holmes/engine-management:9.0.0
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
cpu: 250m
memory: 1Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: holmes-engine-mgmt
+ roles:
+ - read
- name: certInitializer
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
value: {{ .Values.config.pgConfig.dbHost }}
- name: DB_PORT
value: "{{ .Values.config.pgConfig.dbPort }}"
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-config
configMap:
# Application configuration defaults.
#################################################################
# application image
-image: onap/holmes/rule-management:1.3.3
+image: onap/holmes/rule-management:9.0.0
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
cpu: 500m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: holmes-rule-mgmt
+ roles:
+ - read
if event.get("[mdcname]")
$num = event.get("[mdcname]").length
end
- if $num != 0
+ if $num != 0
until $i > $num do
if event.get("[mdcname]").at($i) and event.get("[mdcvalue]").at($i)
event.set(event.get("[mdcname]").at($i), event.get("[mdcvalue]").at($i))
end
$i=$i+1
end
- end
+ end
'
}
gsub => [
'message', ' = ', '=',
'message', '= ', '=null',
- 'message', '=\t', '=null ', #This null is followed by a tab
+ 'message', '=\t', '=null\t', #This null is followed by a tab
'message', '\t$', '\t'
]
}
"enable_ssl": {{ .Values.config.ssl_enabled }},
"visualRange":"1"
},
- {
+ {
"serviceName": "nsd",
"version": "v1",
"url": "/api/nsd/v1",
"enable_ssl": {{ .Values.config.ssl_enabled }},
"visualRange":"1"
},
- {
+ {
"serviceName": "vnfpkgm",
"version": "v1",
"url": "/api/vnfpkgm/v1",
+#!/bin/sh
+
#!/usr/bin/dumb-init /bin/sh
+# As of docker 1.13, using docker run --init achieves the same outcome than dumb-init.
+
set -e
set -x
-# Note above that we run dumb-init as PID 1 in order to reap zombie processes
-# as well as forward signals to all processes in its session. Normally, sh
-# wouldn't do either of these functions so we'd leak zombies as well as do
-# unclean termination of all our sub-processes.
-# As of docker 1.13, using docker run --init achieves the same outcome.
-
-# You can set CONSUL_BIND_INTERFACE to the name of the interface you'd like to
-# bind to and this will look up the IP and pass the proper -bind= option along
-# to Consul.
CONSUL_BIND=
if [ -n "$CONSUL_BIND_INTERFACE" ]; then
CONSUL_BIND_ADDRESS=$(ip -o -4 addr list $CONSUL_BIND_INTERFACE | head -n1 | awk '{print $4}' | cut -d/ -f1)
# You can also set the CONSUL_LOCAL_CONFIG environemnt variable to pass some
# Consul configuration JSON without having to bind any volumes.
if [ -n "$CONSUL_LOCAL_CONFIG" ]; then
- echo "$CONSUL_LOCAL_CONFIG" > "$CONSUL_CONFIG_DIR/local.json"
+ echo "$CONSUL_LOCAL_CONFIG" > "$CONSUL_CONFIG_DIR/local.json"
fi
# If the user is trying to run Consul directly with some arguments, then
<pattern>${auditPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFAudit" />
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
</logger>
-
+
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
<appender-ref ref="STDOUT" />
# Application configuration defaults.
#################################################################
# application image
-image: onap/msb/msb_discovery:1.2.6
+image: onap/msb/msb_discovery:1.3.0
pullPolicy: Always
istioSidecar: true
<pattern>${auditPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFAudit" />
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
</logger>
-
+
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
<appender-ref ref="STDOUT" />
# Application configuration defaults.
#################################################################
# application image
-image: onap/msb/msb_apigateway:1.2.7
+image: onap/msb/msb_apigateway:1.3.0
pullPolicy: Always
istioSidecar: true
<pattern>${auditPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFAudit" />
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
</logger>
-
+
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
<appender-ref ref="STDOUT" />
# Application configuration defaults.
#################################################################
# application image
-image: onap/msb/msb_apigateway:1.2.7
+image: onap/msb/msb_apigateway:1.3.0
pullPolicy: Always
istioSidecar: true
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/k8s:0.9.0
+image: onap/multicloud/k8s:0.9.1
pullPolicy: Always
# flag to enable debugging - application support required
targetPort: {{ .Values.service.internalPort }}
{{- end}}
protocol: TCP
-{{- if .Values.service.meshpeer.enabled }}
+{{- if .Values.service.meshpeer.enabled }}
- name: {{ .Values.service.meshpeer.portName }}
port: {{ .Values.service.meshpeer.port }}
targetPort: {{ .Values.service.meshpeer.port }}
-#!/bin/bash
+#!/bin/sh
{{/*
# Copyright © 2017 Amdocs, Bell Canada
"port": 6969,
"userName": "${RESTSERVER_USER}",
"password": "${RESTSERVER_PASSWORD}",
- "https": true
+ "https": true,
+ "prometheus": true
},
"pdpStatusParameters":{
"pdpGroup": "defaultGroup",
+++ /dev/null
-{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-{
- "javaProperties" : [
- ["javax.net.ssl.trustStore", "/opt/app/policy/apex-pdp/etc/ssl/policy-truststore"],
- ["javax.net.ssl.trustStorePassword", "${TRUSTSTORE_PASSWORD_BASE64}"]
- ],
- "engineServiceParameters": {
- "name": "MyApexEngine",
- "version": "0.0.1",
- "id": 45,
- "instanceCount": 4,
- "deploymentPort": 12345,
- "policyModelFileName": "examples/models/SampleDomain/SamplePolicyModelJAVASCRIPT.json",
- "engineParameters": {
- "executorParameters": {
- "JAVASCRIPT": {
- "parameterClassName": "org.onap.policy.apex.plugins.executor.javascript.JavascriptExecutorParameters"
- }
- }
- }
- },
- "eventOutputParameters": {
- "FirstProducer": {
- "carrierTechnologyParameters": {
- "carrierTechnology": "FILE",
- "parameters": {
- "standardIo": true
- }
- },
- "eventProtocolParameters": {
- "eventProtocol": "JSON"
- }
- }
- },
- "eventInputParameters": {
- "FirstConsumer": {
- "carrierTechnologyParameters": {
- "carrierTechnology": "FILE",
- "parameters": {
- "standardIo": true
- }
- },
- "eventProtocolParameters": {
- "eventProtocol": "JSON"
- }
- }
- }
-}
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-apex-pdp:2.5.2
+image: onap/policy-apex-pdp:2.6.0
pullPolicy: Always
# flag to enable debugging - application support required
"userName":"${RESTSERVER_USER}",
"password":"${RESTSERVER_PASSWORD}",
"https": true,
- "aaf": false
+ "aaf": false,
+ "prometheus": true
},
"databaseProviderParameters": {
"name": "PolicyProviderParameterGroup",
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-api:2.4.2
+image: onap/policy-api:2.5.0
pullPolicy: Always
# flag to enable debugging - application support required
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Policy Clamp Controlloop K8s Participant
+name: policy-clamp-cl-k8s-ppnt
+version: 8.0.0
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+spring:
+ security:
+ user:
+ name: ${RESTSERVER_USER}
+ password: ${RESTSERVER_PASSWORD}
+security:
+ enable-csrf: false
+
+participant:
+ localChartDirectory: /home/policy/local-charts
+ infoFileName: CHART_INFO.json
+ intermediaryParameters:
+ reportingTimeIntervalMs: 120000
+ description: Participant Description
+ participantId:
+ name: K8sParticipant0
+ version: 1.0.0
+ participantType:
+ name: org.onap.k8s.controlloop.K8SControlLoopParticipant
+ version: 2.3.4
+ clampControlLoopTopics:
+ topicSources:
+ -
+ topic: POLICY-CLRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ fetchTimeout: 15000
+ useHttps: true
+ topicSinks:
+ -
+ topic: POLICY-CLRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ useHttps: true
+
+server:
+ # Configuration of the HTTP/REST server. The parameters are defined and handled by the springboot framework.
+ # See springboot documentation.
+ port: 8083
+
+
\ No newline at end of file
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2021 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/k8s-participant/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/k8s-participant/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/k8s-participant/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/k8s-participant/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/k8s-participant/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/k8s-participant/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: cl-k8s-ppnt-config
+ - mountPath: /config
+ name: cl-k8s-ppnt-config-processed
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["sh","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ /opt/app/policy/clamp/bin/kubernetes-participant.sh /opt/app/policy/clamp/etc/mounted/KubernetesParticipantParameters.yaml"]
+{{- else }}
+ command: ["/opt/app/policy/clamp/bin/kubernetes-participant.sh"]
+ args: ["/opt/app/policy/clamp/etc/mounted/KubernetesParticipantParameters.yaml"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: cl-k8s-ppnt-config-processed
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
+ volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: cl-k8s-ppnt-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: cl-k8s-ppnt-config-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 304
+ persistence: {}
+ aafEnabled: true
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: restserver-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-clamp-cl-k8s-ppnt-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/policy-clamp-cl-k8s-ppnt:6.1.2
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+restServer:
+ user: participantUser
+ password: zb!XztG34
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http-api
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ port: http-api
+
+service:
+ type: ClusterIP
+ name: policy-clamp-cl-k8s-ppnt
+ useNodePortExt: true
+ ports:
+ - name: http-api
+ port: 8083
+ nodePort: 42
+
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-clamp-cl-k8s-ppnt
+ roles:
+ - create
flavor: small
# application image
-image: onap/policy-clamp-frontend:6.1.1
+image: onap/policy-clamp-frontend:6.1.2
pullPolicy: Always
# flag to enable debugging - application support required
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2020 AT&T Intellectual Property.
+# Modifications Copyright (C) 2021 Bell Canada. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
"port":6969,
"userName":"${RESTSERVER_USER}",
"password":"${RESTSERVER_PASSWORD}",
- "https":true
+ "https":true,
+ "prometheus": true
},
"receptionHandlerParameters":{
"SDCReceptionHandler":{
],
"consumerGroup": "policy-group",
"environmentName": "AUTO",
- "keystorePath": "null",
- "keystorePassword": "null",
+ "keyStorePath": "null",
+ "keyStorePassword": "null",
"activeserverTlsAuth": false,
"isFilterinEmptyResources": true,
"isUseHttpsWithDmaap": true
"parameterClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiForwarderParameters",
"parameters":{
"apiParameters": {
- "hostName": "policy-api",
- "port": 6969,
- "userName": "${API_USER}",
- "password": "${API_PASSWORD}"
- },
+ "clientName": "policy-api",
+ "hostname": "policy-api",
+ "port": 6969,
+ "userName": "${API_USER}",
+ "password": "${API_PASSWORD}",
+ "useHttps": true
+ },
"papParameters": {
- "hostName": "policy-pap",
- "port": 6969,
- "userName": "${PAP_USER}",
- "password": "${PAP_PASSWORD}"
+ "clientName": "policy-pap",
+ "hostname": "policy-pap",
+ "port": 6969,
+ "userName": "${PAP_USER}",
+ "password": "${PAP_PASSWORD}",
+ "useHttps": true
},
- "isHttps": true,
"deployPolicies": true
}
}
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-distribution:2.5.2
+image: onap/policy-distribution:2.6.0
pullPolicy: Always
# flag to enable debugging - application support required
{{/*
# Copyright © 2017-2018 Amdocs, Bell Canada.
# Modifications Copyright (C) 2018-2020 AT&T Intellectual Property.
+# Modifications Copyright (C) 2021 Bell Canada. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Relational (SQL) DB access
SQL_HOST={{ .Values.db.name }}
+SQL_PORT=3306
# AAF
AAF_NAMESPACE=org.onap.policy
AAF_HOST=aaf-locate.{{.Release.Namespace}}
+# HTTP Servers
+
+HTTP_SERVER_HTTPS=true
+PROMETHEUS=true
+
# PDP-D DMaaP configuration channel
PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION
# Open DMaaP
DMAAP_SERVERS=message-router
+DMAAP_HTTPS=true
# AAI
--- /dev/null
+#
+# ============LICENSE_START=======================================================
+# ONAP
+# ================================================================================
+# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+
+# system properties set within the application
+
+java.net.preferIPv4Stack=true
+
+# jmx
+
+com.sun.management.jmxremote.port=9991
+com.sun.management.jmxremote.authenticate=false
+com.sun.management.jmxremote.ssl=false
+
+# certs
+
+javax.net.ssl.trustStore=${envd:TRUSTSTORE:/opt/app/policy/etc/ssl/policy-truststore}
+javax.net.ssl.trustStorePassword=${envd:TRUSTSTORE_PASSWD}
+
+javax.net.ssl.keyStore=${envd:KEYSTORE}
+javax.net.ssl.keyStorePassword=${envd:KEYSTORE_PASSWD}
+
+# kie
+
+kie.maven.offline.force=${envd:REPOSITORY_OFFLINE:false}
+
+# symmetric key for sensitive configuration data
+
+engine.symm.key=${envd:SYMM_KEY}
<maxHistory>30</maxHistory>
<totalSizeCap>10GB</totalSizeCap>
</rollingPolicy>
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
+ <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
<encoder>
<pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
</encoder>
<maxHistory>30</maxHistory>
<totalSizeCap>10GB</totalSizeCap>
</rollingPolicy>
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
+ <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
<encoder>
<pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
</encoder>
</appender>
<appender name="MetricStdOut" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
+ <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
<encoder>
<pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
</encoder>
</appender>
<appender name="TransactionStdOut" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
+ <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
<encoder>
<pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
</encoder>
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs
+# Copyright © 2017, 2021 Bell Canada
# Modifications Copyright © 2018-2021 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pdpd-cl:1.8.2
+image: onap/policy-pdpd-cl:1.9.0
pullPolicy: Always
# flag to enable debugging - application support required
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Policy GUI
+name: policy-gui
+version: 8.0.0
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
--- /dev/null
+server {
+
+ listen 2443 default ssl;
+ ssl_protocols TLSv1.2;
+ {{ if .Values.global.aafEnabled }}
+ ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}};
+ ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}};
+ {{ else }}
+ ssl_certificate /etc/ssl/clamp.pem;
+ ssl_certificate_key /etc/ssl/clamp.key;
+ {{ end }}
+
+ ssl_verify_client optional_no_ca;
+ absolute_redirect off;
+
+ location / {
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+ try_files $uri $uri/ =404;
+ }
+
+ location /clamp/restservices/clds/ {
+ proxy_pass https://policy-clamp-be:8443/restservices/clds/;
+ proxy_set_header X-SSL-Cert $ssl_client_escaped_cert;
+ }
+
+ location = /50x.html {
+ root /var/lib/nginx/html;
+ }
+ error_page 500 502 503 504 /50x.html;
+ error_log /var/log/nginx/error.log warn;
+}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+ #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+ paths:
+ - /var/log/onap/*/*/*/*.log
+ - /var/log/onap/*/*/*.log
+ - /var/log/onap/*/*.log
+ #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+ ignore_older: 48h
+ # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+ clean_inactive: 96h
+
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
+
+
+output.logstash:
+ #List of logstash server ip addresses with port number.
+ #But, in our case, this will be the loadbalancer IP address.
+ #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
+ hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"]
+ #If enable will do load balancing among availabe Logstash, automatically.
+ loadbalance: true
+
+ #The list of root certificates for server verifications.
+ #If certificate_authorities is empty or not set, the trusted
+ #certificate authorities of the host system are used.
+ #ssl.certificate_authorities: $ssl.certificate_authorities
+
+ #The path to the certificate for SSL client authentication. If the certificate is not specified,
+ #client authentication is not available.
+ #ssl.certificate: $ssl.certificate
+
+ #The client certificate key used for client authentication.
+ #ssl.key: $ssl.key
+
+ #The passphrase used to decrypt an encrypted key stored in the configured key file
+ #ssl.key_passphrase: $ssl.key_passphrase
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+ http://{{ . }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ echo "Visit https://127.0.0.1:8443 to use your application"
+ kubectl port-forward $POD_NAME 8443:{{ .Values.service.internalPort }}
+{{- end }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{ include "common.log.configMap" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - policy-clamp-be
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ containers:
+ # side car containers
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
+ # main container
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - name: logs
+ mountPath: {{ .Values.log.path }}
+ - mountPath: /etc/nginx/conf.d/default.conf
+ name: {{ include "common.fullname" . }}-config
+ subPath: default.conf
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ items:
+ - key: default.conf
+ path: default.conf
+ - name: logs
+ emptyDir: {}
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.ingress" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+---
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global: # global defaults
+ nodePortPrefix: 304
+ centralizedLoggingEnabled: true
+ #AAF service
+ aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ keystoreFile: "org.onap.clamp.p12"
+ truststoreFile: "org.onap.clamp.trust.jks"
+ keyFile: "org.onap.clamp.keyfile"
+ truststoreFileONAP: "truststoreONAPall.jks"
+ clamp_key: "clamp.key"
+ clamp_pem: "clamp.pem"
+ clamp_ca_certs_pem: "clamp-ca-certs.pem"
+ nameOverride: policy-gui-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: clamp
+ fqi: clamp@clamp.onap.org
+ public_fqdn: clamp.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ cd {{ .Values.credsPath }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+ chmod a+rx *;
+
+subChartsOnly:
+ enabled: true
+
+flavor: small
+
+# application image
+image: onap/policy-gui:2.1.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# log configuration
+log:
+ path: /var/log/nginx/
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+config:
+ log:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+ dataRootDir: /dockerdata-nfs
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ timeoutSeconds: 3
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 3
+
+service:
+ type: NodePort
+ name: policy-gui
+ portName: policy-gui
+ internalPort: 2443
+ nodePort: 43
+
+ # see https://wiki.onap.org/display/DW/OOM+NodePort+List
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "policygui.api"
+ name: "policygui"
+ port: 2443
+ config:
+ ssl: "redirect"
+
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 200Mi
+ requests:
+ cpu: 1m
+ memory: 50Mi
+ large:
+ limits:
+ cpu: 1
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 50Mi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-gui
+ roles:
+ - read
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
+# Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
"userName":"${RESTSERVER_USER}",
"password":"${RESTSERVER_PASSWORD}",
"https": true,
- "aaf": false
+ "aaf": false,
+ "prometheus": true
},
"pdpParameters": {
"heartBeatMs": 120000,
"databasePassword": "${SQL_PASSWORD}",
"persistenceUnit": "PolicyMariaDb"
},
+ "savePdpStatisticsInDb": true,
"topicParameterGroup": {
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
"useHttps": true,
"fetchTimeout": 15000,
"topicCommInfrastructure" : "dmaap"
+ },
+ {
+ "topic" : "POLICY-HEARTBEAT",
+ "effectiveTopic": "POLICY-PDP-PAP",
+ "consumerGroup": "policy-pap",
+ "servers" : [ "message-router" ],
+ "useHttps": true,
+ "fetchTimeout": 15000,
+ "topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pap:2.4.2
+image: onap/policy-pap:2.5.0
pullPolicy: Always
# flag to enable debugging - application support required
"userName": "${RESTSERVER_USER}",
"password": "${RESTSERVER_PASSWORD}",
"https": true,
- "aaf": false
+ "aaf": false,
+ "prometheus": true
},
"policyApiParameters": {
- "host": "policy-api",
+ "hostname": "policy-api",
"port": 6969,
"userName": "${API_USER}",
"password": "${API_PASSWORD}",
- "https": true,
+ "useHttps": true,
"aaf": false
},
- "applicationPath": "/opt/app/policy/pdpx/apps",
+ "applicationParameters": {
+ "applicationPath": "/opt/app/policy/pdpx/apps"
+ },
"topicParameterGroup": {
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:2.4.2
+image: onap/policy-xacml-pdp:2.5.0
pullPolicy: Always
# flag to enable debugging - application support required
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018, 2020 AT&T
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
version: ~8.x-0
repository: 'file://components/policy-clamp-fe'
condition: policy-clamp-fe.enabled
+ - name: policy-clamp-cl-k8s-ppnt
+ version: ~8.x-0
+ repository: 'file://components/policy-clamp-cl-k8s-ppnt'
+ condition: policy-clamp-cl-k8s-ppnt.enabled
+ - name: policy-gui
+ version: ~8.x-0
+ repository: 'file://components/policy-gui'
+ condition: policy-gui.enabled
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
-for db in support onap_sdk log migration operationshistory10 pooling policyadmin policyclamp operationshistory
+for db in migration pooling policyadmin policyclamp operationshistory
do
- mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
- mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
done
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;"
--- /dev/null
+#!/bin/sh
+{{/*
+# Copyright (C) 2021 Nordix Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB}
+/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o upgrade
+rc=$?
+/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o report
+exit $rc
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/db.sh").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/*.sh").AsConfig . | indent 2 }}
{{/*
# Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2020 AT&T Intellectual Property
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- containers:
- name: {{ include "common.release" . }}-policy-galera-config
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadb.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: MYSQL_PORT
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
resources:
+{{ include "common.resources" . }}
+ containers:
+ - name: {{ include "common.release" . }}-policy-galera-db-migrator
+ image: {{ .Values.repository }}/{{ .Values.dbmigrator.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /dbcmd-config/db_migrator_policy_init.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: db_migrator_policy_init.sh
+ command:
+ - /bin/sh
+ args:
+ - -x
+ - /dbcmd-config/db_migrator_policy_init.sh
+ env:
+ - name: SQL_HOST
+ value: "{{ index .Values "mariadb-galera" "service" "name" }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: SQL_DB
+ value: {{ .Values.dbmigrator.schema }}
+ - name: POLICY_HOME
+ value: {{ .Values.dbmigrator.policy_home }}
+ resources:
{{ include "common.resources" . }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
items:
- key: db.sh
path: db.sh
+ - key: db_migrator_policy_init.sh
+ path: db_migrator_policy_init.sh
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
db: *dbSecretsHook
policy-clamp-fe:
enabled: true
+policy-clamp-cl-k8s-ppnt:
+ enabled: true
policy-nexus:
enabled: false
+policy-gui:
+ enabled: true
#################################################################
# DB configuration defaults.
mariadb:
image: mariadb:10.5.8
+dbmigrator:
+ image: onap/policy-db-migrator:2.3.0
+ schema: policyadmin
+ policy_home: "/opt/app/policy"
+
subChartsOnly:
enabled: true
restricted_app_role_id = 900
# Home Page index html
-home_page = /index.html
+home_page = /index.html
authentication_mechanism =DBAUTH
ONAP Portal\r
===================================================================\r
Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- Modifications Copyright © 2018 Amdocs, Bell Canada \r
+ Modifications Copyright © 2018 Amdocs, Bell Canada\r
====================================================================\r
Unless otherwise specified, all software contained herein is licensed\r
under the Apache License, Version 2.0 (the “License”);\r
<!DOCTYPE xml>\r
<configuration scan="true" scanPeriod="3 seconds" debug="true">\r
\r
- <!-- specify the component name -->\r
- <property name="componentName" value="onapportal"></property>\r
+ <!-- specify the component name -->\r
+ <property name="componentName" value="onapportal"></property>\r
\r
- <!-- specify the application name -->\r
+ <!-- specify the application name -->\r
<property name="application_name" value="Portal"></property>\r
- <!-- specify the base path of the log directory -->\r
- <property name="logDirPrefix" value="/var/log/onap"></property>\r
-\r
- <!-- The directories where logs are written -->\r
- <property name="logDirectory" value="${logDirPrefix}/${componentName}" />\r
- <!-- Can easily relocate debug logs by modifying this path. -->\r
- <property name="debugLogDirectory" value="${logDirPrefix}/${componentName}" />\r
-\r
- <!-- log file names -->\r
- <property name="generalLogName" value="application" />\r
- <property name="errorLogName" value="error" />\r
- <property name="metricsLogName" value="metrics" />\r
- <property name="auditLogName" value="audit" />\r
- <property name="debugLogName" value="debug" />\r
- <!-- These loggers are not used in code (yet). <property name="securityLogName"\r
- value="security" /> <property name="policyLogName" value="policy" /> <property\r
- name="performanceLogName" value="performance" /> <property name="serverLogName"\r
- value="server" /> -->\r
-\r
- <!-- ServerFQDN=Server, -->\r
- <property name="auditLoggerPattern"\r
- value="%X{AuditLogBeginTimestamp}|%X{AuditLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
-\r
- <property name="metricsLoggerPattern"\r
- value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
-\r
- <property name="errorLoggerPattern"\r
- value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ErrorCategory}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />\r
-\r
- <property name="defaultLoggerPattern"\r
- value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />\r
-\r
- <!-- use %class so library logging calls yield their class name -->\r
- <property name="applicationLoggerPattern"\r
- value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%class{36}| %msg%n" />\r
-\r
- <!--\r
- <property name="defaultPattern"\r
- value="%date{ISO8601}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}| %msg%n" />\r
- <property name="debugLoggerPattern"\r
- value="%date{ISO8601}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}| %msg%n" />\r
- -->\r
- <!-- <property name="debugLoggerPattern" value="%date{ISO8601}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{Timer}|[%caller{3}]|%msg%n"\r
- /> -->\r
- <!-- Example evaluator filter applied against console appender -->\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <pattern>${applicationLoggerPattern}</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <!-- ============================================================================ -->\r
- <!-- EELF Appenders -->\r
- <!-- ============================================================================ -->\r
-\r
- <!-- The EELFAppender is used to record events to the general application\r
- log -->\r
-\r
-\r
- <appender name="EELF"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${generalLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <!-- daily rollover -->\r
- <fileNamePattern>${logDirectory}/${generalLogName}.log.%d{yyyy-MM-dd}.zip\r
- </fileNamePattern>\r
- <maxHistory>30</maxHistory>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${applicationLoggerPattern}</pattern>\r
- </encoder>\r
- <filter class="org.openecomp.portalapp.portal.utils.CustomLoggingFilter" />\r
- </appender>\r
-\r
- <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize>\r
- <!-- Class name is part of caller data -->\r
- <includeCallerData>true</includeCallerData>\r
- <appender-ref ref="EELF" />\r
- </appender>\r
-\r
- <!-- EELF Security Appender. This appender is used to record security events\r
- to the security log file. Security events are separate from other loggers\r
- in EELF so that security log records can be captured and managed in a secure\r
- way separate from the other logs. This appender is set to never discard any\r
- events. -->\r
- <!-- <appender name="EELFSecurity" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${securityLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${securityLogName}.%i.log.zip </fileNamePattern>\r
- <minIndex>1</minIndex> <maxIndex>9</maxIndex> </rollingPolicy> <triggeringPolicy\r
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <maxFileSize>5MB</maxFileSize>\r
- </triggeringPolicy> <encoder> <pattern>${defaultPattern}</pattern> </encoder>\r
- </appender> <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize> <discardingThreshold>0</discardingThreshold> <appender-ref\r
- ref="EELFSecurity" /> </appender> -->\r
-\r
- <!-- EELF Performance Appender. This appender is used to record performance\r
- records. -->\r
- <!-- <appender name="EELFPerformance" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${performanceLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${performanceLogName}.%i.log.zip </fileNamePattern>\r
- <minIndex>1</minIndex> <maxIndex>9</maxIndex> </rollingPolicy> <triggeringPolicy\r
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <maxFileSize>5MB</maxFileSize>\r
- </triggeringPolicy> <encoder> <outputPatternAsHeader>true</outputPatternAsHeader>\r
- <pattern>${defaultPattern}</pattern> </encoder> </appender> <appender name="asyncEELFPerformance"\r
- class="ch.qos.logback.classic.AsyncAppender"> <queueSize>256</queueSize>\r
- <appender-ref ref="EELFPerformance" /> </appender> -->\r
-\r
- <!-- EELF Server Appender. This appender is used to record Server related\r
- logging events. The Server logger and appender are specializations of the\r
- EELF application root logger and appender. This can be used to segregate\r
- Server events from other components, or it can be eliminated to record these\r
- events as part of the application root log. -->\r
- <!-- <appender name="EELFServer" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${serverLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${serverLogName}.%i.log.zip </fileNamePattern>\r
- <minIndex>1</minIndex> <maxIndex>9</maxIndex> </rollingPolicy> <triggeringPolicy\r
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <maxFileSize>5MB</maxFileSize>\r
- </triggeringPolicy> <encoder> <pattern>${defaultPattern}</pattern> </encoder>\r
- </appender> <appender name="asyncEELFServer" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize> <appender-ref ref="EELFServer" /> </appender> -->\r
-\r
- <!-- EELF Policy Appender. This appender is used to record Policy engine\r
- related logging events. The Policy logger and appender are specializations\r
- of the EELF application root logger and appender. This can be used to segregate\r
- Policy engine events from other components, or it can be eliminated to record\r
- these events as part of the application root log. -->\r
- <!-- <appender name="EELFPolicy" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${policyLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${policyLogName}.%i.log.zip </fileNamePattern>\r
- <minIndex>1</minIndex> <maxIndex>9</maxIndex> </rollingPolicy> <triggeringPolicy\r
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <maxFileSize>5MB</maxFileSize>\r
- </triggeringPolicy> <encoder> <pattern>${defaultPattern}</pattern> </encoder>\r
- </appender> <appender name="asyncEELFPolicy" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize> <appender-ref ref="EELFPolicy" /> </appender> -->\r
-\r
- <!-- EELF Audit Appender. This appender is used to record audit engine related\r
- logging events. The audit logger and appender are specializations of the\r
- EELF application root logger and appender. This can be used to segregate\r
- Policy engine events from other components, or it can be eliminated to record\r
- these events as part of the application root log. -->\r
-\r
- <appender name="EELFAudit"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${auditLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <!-- daily roll over -->\r
- <fileNamePattern>${logDirectory}/${auditLogName}.log.%d{yyyy-MM-dd}.zip\r
- </fileNamePattern>\r
- <maxHistory>30</maxHistory>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${auditLoggerPattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize>\r
- <appender-ref ref="EELFAudit" />\r
- </appender>\r
-\r
- <appender name="EELFMetrics"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${metricsLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <!-- daily roll over -->\r
- <fileNamePattern>${logDirectory}/${metricsLogName}.log.%d{yyyy-MM-dd}.zip\r
- </fileNamePattern>\r
- <maxHistory>30</maxHistory>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${metricsLoggerPattern}</pattern>\r
- </encoder>\r
- </appender>\r
-\r
-\r
- <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize>\r
- <appender-ref ref="EELFMetrics" />\r
- </appender>\r
-\r
- <appender name="EELFError"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${errorLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <!-- daily roll over -->\r
- <fileNamePattern>${logDirectory}/${errorLogName}.log.%d{yyyy-MM-dd}.zip\r
- </fileNamePattern>\r
- <maxHistory>30</maxHistory>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${errorLoggerPattern}</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize>\r
- <appender-ref ref="EELFError" />\r
- </appender>\r
-\r
- <appender name="EELFDebug"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${debugLogDirectory}/${debugLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <!-- daily roll over -->\r
- <fileNamePattern>${logDirectory}/${debugLogName}.log.%d{yyyy-MM-dd}.zip\r
- </fileNamePattern>\r
- <maxHistory>30</maxHistory>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${defaultLoggerPattern}</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize>\r
- <appender-ref ref="EELFDebug" />\r
- <includeCallerData>true</includeCallerData>\r
- </appender>\r
-\r
-\r
- <!-- ============================================================================ -->\r
- <!-- EELF loggers -->\r
- <!-- ============================================================================ -->\r
- <logger name="com.att.eelf" level="info" additivity="false">\r
- <appender-ref ref="asyncEELF" />\r
- </logger>\r
-\r
- <!-- <logger name="com.att.eelf.security" level="info" additivity="false">\r
- <appender-ref ref="asyncEELFSecurity" /> </logger> <logger name="com.att.eelf.perf"\r
- level="info" additivity="false"> <appender-ref ref="asyncEELFPerformance"\r
- /> </logger> <logger name="com.att.eelf.server" level="info" additivity="false">\r
- <appender-ref ref="asyncEELFServer" /> </logger> <logger name="com.att.eelf.policy"\r
- level="info" additivity="false"> <appender-ref ref="asyncEELFPolicy" /> </logger> -->\r
-\r
- <logger name="EELFAudit" level="info" additivity="false">\r
- <appender-ref ref="asyncEELFAudit" />\r
- </logger>\r
-\r
- <logger name="EELFMetrics" level="info" additivity="false">\r
- <appender-ref ref="asyncEELFMetrics" />\r
- </logger>\r
-\r
- <logger name="EELFError" level="info" additivity="false">\r
- <appender-ref ref="asyncEELFError" />\r
- </logger>\r
-\r
- <logger name="com.att.eelf.debug" level="debug" additivity="false">\r
- <appender-ref ref="asyncEELFDebug" />\r
- </logger>\r
-\r
- <root level="INFO">\r
- <appender-ref ref="asyncEELF" />\r
- <appender-ref ref="STDOUT" />\r
- </root>\r
+ <!-- specify the base path of the log directory -->\r
+ <property name="logDirPrefix" value="/var/log/onap"></property>\r
+\r
+ <!-- The directories where logs are written -->\r
+ <property name="logDirectory" value="${logDirPrefix}/${componentName}" />\r
+ <!-- Can easily relocate debug logs by modifying this path. -->\r
+ <property name="debugLogDirectory" value="${logDirPrefix}/${componentName}" />\r
+\r
+ <!-- log file names -->\r
+ <property name="generalLogName" value="application" />\r
+ <property name="errorLogName" value="error" />\r
+ <property name="metricsLogName" value="metrics" />\r
+ <property name="auditLogName" value="audit" />\r
+ <property name="debugLogName" value="debug" />\r
+ <!-- These loggers are not used in code (yet). <property name="securityLogName"\r
+ value="security" /> <property name="policyLogName" value="policy" /> <property\r
+ name="performanceLogName" value="performance" /> <property name="serverLogName"\r
+ value="server" /> -->\r
+\r
+ <!-- ServerFQDN=Server, -->\r
+ <property name="auditLoggerPattern"\r
+ value="%X{AuditLogBeginTimestamp}|%X{AuditLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
+\r
+ <property name="metricsLoggerPattern"\r
+ value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
+\r
+ <property name="errorLoggerPattern"\r
+ value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ErrorCategory}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />\r
+\r
+ <property name="defaultLoggerPattern"\r
+ value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />\r
+\r
+ <!-- use %class so library logging calls yield their class name -->\r
+ <property name="applicationLoggerPattern"\r
+ value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%class{36}| %msg%n" />\r
+\r
+ <!--\r
+ <property name="defaultPattern"\r
+ value="%date{ISO8601}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}| %msg%n" />\r
+ <property name="debugLoggerPattern"\r
+ value="%date{ISO8601}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}| %msg%n" />\r
+ -->\r
+ <!-- <property name="debugLoggerPattern" value="%date{ISO8601}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{Timer}|[%caller{3}]|%msg%n"\r
+ /> -->\r
+ <!-- Example evaluator filter applied against console appender -->\r
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
+ <encoder>\r
+ <pattern>${applicationLoggerPattern}</pattern>\r
+ </encoder>\r
+ </appender>\r
+\r
+ <!-- ============================================================================ -->\r
+ <!-- EELF Appenders -->\r
+ <!-- ============================================================================ -->\r
+\r
+ <!-- The EELFAppender is used to record events to the general application\r
+ log -->\r
+\r
+\r
+ <appender name="EELF"\r
+ class="ch.qos.logback.core.rolling.RollingFileAppender">\r
+ <file>${logDirectory}/${generalLogName}.log</file>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <!-- daily rollover -->\r
+ <fileNamePattern>${logDirectory}/${generalLogName}.log.%d{yyyy-MM-dd}.zip\r
+ </fileNamePattern>\r
+ <maxHistory>30</maxHistory>\r
+ </rollingPolicy>\r
+ <encoder>\r
+ <pattern>${applicationLoggerPattern}</pattern>\r
+ </encoder>\r
+ <filter class="org.openecomp.portalapp.portal.utils.CustomLoggingFilter" />\r
+ </appender>\r
+\r
+ <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">\r
+ <queueSize>256</queueSize>\r
+ <!-- Class name is part of caller data -->\r
+ <includeCallerData>true</includeCallerData>\r
+ <appender-ref ref="EELF" />\r
+ </appender>\r
+\r
+ <!-- EELF Security Appender. This appender is used to record security events\r
+ to the security log file. Security events are separate from other loggers\r
+ in EELF so that security log records can be captured and managed in a secure\r
+ way separate from the other logs. This appender is set to never discard any\r
+ events. -->\r
+ <!-- <appender name="EELFSecurity" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
+ <file>${logDirectory}/${securityLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">\r
+ <fileNamePattern>${logDirectory}/${securityLogName}.%i.log.zip </fileNamePattern>\r
+ <minIndex>1</minIndex> <maxIndex>9</maxIndex> </rollingPolicy> <triggeringPolicy\r
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <maxFileSize>5MB</maxFileSize>\r
+ </triggeringPolicy> <encoder> <pattern>${defaultPattern}</pattern> </encoder>\r
+ </appender> <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender">\r
+ <queueSize>256</queueSize> <discardingThreshold>0</discardingThreshold> <appender-ref\r
+ ref="EELFSecurity" /> </appender> -->\r
+\r
+ <!-- EELF Performance Appender. This appender is used to record performance\r
+ records. -->\r
+ <!-- <appender name="EELFPerformance" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
+ <file>${logDirectory}/${performanceLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">\r
+ <fileNamePattern>${logDirectory}/${performanceLogName}.%i.log.zip </fileNamePattern>\r
+ <minIndex>1</minIndex> <maxIndex>9</maxIndex> </rollingPolicy> <triggeringPolicy\r
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <maxFileSize>5MB</maxFileSize>\r
+ </triggeringPolicy> <encoder> <outputPatternAsHeader>true</outputPatternAsHeader>\r
+ <pattern>${defaultPattern}</pattern> </encoder> </appender> <appender name="asyncEELFPerformance"\r
+ class="ch.qos.logback.classic.AsyncAppender"> <queueSize>256</queueSize>\r
+ <appender-ref ref="EELFPerformance" /> </appender> -->\r
+\r
+ <!-- EELF Server Appender. This appender is used to record Server related\r
+ logging events. The Server logger and appender are specializations of the\r
+ EELF application root logger and appender. This can be used to segregate\r
+ Server events from other components, or it can be eliminated to record these\r
+ events as part of the application root log. -->\r
+ <!-- <appender name="EELFServer" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
+ <file>${logDirectory}/${serverLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">\r
+ <fileNamePattern>${logDirectory}/${serverLogName}.%i.log.zip </fileNamePattern>\r
+ <minIndex>1</minIndex> <maxIndex>9</maxIndex> </rollingPolicy> <triggeringPolicy\r
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <maxFileSize>5MB</maxFileSize>\r
+ </triggeringPolicy> <encoder> <pattern>${defaultPattern}</pattern> </encoder>\r
+ </appender> <appender name="asyncEELFServer" class="ch.qos.logback.classic.AsyncAppender">\r
+ <queueSize>256</queueSize> <appender-ref ref="EELFServer" /> </appender> -->\r
+\r
+ <!-- EELF Policy Appender. This appender is used to record Policy engine\r
+ related logging events. The Policy logger and appender are specializations\r
+ of the EELF application root logger and appender. This can be used to segregate\r
+ Policy engine events from other components, or it can be eliminated to record\r
+ these events as part of the application root log. -->\r
+ <!-- <appender name="EELFPolicy" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
+ <file>${logDirectory}/${policyLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">\r
+ <fileNamePattern>${logDirectory}/${policyLogName}.%i.log.zip </fileNamePattern>\r
+ <minIndex>1</minIndex> <maxIndex>9</maxIndex> </rollingPolicy> <triggeringPolicy\r
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <maxFileSize>5MB</maxFileSize>\r
+ </triggeringPolicy> <encoder> <pattern>${defaultPattern}</pattern> </encoder>\r
+ </appender> <appender name="asyncEELFPolicy" class="ch.qos.logback.classic.AsyncAppender">\r
+ <queueSize>256</queueSize> <appender-ref ref="EELFPolicy" /> </appender> -->\r
+\r
+ <!-- EELF Audit Appender. This appender is used to record audit engine related\r
+ logging events. The audit logger and appender are specializations of the\r
+ EELF application root logger and appender. This can be used to segregate\r
+ Policy engine events from other components, or it can be eliminated to record\r
+ these events as part of the application root log. -->\r
+\r
+ <appender name="EELFAudit"\r
+ class="ch.qos.logback.core.rolling.RollingFileAppender">\r
+ <file>${logDirectory}/${auditLogName}.log</file>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <!-- daily roll over -->\r
+ <fileNamePattern>${logDirectory}/${auditLogName}.log.%d{yyyy-MM-dd}.zip\r
+ </fileNamePattern>\r
+ <maxHistory>30</maxHistory>\r
+ </rollingPolicy>\r
+ <encoder>\r
+ <pattern>${auditLoggerPattern}</pattern>\r
+ </encoder>\r
+ </appender>\r
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">\r
+ <queueSize>256</queueSize>\r
+ <appender-ref ref="EELFAudit" />\r
+ </appender>\r
+\r
+ <appender name="EELFMetrics"\r
+ class="ch.qos.logback.core.rolling.RollingFileAppender">\r
+ <file>${logDirectory}/${metricsLogName}.log</file>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <!-- daily roll over -->\r
+ <fileNamePattern>${logDirectory}/${metricsLogName}.log.%d{yyyy-MM-dd}.zip\r
+ </fileNamePattern>\r
+ <maxHistory>30</maxHistory>\r
+ </rollingPolicy>\r
+ <encoder>\r
+ <pattern>${metricsLoggerPattern}</pattern>\r
+ </encoder>\r
+ </appender>\r
+\r
+\r
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">\r
+ <queueSize>256</queueSize>\r
+ <appender-ref ref="EELFMetrics" />\r
+ </appender>\r
+\r
+ <appender name="EELFError"\r
+ class="ch.qos.logback.core.rolling.RollingFileAppender">\r
+ <file>${logDirectory}/${errorLogName}.log</file>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <!-- daily roll over -->\r
+ <fileNamePattern>${logDirectory}/${errorLogName}.log.%d{yyyy-MM-dd}.zip\r
+ </fileNamePattern>\r
+ <maxHistory>30</maxHistory>\r
+ </rollingPolicy>\r
+ <encoder>\r
+ <pattern>${errorLoggerPattern}</pattern>\r
+ </encoder>\r
+ </appender>\r
+\r
+ <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">\r
+ <queueSize>256</queueSize>\r
+ <appender-ref ref="EELFError" />\r
+ </appender>\r
+\r
+ <appender name="EELFDebug"\r
+ class="ch.qos.logback.core.rolling.RollingFileAppender">\r
+ <file>${debugLogDirectory}/${debugLogName}.log</file>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <!-- daily roll over -->\r
+ <fileNamePattern>${logDirectory}/${debugLogName}.log.%d{yyyy-MM-dd}.zip\r
+ </fileNamePattern>\r
+ <maxHistory>30</maxHistory>\r
+ </rollingPolicy>\r
+ <encoder>\r
+ <pattern>${defaultLoggerPattern}</pattern>\r
+ </encoder>\r
+ </appender>\r
+\r
+ <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">\r
+ <queueSize>256</queueSize>\r
+ <appender-ref ref="EELFDebug" />\r
+ <includeCallerData>true</includeCallerData>\r
+ </appender>\r
+\r
+\r
+ <!-- ============================================================================ -->\r
+ <!-- EELF loggers -->\r
+ <!-- ============================================================================ -->\r
+ <logger name="com.att.eelf" level="info" additivity="false">\r
+ <appender-ref ref="asyncEELF" />\r
+ </logger>\r
+\r
+ <!-- <logger name="com.att.eelf.security" level="info" additivity="false">\r
+ <appender-ref ref="asyncEELFSecurity" /> </logger> <logger name="com.att.eelf.perf"\r
+ level="info" additivity="false"> <appender-ref ref="asyncEELFPerformance"\r
+ /> </logger> <logger name="com.att.eelf.server" level="info" additivity="false">\r
+ <appender-ref ref="asyncEELFServer" /> </logger> <logger name="com.att.eelf.policy"\r
+ level="info" additivity="false"> <appender-ref ref="asyncEELFPolicy" /> </logger> -->\r
+\r
+ <logger name="EELFAudit" level="info" additivity="false">\r
+ <appender-ref ref="asyncEELFAudit" />\r
+ </logger>\r
+\r
+ <logger name="EELFMetrics" level="info" additivity="false">\r
+ <appender-ref ref="asyncEELFMetrics" />\r
+ </logger>\r
+\r
+ <logger name="EELFError" level="info" additivity="false">\r
+ <appender-ref ref="asyncEELFError" />\r
+ </logger>\r
+\r
+ <logger name="com.att.eelf.debug" level="debug" additivity="false">\r
+ <appender-ref ref="asyncEELFDebug" />\r
+ </logger>\r
+\r
+ <root level="INFO">\r
+ <appender-ref ref="asyncEELF" />\r
+ <appender-ref ref="STDOUT" />\r
+ </root>\r
\r
</configuration>\r
post_default_role_id = 1
#Enable Fusion Mobile capabilities for the application
-mobile_enable = false
+mobile_enable = false
cache_config_file_path = /WEB-INF/conf/cache.ccf
cache_switch = 1
cache_load_on_startup = false
-user_name = fullName
-decryption_key = AGLDdG4D04BKm2IxIWEr8o==
+user_name = fullName
+decryption_key = AGLDdG4D04BKm2IxIWEr8o==
#Cron Schedules
cron_site_name = one
log_cron = 0 * * * * ? *
-sessiontimeout_feed_cron = 0 0/5 * * * ? *
+sessiontimeout_feed_cron = 0 0/5 * * * ? *
#Front end URL
frontend_url = https://{{.Values.global.portalHostName}}:{{.Values.global.portalFEPort}}/ONAPPORTAL/applicationsHome
# This value must be generated and updated at the time of
# the deployment.
# Online Unique UUID generator - https://www.uuidgenerator.net/
-instance_uuid = 90bc9497-10e6-49fe-916b-dcdfaa972383
+instance_uuid = 90bc9497-10e6-49fe-916b-dcdfaa972383
-elastic_search_url = http://
-contact_us_link = http://
-user_guide_link = http://
+elastic_search_url = http://
+contact_us_link = http://
+user_guide_link = http://
# Contact Us page properties
-ush_ticket_url = http://
-feedback_email_address = portal@lists.onap.org
-portal_info_url = https://
+ush_ticket_url = http://
+feedback_email_address = portal@lists.onap.org
+portal_info_url = https://
#Online user bar refresh interval, in seconds
-online_user_update_rate = 30
+online_user_update_rate = 30
#Online user bar refresh total duration, in seconds
-online_user_update_duration = 300
+online_user_update_duration = 300
#authenticate user server
authenticate_user_server=http://{{.Values.global.portalHostName}}:8383/openid-connect-server-webapp/allUsers
===================================================================
Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
===================================================================
-
+
Unless otherwise specified, all software contained herein is licensed
under the Apache License, Version 2.0 (the "License");
you may not use this software except in compliance with the License.
You may obtain a copy of the License at
-
+
http://www.apache.org/licenses/LICENSE-2.0
-
+
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-
+
Unless otherwise specified, all documentation contained herein is licensed
under the Creative Commons License, Attribution 4.0 Intl. (the "License");
you may not use this documentation except in compliance with the License.
You may obtain a copy of the License at
-
+
https://creativecommons.org/licenses/by/4.0/
-
+
Unless required by applicable law or agreed to in writing, documentation
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-
+
============LICENSE_END============================================
-
-
+
+
-->
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
- <display-name>fusion</display-name>
-
- <!--
- <context-param>
- <param-name>log4jConfigLocation</param-name>
- <param-value>/WEB-INF/conf/log4j.properties</param-value>
- </context-param>
-
- <listener>
- <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
- </listener>
- -->
-
- <!-- The Portal app can function on a HA cluster -->
- <distributable/>
-
- <!-- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>/WEB-INF/oid-context.xml</param-value>
- </context-param>
-
- <listener>
- <listener-class>
- org.springframework.web.context.ContextLoaderListener
- </listener-class>
- </listener> -->
-
-
- <listener>
- <listener-class>org.onap.portalapp.portal.listener.UserSessionListener</listener-class>
- </listener>
- <!--
- <filter>
- <filter-name>springSessionRepositoryFilter</filter-name>
- <filter-class>org.onap.portalapp.music.filter.MusicSessionRepositoryFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>springSessionRepositoryFilter</filter-name>
- <url-pattern>/*</url-pattern>
- <dispatcher>REQUEST</dispatcher>
- <dispatcher>ERROR</dispatcher>
- </filter-mapping>
- -->
- <filter>
- <filter-name>CorsFilter</filter-name>
- <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
- <init-param>
- <param-name>cors.allowed.origins</param-name>
- <param-value>http://www.portal.onap.org:9200,http://www.portal.onap.org:9000</param-value>
- </init-param>
- <init-param>
- <param-name>cors.allowed.methods</param-name>
- <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
- </init-param>
- <init-param>
- <param-name>cors.allowed.headers</param-name>
- <param-value>EPService,JSESSIONID,X-ECOMP-RequestID,X-Widgets-Type,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
- </init-param>
- <init-param>
- <param-name>cors.exposed.headers</param-name>
- <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
- </init-param>
- <init-param>
- <param-name>cors.support.credentials</param-name>
- <param-value>true</param-value>
- </init-param>
- <init-param>
- <param-name>cors.preflight.maxage</param-name>
- <param-value>10</param-value>
- </init-param>
- </filter>
-
+ <display-name>fusion</display-name>
+
+ <!--
+ <context-param>
+ <param-name>log4jConfigLocation</param-name>
+ <param-value>/WEB-INF/conf/log4j.properties</param-value>
+ </context-param>
+
+ <listener>
+ <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
+ </listener>
+ -->
+
+ <!-- The Portal app can function on a HA cluster -->
+ <distributable/>
+
+ <!-- <context-param>
+ <param-name>contextConfigLocation</param-name>
+ <param-value>/WEB-INF/oid-context.xml</param-value>
+ </context-param>
+
+ <listener>
+ <listener-class>
+ org.springframework.web.context.ContextLoaderListener
+ </listener-class>
+ </listener> -->
+
+
+ <listener>
+ <listener-class>org.onap.portalapp.portal.listener.UserSessionListener</listener-class>
+ </listener>
+ <!--
+ <filter>
+ <filter-name>springSessionRepositoryFilter</filter-name>
+ <filter-class>org.onap.portalapp.music.filter.MusicSessionRepositoryFilter</filter-class>
+ </filter>
+ <filter-mapping>
+ <filter-name>springSessionRepositoryFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ <dispatcher>REQUEST</dispatcher>
+ <dispatcher>ERROR</dispatcher>
+ </filter-mapping>
+ -->
+ <filter>
+ <filter-name>CorsFilter</filter-name>
+ <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
+ <init-param>
+ <param-name>cors.allowed.origins</param-name>
+ <param-value>http://www.portal.onap.org:9200,http://www.portal.onap.org:9000</param-value>
+ </init-param>
+ <init-param>
+ <param-name>cors.allowed.methods</param-name>
+ <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
+ </init-param>
+ <init-param>
+ <param-name>cors.allowed.headers</param-name>
+ <param-value>EPService,JSESSIONID,X-ECOMP-RequestID,X-Widgets-Type,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
+ </init-param>
+ <init-param>
+ <param-name>cors.exposed.headers</param-name>
+ <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
+ </init-param>
+ <init-param>
+ <param-name>cors.support.credentials</param-name>
+ <param-value>true</param-value>
+ </init-param>
+ <init-param>
+ <param-name>cors.preflight.maxage</param-name>
+ <param-value>10</param-value>
+ </init-param>
+ </filter>
+
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
-
- <filter>
- <filter-name>SecurityXssFilter</filter-name>
- <filter-class>org.onap.portalapp.filter.SecurityXssFilter</filter-class>
- </filter>
-
- <filter-mapping>
- <filter-name>SecurityXssFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-<!-- <filter> -->
-<!-- <filter-name>CadiAuthFilter</filter-name> -->
-<!-- <filter-class>org.onap.portalsdk.core.onboarding.crossapi.CadiAuthFilter</filter-class> -->
-<!-- <init-param> -->
-<!-- <param-name>cadi_prop_files</param-name> -->
+
+ <filter>
+ <filter-name>SecurityXssFilter</filter-name>
+ <filter-class>org.onap.portalapp.filter.SecurityXssFilter</filter-class>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>SecurityXssFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+<!-- <filter> -->
+<!-- <filter-name>CadiAuthFilter</filter-name> -->
+<!-- <filter-class>org.onap.portalsdk.core.onboarding.crossapi.CadiAuthFilter</filter-class> -->
+<!-- <init-param> -->
+<!-- <param-name>cadi_prop_files</param-name> -->
<!-- Add Absolute path of cadi.properties -->
-<!-- <param-value>{Path}/cadi.properties -->
-<!-- </param-value> -->
-<!-- </init-param> -->
+<!-- <param-value>{Path}/cadi.properties -->
+<!-- </param-value> -->
+<!-- </init-param> -->
<!-- Add param values with comma delimited values -->
-<!-- <init-param> -->
-<!-- <param-name>include_url_endpoints</param-name> -->
-<!-- <param-value>/auxapi/*</param-value> -->
-<!-- </init-param> -->
-<!-- <init-param> -->
-<!-- <param-name>exclude_url_endpoints</param-name> -->
-<!-- <param-value>/api/v3/analytics,/api/v3/storeAnalytics</param-value> -->
-<!-- </init-param> -->
-<!-- </filter> -->
-<!-- <filter-mapping> -->
-<!-- <filter-name>CadiAuthFilter</filter-name> -->
-<!-- <url-pattern>/auxapi/v3/*</url-pattern> -->
-<!-- </filter-mapping> -->
-<!-- <filter-mapping> -->
-<!-- <filter-name>CadiAuthFilter</filter-name> -->
-<!-- <url-pattern>/auxapi/v4/*</url-pattern> -->
-
-<!-- </filter-mapping> -->
+<!-- <init-param> -->
+<!-- <param-name>include_url_endpoints</param-name> -->
+<!-- <param-value>/auxapi/*</param-value> -->
+<!-- </init-param> -->
+<!-- <init-param> -->
+<!-- <param-name>exclude_url_endpoints</param-name> -->
+<!-- <param-value>/api/v3/analytics,/api/v3/storeAnalytics</param-value> -->
+<!-- </init-param> -->
+<!-- </filter> -->
+<!-- <filter-mapping> -->
+<!-- <filter-name>CadiAuthFilter</filter-name> -->
+<!-- <url-pattern>/auxapi/v3/*</url-pattern> -->
+<!-- </filter-mapping> -->
+<!-- <filter-mapping> -->
+<!-- <filter-name>CadiAuthFilter</filter-name> -->
+<!-- <url-pattern>/auxapi/v4/*</url-pattern> -->
+
+<!-- </filter-mapping> -->
</web-app>
'replication_factor': 1\r
}\r
AND DURABLE_WRITES = true;\r
- \r
+\r
CREATE TABLE IF NOT EXISTS admin.keyspace_master (\r
uuid uuid,\r
keyspace_name text,\r
AND min_index_interval = 128\r
AND read_repair_chance = 0.0\r
AND speculative_retry = '99PERCENTILE';\r
- \r
+\r
\r
\r
CREATE KEYSPACE IF NOT EXISTS portalsdk\r
# logging functions
mysql_log() {
- local type="$1"; shift
- printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*"
+ local type="$1"; shift
+ printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*"
}
mysql_note() {
- mysql_log Note "$@"
+ mysql_log Note "$@"
}
mysql_warn() {
- mysql_log Warn "$@" >&2
+ mysql_log Warn "$@" >&2
}
mysql_error() {
- mysql_log ERROR "$@" >&2
- exit 1
+ mysql_log ERROR "$@" >&2
+ exit 1
}
# usage: file_env VAR [DEFAULT]
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
- local var="$1"
- local fileVar="${var}_FILE"
- local def="${2:-}"
- if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
- mysql_error "Both $var and $fileVar are set (but are exclusive)"
- fi
- local val="$def"
- # val="${!var}"
- # val="$(< "${!fileVar}")"
- # eval replacement of the bashism equivalents above presents no security issue here
- # since var and fileVar variables contents are derived from the file_env() function arguments.
- # This method is only called inside this script with a limited number of possible values.
- if [ "${!var:-}" ]; then
- eval val=\$$var
- elif [ "${!fileVar:-}" ]; then
- val="$(< "$(eval echo "\$$fileVar")")"
- fi
- export "$var"="$val"
- unset "$fileVar"
+ local var="$1"
+ local fileVar="${var}_FILE"
+ local def="${2:-}"
+ if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+ mysql_error "Both $var and $fileVar are set (but are exclusive)"
+ fi
+ local val="$def"
+ # val="${!var}"
+ # val="$(< "${!fileVar}")"
+ # eval replacement of the bashism equivalents above presents no security issue here
+ # since var and fileVar variables contents are derived from the file_env() function arguments.
+ # This method is only called inside this script with a limited number of possible values.
+ if [ "${!var:-}" ]; then
+ eval val=\$$var
+ elif [ "${!fileVar:-}" ]; then
+ val="$(< "$(eval echo "\$$fileVar")")"
+ fi
+ export "$var"="$val"
+ unset "$fileVar"
}
# check to see if this file is being run or sourced from another script
_is_sourced() {
- # https://unix.stackexchange.com/a/215279
- [ "${#FUNCNAME[@]}" -ge 2 ] \
- && [ "${FUNCNAME[0]}" = '_is_sourced' ] \
- && [ "${FUNCNAME[1]}" = 'source' ]
+ # https://unix.stackexchange.com/a/215279
+ [ "${#FUNCNAME[@]}" -ge 2 ] \
+ && [ "${FUNCNAME[0]}" = '_is_sourced' ] \
+ && [ "${FUNCNAME[1]}" = 'source' ]
}
# usage: docker_process_init_files [file [file [...]]]
# ie: docker_process_init_files /always-initdb.d/*
# process initializer files, based on file extensions
docker_process_init_files() {
- # mysql here for backwards compatibility "${mysql[@]}"
- mysql=( docker_process_sql )
-
- echo
- local f
- for f; do
- case "$f" in
- *.sh)
- # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
- # https://github.com/docker-library/postgres/pull/452
- if [ -x "$f" ]; then
- mysql_note "$0: running $f"
- "$f"
- else
- mysql_note "$0: sourcing $f"
- . "$f"
- fi
- ;;
- *.sql) mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;;
- *.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
- *.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;;
- *) mysql_warn "$0: ignoring $f" ;;
- esac
- echo
- done
+ # mysql here for backwards compatibility "${mysql[@]}"
+ mysql=( docker_process_sql )
+
+ echo
+ local f
+ for f; do
+ case "$f" in
+ *.sh)
+ # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
+ # https://github.com/docker-library/postgres/pull/452
+ if [ -x "$f" ]; then
+ mysql_note "$0: running $f"
+ "$f"
+ else
+ mysql_note "$0: sourcing $f"
+ . "$f"
+ fi
+ ;;
+ *.sql) mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;;
+ *.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
+ *.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;;
+ *) mysql_warn "$0: ignoring $f" ;;
+ esac
+ echo
+ done
}
mysql_check_config() {
- local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors
- if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
- mysql_error "$(printf 'mysqld failed while attempting to check config\n\tcommand was: ')${toRun[*]}$(printf'\n\t')$errors"
- fi
+ local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors
+ if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
+ mysql_error "$(printf 'mysqld failed while attempting to check config\n\tcommand was: ')${toRun[*]}$(printf'\n\t')$errors"
+ fi
}
# Fetch value from server config
# We use mysqld --verbose --help instead of my_print_defaults because the
# latter only show values present in config files, and not server defaults
mysql_get_config() {
- local conf="$1"; shift
- "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \
- | awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
- # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)"
+ local conf="$1"; shift
+ "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \
+ | awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
+ # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)"
}
# Do a temporary startup of the MySQL server, for init purposes
docker_temp_server_start() {
- "$@" --skip-networking --socket="${SOCKET}" &
- mysql_note "Waiting for server startup"
- local i
- for i in $(seq 30 -1 0); do
- # only use the root password if the database has already been initializaed
- # so that it won't try to fill in a password file when it hasn't been set yet
- extraArgs=""
- if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
- extraArgs=${extraArgs}" --dont-use-mysql-root-password"
- fi
- if echo 'SELECT 1' |docker_process_sql ${extraArgs} --database=mysql >/dev/null 2>&1; then
- break
- fi
- sleep 1
- done
- if [ "$i" = 0 ]; then
- mysql_error "Unable to start server."
- fi
+ "$@" --skip-networking --socket="${SOCKET}" &
+ mysql_note "Waiting for server startup"
+ local i
+ for i in $(seq 30 -1 0); do
+ # only use the root password if the database has already been initializaed
+ # so that it won't try to fill in a password file when it hasn't been set yet
+ extraArgs=""
+ if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+ extraArgs=${extraArgs}" --dont-use-mysql-root-password"
+ fi
+ if echo 'SELECT 1' |docker_process_sql ${extraArgs} --database=mysql >/dev/null 2>&1; then
+ break
+ fi
+ sleep 1
+ done
+ if [ "$i" = 0 ]; then
+ mysql_error "Unable to start server."
+ fi
}
# Stop the server. When using a local socket file mysqladmin will block until
# the shutdown is complete.
docker_temp_server_stop() {
- if ! mysqladmin --defaults-extra-file=<( _mysql_passfile ) shutdown -uroot --socket="${SOCKET}"; then
- mysql_error "Unable to shut down server."
- fi
+ if ! mysqladmin --defaults-extra-file=<( _mysql_passfile ) shutdown -uroot --socket="${SOCKET}"; then
+ mysql_error "Unable to shut down server."
+ fi
}
# Verify that the minimally required password settings are set for new databases.
docker_verify_minimum_env() {
- if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- mysql_error "$(printf'Database is uninitialized and password option is not specified\n\tYou need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD')"
- fi
+ if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+ mysql_error "$(printf'Database is uninitialized and password option is not specified\n\tYou need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD')"
+ fi
}
# creates folders for the database
# also ensures permission for user mysql of run as root
docker_create_db_directories() {
- local user; user="$(id -u)"
+ local user; user="$(id -u)"
- # TODO other directories that are used by default? like /var/lib/mysql-files
- # see https://github.com/docker-library/mysql/issues/562
- mkdir -p "$DATADIR"
+ # TODO other directories that are used by default? like /var/lib/mysql-files
+ # see https://github.com/docker-library/mysql/issues/562
+ mkdir -p "$DATADIR"
- if [ "$user" = "0" ]; then
- # this will cause less disk access than `chown -R`
- find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
- fi
+ if [ "$user" = "0" ]; then
+ # this will cause less disk access than `chown -R`
+ find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
+ fi
}
# initializes the database directory
docker_init_database_dir() {
- mysql_note "Initializing database files"
- installArgs=" --datadir=$DATADIR --rpm "
- if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then
- # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
- # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
- # (this flag doesn't exist in 10.0 and below)
- installArgs=${installArgs}" --auth-root-authentication-method=normal"
- fi
- # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
- mysql_install_db ${installArgs} "$(echo ${@} | sed 's/^ *[^ ]* *//')"
- mysql_note "Database files initialized"
+ mysql_note "Initializing database files"
+ installArgs=" --datadir=$DATADIR --rpm "
+ if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then
+ # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
+ # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
+ # (this flag doesn't exist in 10.0 and below)
+ installArgs=${installArgs}" --auth-root-authentication-method=normal"
+ fi
+ # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
+ mysql_install_db ${installArgs} "$(echo ${@} | sed 's/^ *[^ ]* *//')"
+ mysql_note "Database files initialized"
}
# Loads various settings that are used elsewhere in the script
# This should be called after mysql_check_config, but before any other functions
docker_setup_env() {
- # Get config
- declare -g DATADIR SOCKET
- DATADIR="$(mysql_get_config 'datadir' "$@")"
- SOCKET="$(mysql_get_config 'socket' "$@")"
-
- # Initialize values that might be stored in a file
- file_env 'MYSQL_ROOT_HOST' '%'
- file_env 'MYSQL_DATABASE'
- file_env 'MYSQL_USER'
- file_env 'MYSQL_PASSWORD'
- file_env 'MYSQL_ROOT_PASSWORD'
- file_env 'PORTAL_DB_TABLES'
-
- declare -g DATABASE_ALREADY_EXISTS
- if [ -d "$DATADIR/mysql" ]; then
- DATABASE_ALREADY_EXISTS='true'
- fi
+ # Get config
+ declare -g DATADIR SOCKET
+ DATADIR="$(mysql_get_config 'datadir' "$@")"
+ SOCKET="$(mysql_get_config 'socket' "$@")"
+
+ # Initialize values that might be stored in a file
+ file_env 'MYSQL_ROOT_HOST' '%'
+ file_env 'MYSQL_DATABASE'
+ file_env 'MYSQL_USER'
+ file_env 'MYSQL_PASSWORD'
+ file_env 'MYSQL_ROOT_PASSWORD'
+ file_env 'PORTAL_DB_TABLES'
+
+ declare -g DATABASE_ALREADY_EXISTS
+ if [ -d "$DATADIR/mysql" ]; then
+ DATABASE_ALREADY_EXISTS='true'
+ fi
}
# Execute sql script, passed via stdin
# ie: docker_process_sql --database=mydb <<<'INSERT ...'
# ie: docker_process_sql --dont-use-mysql-root-password --database=mydb <my-file.sql
docker_process_sql() {
- passfileArgs=""
- if [ '--dont-use-mysql-root-password' = "$1" ]; then
- passfileArgs=${passfileArgs}" $1"
- shift
- fi
- # args sent in can override this db, since they will be later in the command
- if [ -n "$MYSQL_DATABASE" ]; then
- set -- --database="$MYSQL_DATABASE" "$@"
- fi
-
- mysql --defaults-extra-file=<( _mysql_passfile ${passfileArgs}) --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@"
+ passfileArgs=""
+ if [ '--dont-use-mysql-root-password' = "$1" ]; then
+ passfileArgs=${passfileArgs}" $1"
+ shift
+ fi
+ # args sent in can override this db, since they will be later in the command
+ if [ -n "$MYSQL_DATABASE" ]; then
+ set -- --database="$MYSQL_DATABASE" "$@"
+ fi
+
+ mysql --defaults-extra-file=<( _mysql_passfile ${passfileArgs}) --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@"
}
# Initializes database with timezone info and root password, plus optional extra db/user
docker_setup_db() {
- # Load timezone info into database
- if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
- {
- # Aria in 10.4+ is slow due to "transactional" (crash safety)
- # https://jira.mariadb.org/browse/MDEV-23326
- # https://github.com/docker-library/mariadb/issues/262
- local tztables=( time_zone time_zone_leap_second time_zone_name time_zone_transition time_zone_transition_type )
- for table in "${tztables[@]}"; do
- echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=0 */;"
- done
-
- # sed is for https://bugs.mysql.com/bug.php?id=20545
- mysql_tzinfo_to_sql /usr/share/zoneinfo \
- | sed 's/Local time zone must be set--see zic manual page/FCTY/'
-
- for table in "${tztables[@]}"; do
- echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=1 */;"
- done
- } | docker_process_sql --dont-use-mysql-root-password --database=mysql
- # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is not set yet
- fi
- # Generate random root password
- if [ -n "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
- mysql_note "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
- fi
- # Sets root password and creates root users for non-localhost hosts
- local rootCreate=
- # default root to listen for connections from anywhere
- if [ -n "$MYSQL_ROOT_HOST" ] && [ "$MYSQL_ROOT_HOST" != 'localhost' ]; then
- # no, we don't care if read finds a terminating character in this heredoc
- # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
- read -r -d '' rootCreate <<-EOSQL || true
- CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
- GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
- EOSQL
- fi
-
- # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is just now being set
- docker_process_sql --dont-use-mysql-root-password --database=mysql <<-EOSQL
- -- What's done in this file shouldn't be replicated
- -- or products like mysql-fabric won't work
- SET @@SESSION.SQL_LOG_BIN=0;
-
- DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mariadb.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
- SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
- -- 10.1: https://github.com/MariaDB/server/blob/d925aec1c10cebf6c34825a7de50afe4e630aff4/scripts/mysql_secure_installation.sh#L347-L365
- -- 10.5: https://github.com/MariaDB/server/blob/00c3a28820c67c37ebbca72691f4897b57f2eed5/scripts/mysql_secure_installation.sh#L351-L369
- DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' ;
-
- GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
- FLUSH PRIVILEGES ;
- ${rootCreate}
- DROP DATABASE IF EXISTS test ;
- EOSQL
-
- # Creates a custom database and user if specified
- if [ -n "$MYSQL_DATABASE" ]; then
- mysql_note "Creating database ${MYSQL_DATABASE}"
- echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" |docker_process_sql --database=mysql
- fi
-
- if [ -n "$MYSQL_USER" ] && [ -n "$MYSQL_PASSWORD" ]; then
- mysql_note "Creating user ${MYSQL_USER}"
- echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" |docker_process_sql --database=mysql
-
- if [ -n "$MYSQL_DATABASE" ]; then
- mysql_note "Giving user ${MYSQL_USER} access to schema ${MYSQL_DATABASE}"
- echo "GRANT ALL ON \`$(echo $MYSQL_DATABASE | sed 's@_@\\_@g')\`.* TO '$MYSQL_USER'@'%' ;" | docker_process_sql --database=mysql
- fi
-
- echo "FLUSH PRIVILEGES ;" | docker_process_sql --database=mysql
- fi
+ # Load timezone info into database
+ if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
+ {
+ # Aria in 10.4+ is slow due to "transactional" (crash safety)
+ # https://jira.mariadb.org/browse/MDEV-23326
+ # https://github.com/docker-library/mariadb/issues/262
+ local tztables=( time_zone time_zone_leap_second time_zone_name time_zone_transition time_zone_transition_type )
+ for table in "${tztables[@]}"; do
+ echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=0 */;"
+ done
+
+ # sed is for https://bugs.mysql.com/bug.php?id=20545
+ mysql_tzinfo_to_sql /usr/share/zoneinfo \
+ | sed 's/Local time zone must be set--see zic manual page/FCTY/'
+
+ for table in "${tztables[@]}"; do
+ echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=1 */;"
+ done
+ } | docker_process_sql --dont-use-mysql-root-password --database=mysql
+ # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is not set yet
+ fi
+ # Generate random root password
+ if [ -n "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+ export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
+ mysql_note "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
+ fi
+ # Sets root password and creates root users for non-localhost hosts
+ local rootCreate=
+ # default root to listen for connections from anywhere
+ if [ -n "$MYSQL_ROOT_HOST" ] && [ "$MYSQL_ROOT_HOST" != 'localhost' ]; then
+ # no, we don't care if read finds a terminating character in this heredoc
+ # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
+ read -r -d '' rootCreate <<-EOSQL || true
+ CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
+ GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
+EOSQL
+ fi
+
+ # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is just now being set
+ docker_process_sql --dont-use-mysql-root-password --database=mysql <<-EOSQL
+ -- What's done in this file shouldn't be replicated
+ -- or products like mysql-fabric won't work
+ SET @@SESSION.SQL_LOG_BIN=0;
+
+ DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mariadb.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
+ SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
+ -- 10.1: https://github.com/MariaDB/server/blob/d925aec1c10cebf6c34825a7de50afe4e630aff4/scripts/mysql_secure_installation.sh#L347-L365
+ -- 10.5: https://github.com/MariaDB/server/blob/00c3a28820c67c37ebbca72691f4897b57f2eed5/scripts/mysql_secure_installation.sh#L351-L369
+ DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' ;
+
+ GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
+ FLUSH PRIVILEGES ;
+ ${rootCreate}
+ DROP DATABASE IF EXISTS test ;
+EOSQL
+
+ # Creates a custom database and user if specified
+ if [ -n "$MYSQL_DATABASE" ]; then
+ mysql_note "Creating database ${MYSQL_DATABASE}"
+ echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" |docker_process_sql --database=mysql
+ fi
+
+ if [ -n "$MYSQL_USER" ] && [ -n "$MYSQL_PASSWORD" ]; then
+ mysql_note "Creating user ${MYSQL_USER}"
+ echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" |docker_process_sql --database=mysql
+
+ if [ -n "$MYSQL_DATABASE" ]; then
+ mysql_note "Giving user ${MYSQL_USER} access to schema ${MYSQL_DATABASE}"
+ echo "GRANT ALL ON \`$(echo $MYSQL_DATABASE | sed 's@_@\\_@g')\`.* TO '$MYSQL_USER'@'%' ;" | docker_process_sql --database=mysql
+ fi
+
+ echo "FLUSH PRIVILEGES ;" | docker_process_sql --database=mysql
+ fi
}
_mysql_passfile() {
- # echo the password to the "file" the client uses
- # the client command will use process substitution to create a file on the fly
- # ie: --defaults-extra-file=<( _mysql_passfile )
- if [ '--dont-use-mysql-root-password' != "$1" ] && [ -n "$MYSQL_ROOT_PASSWORD" ]; then
- cat <<-EOF
- [client]
- password="${MYSQL_ROOT_PASSWORD}"
- EOF
- fi
+ # echo the password to the "file" the client uses
+ # the client command will use process substitution to create a file on the fly
+ # ie: --defaults-extra-file=<( _mysql_passfile )
+ if [ '--dont-use-mysql-root-password' != "$1" ] && [ -n "$MYSQL_ROOT_PASSWORD" ]; then
+ cat <<-EOF
+ [client]
+ password="${MYSQL_ROOT_PASSWORD}"
+EOF
+ fi
}
# check arguments for an option that would cause mysqld to stop
# return true if there is one
_mysql_want_help() {
- local arg
- for arg; do
- case "$arg" in
- -'?'|--help|--print-defaults|-V|--version)
- return 0
- ;;
- esac
- done
- return 1
+ local arg
+ for arg; do
+ case "$arg" in
+ -'?'|--help|--print-defaults|-V|--version)
+ return 0
+ ;;
+ esac
+ done
+ return 1
}
_main() {
- # if command starts with an option, prepend mysqld
- if echo "$1" | grep '^-' >/dev/null; then
- set -- mysqld "$@"
- fi
-
- # skip setup if they aren't running mysqld or want an option that stops mysqld
- if [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then
- mysql_note "Entrypoint script for MySQL Server ${MARIADB_VERSION} started."
-
- mysql_check_config "$@"
- # Load various environment variables
- docker_setup_env "$@"
- docker_create_db_directories
-
- # If container is started as root user, restart as dedicated mysql user
- if [ "$(id -u)" = "0" ]; then
- mysql_note "Switching to dedicated user 'mysql'"
- exec gosu mysql "$0" "$@"
- fi
-
- # there's no database, so it needs to be initialized
- if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
- docker_verify_minimum_env
-
- # check dir permissions to reduce likelihood of half-initialized database
- ls /docker-entrypoint-initdb.d/ > /dev/null
-
- docker_init_database_dir "$@"
-
- mysql_note "Starting temporary server"
- docker_temp_server_start "$@"
- mysql_note "Temporary server started."
-
- docker_setup_db
- docker_process_init_files /docker-entrypoint-initdb.d/*
-
- for i in $(echo $PORTAL_DB_TABLES | sed "s/,/ /g")
- do
- echo "Granting portal user ALL PRIVILEGES for table $i"
- echo "GRANT ALL ON \`$i\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
- done
-
- mysql_note "Stopping temporary server"
- docker_temp_server_stop
- mysql_note "Temporary server stopped"
-
- echo
- mysql_note "MySQL init process done. Ready for start up."
- echo
- fi
- fi
- exec "$@"
+ # if command starts with an option, prepend mysqld
+ if echo "$1" | grep '^-' >/dev/null; then
+ set -- mysqld "$@"
+ fi
+
+ # skip setup if they aren't running mysqld or want an option that stops mysqld
+ if [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then
+ mysql_note "Entrypoint script for MySQL Server ${MARIADB_VERSION} started."
+
+ mysql_check_config "$@"
+ # Load various environment variables
+ docker_setup_env "$@"
+ docker_create_db_directories
+
+ # If container is started as root user, restart as dedicated mysql user
+ if [ "$(id -u)" = "0" ]; then
+ mysql_note "Switching to dedicated user 'mysql'"
+ exec gosu mysql "$0" "$@"
+ fi
+
+ # there's no database, so it needs to be initialized
+ if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+ docker_verify_minimum_env
+
+ # check dir permissions to reduce likelihood of half-initialized database
+ ls /docker-entrypoint-initdb.d/ > /dev/null
+
+ docker_init_database_dir "$@"
+
+ mysql_note "Starting temporary server"
+ docker_temp_server_start "$@"
+ mysql_note "Temporary server started."
+
+ docker_setup_db
+ docker_process_init_files /docker-entrypoint-initdb.d/*
+
+ for i in $(echo $PORTAL_DB_TABLES | sed "s/,/ /g")
+ do
+ echo "Granting portal user ALL PRIVILEGES for table $i"
+ echo "GRANT ALL ON \`$i\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
+ done
+
+ mysql_note "Stopping temporary server"
+ docker_temp_server_stop
+ mysql_note "Temporary server stopped"
+
+ echo
+ mysql_note "MySQL init process done. Ready for start up."
+ echo
+ fi
+ fi
+ exec "$@"
}
# If we are sourced from elsewhere, don't perform any further actions
if ! _is_sourced; then
- _main "$@"
+ _main "$@"
fi
# Use the special tag '{UUID}' to generate a unique one for each sdk-app server.
ueb_app_consumer_group_name = {UUID}
-decryption_key = AGLDdG4D04BKm2IxIWEr8o==
+decryption_key = AGLDdG4D04BKm2IxIWEr8o==
clustered = true
#Enable Fusion Mobile capabilities for the application
-mobile_enable = false
+mobile_enable = false
# Cache config file is needed on the classpath
cache_config_file_path = /WEB-INF/classes/cache.ccf
cache_switch = 199
cache_load_on_startup = false
-user_name = fullName
-decryption_key = AGLDdG4D04BKm2IxIWEr8o==
+user_name = fullName
+decryption_key = AGLDdG4D04BKm2IxIWEr8o==
##########################################################################
# The following properties MAY require changes by partner applications.
#Cron Schedules
log_cron = 0 0/1 * * * ?;
mylogins_feed_cron = 0 0/60 * * * ?;
-#sessiontimeout_feed_cron = 0 * * * * ? *
+#sessiontimeout_feed_cron = 0 * * * * ? *
my_login_feed_output_dir = /tmp/MyLogins
# Link shown in Help menu
-#!/bin/bash
+#!/bin/sh
+
# Copyright (C) 2018 Amdocs, Bell Canada
# Modifications Copyright (C) 2019 Samsung
# Modifications Copyright (C) 2020 Nokia
#
usage ()
{
- echo "Usage: demo-k8s.sh <namespace> <command> [<parameters>] [execscript]"
- echo " "
- echo " demo-k8s.sh <namespace> init"
- echo " - Execute both init_customer + distribute"
- echo " "
- echo " demo-k8s.sh <namespace> init_customer"
- echo " - Create demo customer (Demonstration) and services, etc."
- echo " "
- echo " demo-k8s.sh <namespace> distribute [<prefix>]"
- echo " - Distribute demo models (demoVFW and demoVLB)"
- echo " "
- echo " demo-k8s.sh <namespace> preload <vnf_name> <module_name>"
- echo " - Preload data for VNF for the <module_name>"
- echo " "
- echo " demo-k8s.sh <namespace> appc <module_name>"
- echo " - provide APPC with vFW module mount point for closed loop"
- echo " "
- echo " demo-k8s.sh <namespace> init_robot [ <etc_hosts_prefix> ]"
- echo " - Initialize robot after all ONAP VMs have started"
- echo " "
- echo " demo-k8s.sh <namespace> instantiateVFW"
- echo " - Instantiate vFW module for the demo customer (DemoCust<uuid>)"
- echo " "
- echo " demo-k8s.sh <namespace> instantiateVFWdirectso csar_filename"
- echo " - Instantiate vFW module using direct SO interface using previously distributed model "
+ echo "Usage: demo-k8s.sh <namespace> <command> [<parameters>] [execscript]"
+ echo " "
+ echo " demo-k8s.sh <namespace> init"
+ echo " - Execute both init_customer + distribute"
+ echo " "
+ echo " demo-k8s.sh <namespace> init_customer"
+ echo " - Create demo customer (Demonstration) and services, etc."
+ echo " "
+ echo " demo-k8s.sh <namespace> distribute [<prefix>]"
+ echo " - Distribute demo models (demoVFW and demoVLB)"
+ echo " "
+ echo " demo-k8s.sh <namespace> preload <vnf_name> <module_name>"
+ echo " - Preload data for VNF for the <module_name>"
+ echo " "
+ echo " demo-k8s.sh <namespace> appc <module_name>"
+ echo " - provide APPC with vFW module mount point for closed loop"
+ echo " "
+ echo " demo-k8s.sh <namespace> init_robot [ <etc_hosts_prefix> ]"
+ echo " - Initialize robot after all ONAP VMs have started"
+ echo " "
+ echo " demo-k8s.sh <namespace> instantiateVFW"
+ echo " - Instantiate vFW module for the demo customer (DemoCust<uuid>)"
+ echo " "
+ echo " demo-k8s.sh <namespace> instantiateVFWdirectso csar_filename"
+ echo " - Instantiate vFW module using direct SO interface using previously distributed model "
echo " that is in /tmp/csar in robot container"
- echo " "
+ echo " "
echo " demo-k8s.sh <namespace> instantiateVLB_CDS"
echo " - Instantiate vLB module using CDS with a preloaded CBA "
echo " "
- echo " demo-k8s.sh <namespace> deleteVNF <module_name from instantiateVFW>"
- echo " - Delete the module created by instantiateVFW"
- echo " "
- echo " demo-k8s.sh <namespace> vfwclosedloop <pgn-ip-address>"
+ echo " demo-k8s.sh <namespace> deleteVNF <module_name from instantiateVFW>"
+ echo " - Delete the module created by instantiateVFW"
+ echo " "
+ echo " demo-k8s.sh <namespace> vfwclosedloop <pgn-ip-address>"
echo " - vFWCL: Sets the packet generator to high and low rates, and checks whether the policy "
echo " kicks in to modulate the rates back to medium"
- echo " "
- echo " demo-k8s.sh <namespace> <command> [<parameters>] execscript"
- echo " - Optional parameter to execute user custom scripts located in scripts/demoscript directory"
- echo " "
+ echo " "
+ echo " demo-k8s.sh <namespace> <command> [<parameters>] execscript"
+ echo " - Optional parameter to execute user custom scripts located in scripts/demoscript directory"
+ echo " "
}
# Check if execscript flag is used and drop it from input arguments
echo $#
if [ $# -lt 2 ];then
- usage
- exit
+ usage
+ exit
fi
NAMESPACE=$1
##
while [ $# -gt 0 ]
do
- key="$1"
+ key="$1"
echo "KEY:"
echo $key
- case $key in
- init_robot)
- TAG="UpdateWebPage"
- echo "WEB Site Password for user 'test': "
- stty -echo
- read WEB_PASSWORD
- stty echo
- if [ "$WEB_PASSWORD" = "" ]; then
- echo ""
- echo "WEB Password is required for user 'test'"
- exit
- fi
- VARIABLES="$VARIABLES -v WEB_PASSWORD:$WEB_PASSWORD"
- shift
- if [ $# -eq 2 ];then
- VARIABLES="$VARIABLES -v HOSTS_PREFIX:$1"
- fi
- shift
- ;;
- init)
- TAG="InitDemo"
- shift
- ;;
- vescollector)
- TAG="vescollector"
- shift
- ;;
+ case $key in
+ init_robot)
+ TAG="UpdateWebPage"
+ echo "WEB Site Password for user 'test': "
+ stty -echo
+ read WEB_PASSWORD
+ stty echo
+ if [ "$WEB_PASSWORD" = "" ]; then
+ echo ""
+ echo "WEB Password is required for user 'test'"
+ exit
+ fi
+ VARIABLES="$VARIABLES -v WEB_PASSWORD:$WEB_PASSWORD"
+ shift
+ if [ $# -eq 2 ];then
+ VARIABLES="$VARIABLES -v HOSTS_PREFIX:$1"
+ fi
+ shift
+ ;;
+ init)
+ TAG="InitDemo"
+ shift
+ ;;
+ vescollector)
+ TAG="vescollector"
+ shift
+ ;;
distribute_vcpe)
- TAG="distributeVCPE"
- shift
- ;;
- init_customer)
- TAG="InitCustomer"
- shift
- ;;
- distribute)
- TAG="InitDistribution"
- shift
- if [ $# -eq 1 ];then
- VARIABLES="$VARIABLES -v DEMO_PREFIX:$1"
- fi
- shift
- ;;
- preload)
- TAG="PreloadDemo"
- shift
- if [ $# -ne 2 ];then
- echo "Usage: demo-k8s.sh <namespace> preload <vnf_name> <module_name>"
- exit
- fi
- VARIABLES="$VARIABLES -v VNF_NAME:$1"
- shift
- VARIABLES="$VARIABLES -v MODULE_NAME:$1"
- shift
- ;;
- appc)
- TAG="APPCMountPointDemo"
- shift
- if [ $# -ne 1 ];then
- echo "Usage: demo-k8s.sh <namespace> appc <module_name>"
- exit
- fi
- VARIABLES="$VARIABLES -v MODULE_NAME:$1"
- shift
- ;;
- instantiateVFW)
- TAG="instantiateVFW"
- VARIABLES="$VARIABLES -v GLOBAL_BUILD_NUMBER:$$"
- shift
- ;;
+ TAG="distributeVCPE"
+ shift
+ ;;
+ init_customer)
+ TAG="InitCustomer"
+ shift
+ ;;
+ distribute)
+ TAG="InitDistribution"
+ shift
+ if [ $# -eq 1 ];then
+ VARIABLES="$VARIABLES -v DEMO_PREFIX:$1"
+ fi
+ shift
+ ;;
+ preload)
+ TAG="PreloadDemo"
+ shift
+ if [ $# -ne 2 ];then
+ echo "Usage: demo-k8s.sh <namespace> preload <vnf_name> <module_name>"
+ exit
+ fi
+ VARIABLES="$VARIABLES -v VNF_NAME:$1"
+ shift
+ VARIABLES="$VARIABLES -v MODULE_NAME:$1"
+ shift
+ ;;
+ appc)
+ TAG="APPCMountPointDemo"
+ shift
+ if [ $# -ne 1 ];then
+ echo "Usage: demo-k8s.sh <namespace> appc <module_name>"
+ exit
+ fi
+ VARIABLES="$VARIABLES -v MODULE_NAME:$1"
+ shift
+ ;;
+ instantiateVFW)
+ TAG="instantiateVFW"
+ VARIABLES="$VARIABLES -v GLOBAL_BUILD_NUMBER:$$"
+ shift
+ ;;
instantiateVFWdirectso)
TAG="instantiateVFWdirectso"
shift
VARIABLES="$VARIABLES -v GLOBAL_BUILD_NUMBER:$$"
shift
;;
- deleteVNF)
- TAG="deleteVNF"
- shift
- if [ $# -ne 1 ];then
- echo "Usage: demo-k8s.sh <namespace> deleteVNF <module_name from instantiateVFW>"
- exit
- fi
- VARFILE=$1.py
- VARIABLES="$VARIABLES -V /share/${VARFILE}"
- shift
- ;;
- cds)
- TAG="cds"
- shift
- ;;
+ deleteVNF)
+ TAG="deleteVNF"
+ shift
+ if [ $# -ne 1 ];then
+ echo "Usage: demo-k8s.sh <namespace> deleteVNF <module_name from instantiateVFW>"
+ exit
+ fi
+ VARFILE=$1.py
+ VARIABLES="$VARIABLES -V /share/${VARFILE}"
+ shift
+ ;;
+ cds)
+ TAG="cds"
+ shift
+ ;;
distributeVFWNG)
TAG="distributeVFWNG"
shift
VARIABLES="$VARIABLES -v PACKET_GENERATOR_HOST:$1 -v pkg_host:$1"
shift
;;
- *)
- usage
- exit
- esac
+ *)
+ usage
+ exit
+ esac
done
set -x
-#!/bin/bash
+#!/bin/sh
# Copyright © 2018 Amdocs, Bell Canada
#
-#!/bin/bash
+#!/bin/sh
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
-#!/bin/bash
+#!/bin/sh
# Copyright 2019 AT&T Intellectual Property. All rights reserved.
#
GLOBAL_AAF_PASSWORD = '{{ .Values.aafPassword }}'
GLOBAL_AAF_AUTHENTICATION = [GLOBAL_AAF_USERNAME, GLOBAL_AAF_PASSWORD]
# aai info - everything is from the private oam network (also called onap private network)
-GLOBAL_AAI_SERVER_PROTOCOL = "https"
-GLOBAL_AAI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "aai" "port" 8443) }}'
+GLOBAL_AAI_SERVER_PROTOCOL = '{{ include "common.scheme" . }}'
+GLOBAL_AAI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "aai" "port" ( ternary 8443 80 (eq "true" (include "common.needTLS" . )))) }}'
GLOBAL_AAI_USERNAME = '{{ .Values.aaiUsername }}'
GLOBAL_AAI_PASSWORD = '{{ .Values.aaiPassword}}'
GLOBAL_AAI_AUTHENTICATION = [GLOBAL_AAI_USERNAME, GLOBAL_AAI_PASSWORD]
# create key and csr
openssl req -new -newkey rsa:2048 -nodes -keyout onap-robot.onap.key -out onap-robot.onap.csr
-# sign csr
+# sign csr
# 10 year self signed certificate
openssl x509 -req -days 3650 -in onap-robot.onap.csr -signkey onap-robot.onap.key -out onap-robot.onap.crt
-#!/bin/bash
+#!/bin/sh
# Copyright © 2019 Nokia
#
generate_ca_key_cert () {
- openssl genrsa -out $1/ca.key 2048
- openssl req -new -x509 -days 36500 -key $1/ca.key -out $1/ca.pem -subj /CN=dcae-hv-ves-ca.onap
+ openssl genrsa -out $1/ca.key 2048
+ openssl req -new -x509 -days 36500 -key $1/ca.key -out $1/ca.pem -subj /CN=dcae-hv-ves-ca.onap
}
generate_server_key_csr () {
- openssl genrsa -out $1/server.key 2048
- openssl req -new -key $1/server.key -out $1/server.csr -subj /CN=dcae-hv-ves-collector.onap
+ openssl genrsa -out $1/server.key 2048
+ openssl req -new -key $1/server.key -out $1/server.csr -subj /CN=dcae-hv-ves-collector.onap
}
generate_client_key_csr () {
- openssl genrsa -out $1/client.key 2048
- openssl req -new -key $1/client.key -out $1/client.csr -subj /CN=dcae-hv-ves-client.onap
+ openssl genrsa -out $1/client.key 2048
+ openssl req -new -key $1/client.key -out $1/client.csr -subj /CN=dcae-hv-ves-client.onap
}
sign_server_and_client_cert () {
- openssl x509 -req -days 36500 -in $1/server.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/server.pem -set_serial 00
- openssl x509 -req -days 36500 -in $1/client.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/client.pem -set_serial 00
+ openssl x509 -req -days 36500 -in $1/server.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/server.pem -set_serial 00
+ openssl x509 -req -days 36500 -in $1/client.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/client.pem -set_serial 00
}
create_pkcs12_ca_and_server () {
- openssl pkcs12 -export -out $1/ca.p12 -inkey $1/ca.key -in $1/ca.pem -passout pass:
- openssl pkcs12 -export -out $1/server.p12 -inkey $1/server.key -in $1/server.pem -passout pass:
+ openssl pkcs12 -export -out $1/ca.p12 -inkey $1/ca.key -in $1/ca.pem -passout pass:
+ openssl pkcs12 -export -out $1/server.p12 -inkey $1/server.key -in $1/server.pem -passout pass:
}
copy_server_certs_to_hvves () {
- for f in ca.p12 server.p12
- do
- kubectl cp $1/$f $2/$3:$4
- done
+ for f in ca.p12 server.p12
+ do
+ kubectl cp $1/$f $2/$3:$4
+ done
}
copy_client_certs_to_robot () {
- for f in ca.pem client.key client.pem
- do
+ for f in ca.pem client.key client.pem
+ do
kubectl cp $1/$f $2/$3:$4
done
}
cleanup () {
- rm -f $1/ca.??? $1/server.??? s$1/client.???
+ rm -f $1/ca.??? $1/server.??? s$1/client.???
}
-#!/usr/bin/env bash
+#!/bin/sh
# Copyright 2019 Samsung Electronics Co., Ltd.
#
CSV2JSON='import csv; import json; import sys; print(json.dumps({i[0]: i[1] for i in csv.reader(sys.stdin)}))'
FILTER="$(tr -d [:space:] <<TEMPLATE
{{range .items}}
- {{range.spec.ports}}
- {{if .nodePort}}
- {{.nodePort}}{{','}}{{.name}}{{'\n'}}
- {{end}}
- {{end}}
+ {{range.spec.ports}}
+ {{if .nodePort}}
+ {{.nodePort}}{{','}}{{.name}}{{'\n'}}
+ {{end}}
+ {{end}}
{{end}}
TEMPLATE)"
setup () {
- export NODEPORTS_FILE="$(mktemp -p ${TMPDIR} ${TMPTPL}XXX)"
+ export NODEPORTS_FILE="$(mktemp -p ${TMPDIR} ${TMPTPL}XXX)"
}
create_actual_nodeport_json () {
- kubectl get svc -n $NAMESPACE -o go-template="$FILTER" | python3 -c "$CSV2JSON" > "$NODEPORTS_FILE"
+ kubectl get svc -n $NAMESPACE -o go-template="$FILTER" | python3 -c "$CSV2JSON" > "$NODEPORTS_FILE"
}
copy_actual_nodeport_json_to_robot () {
- kubectl cp "$1" "$2/$3:$4"
+ kubectl cp "$1" "$2/$3:$4"
}
cleanup () {
- rm "$NODEPORTS_FILE"
+ rm "$NODEPORTS_FILE"
}
-#!/bin/bash
+#!/bin/sh
# SPDX-License-Identifier: Apache-2.0
<!-- Debug log -->
<appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">
<file>${logDirectory}/${debugLogName}.log</file>
- <!-- No need to deny audit messages - they are INFO only, will be denied
- anyway -->
- <!-- Transaction messages filter - deny Transaction messages, there are
- some DEBUG level messages among them -->
+ <!-- No need to deny audit messages - they are INFO only, will be denied anyway -->
+ <!-- Transaction messages filter - deny Transaction messages, there are some DEBUG level messages among them -->
<filter class="ch.qos.logback.core.filter.EvaluatorFilter">
<evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
<marker>TRANSACTION_MARKER</marker>
<!-- Debug log -->\r
<appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">\r
<file>${logDirectory}/${debugLogName}.log</file>\r
- <!-- No need to deny audit messages - they are INFO only, will be denied \r
- anyway -->\r
- <!-- Transaction messages filter - deny Transaction messages, there are \r
- some DEBUG level messages among them -->\r
+ <!-- No need to deny audit messages - they are INFO only, will be denied anyway -->\r
+ <!-- Transaction messages filter - deny Transaction messages, there are some DEBUG level messages among them -->\r
<filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
<evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
<marker>TRANSACTION_MARKER</marker>\r
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-dmaap-listener-image:2.1.6
+image: onap/sdnc-dmaap-listener-image:2.2.0
pullPolicy: Always
# flag to enable debugging - application support required
containers:
- name: {{ include "common.name" . }}
command: ["/bin/bash"]
- args: ["-c", "cd /opt/onap/ccsdk && ./startAnsibleServer.sh"]
+ args: ["-c", "cd /opt/ansible-server && ./startAnsibleServer.sh"]
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ansible-server-image:2.1.6
+image: onap/sdnc-ansible-server-image:2.2.0
pullPolicy: Always
# flag to enable debugging - application support required
-#!/bin/bash
-{{/*
+#!/bin/sh
+{{/*
# Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
# Application configuration defaults.
#################################################################
# application image
-image: "onap/sdnc-web-image:2.1.6"
+image: "onap/sdnc-web-image:2.2.0"
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ueb-listener-image:2.1.6
+image: onap/sdnc-ueb-listener-image:2.2.0
pullPolicy: Always
# flag to enable debugging - application support required
# ============LICENSE_START=======================================================
# ONAP : SDN-C
# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
if [ -d $JOURNAL_PATH ]
then
mv $JOURNAL_PATH/* $MDSAL_PATH/journal
- rm -f $JOURNAL_PATH
+ rm -f $JOURNAL_PATH
fi
ln -s $MDSAL_PATH/journal $JOURNAL_PATH
fi
if [ -d $SNAPSHOTS_PATH ]
then
mv $SNAPSHOTS_PATH/* $MDSAL_PATH/snapshots
- rm -f $SNAPSHOTS_PATH
+ rm -f $SNAPSHOTS_PATH
fi
ln -s $MDSAL_PATH/snapshots $SNAPSHOTS_PATH
fi
-#!/bin/bash
-{{/*
+#!/bin/sh
+{{/*
###
# ============LICENSE_START=======================================================
# ONAP : SDN-C
# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#sync-index-threshold=10
# Record new transaction allocation stack trace, useful for debugging. This makes the log include
-# the stack trace of the creator of the Tx when there is an exception when the transaction is submitted
+# the stack trace of the creator of the Tx when there is an exception when the transaction is submitted
# (e.g. for a failed validation). Defaults to false due to performance impact.
#transaction-debug-context-enabled=true
persistent-actor-restart-min-backoff-in-seconds={{.Values.config.odl.datastore.persistentActorRestartMinBackoffInSeconds}}
#
#
-# The following section shows the possible configuration options for the default
+# The following section shows the possible configuration options for the default
# karaf scripts
#
# export JAVA_HOME # Location of Java installation
case $IS_PRIMARY_CLUSTER in
true|false)
- echo $IS_PRIMARY_CLUSTER
- ;;
+ echo $IS_PRIMARY_CLUSTER
+ ;;
*)
- echo "NOT CLUSTERED"
- exit 1
- ;;
+ echo "NOT CLUSTERED"
+ exit 1
+ ;;
esac
# application images
pullPolicy: Always
-image: onap/sdnc-image:2.1.6
+image: onap/sdnc-image:2.2.0
# flag to enable debugging - application support required
debugEnabled: false
{{/*
# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
+#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
aai:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.server.aai.auth ) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
+ enabled: {{ .Values.global.aai.enabled }}
logging:
path: logs
spring:
aaf:
auth:
header: ${AAF_AUTH}
+ aai:
+ enabled: true
#################################################################
# Secrets metaconfig
#################################################################
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/so-cnf-adapter:1.8.3
+image: onap/so/so-cnf-adapter:1.9.1
pullPolicy: Always
readinessCheck:
prepare_password()
{
- echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
}
DB_PASSWORD=`prepare_password $DB_PASSWORD`
prepare_password()
{
- echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
}
DB_ADMIN_PASSWORD=`prepare_password $DB_ADMIN_PASSWORD`
NEW_VALUE_ varchar(4000),
TENANT_ID_ varchar(64),
REMOVAL_TIME_ datetime(3),
- CATEGORY_ varchar(64),
- EXTERNAL_TASK_ID_ varchar(64),
- ANNOTATION_ varchar(4000),
+ CATEGORY_ varchar(64),
+ EXTERNAL_TASK_ID_ varchar(64),
+ ANNOTATION_ varchar(4000),
primary key (ID_)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
fqdn: so
fqi: so@so.onap.org
public_fqdn: so.onap.org
+ fqi_namespace: org.onap.so
cadi_longitude: '0.0'
cadi_latitude: '0.0'
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
- qi_namespace: org.onap.so
aaf_add_config: |
echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop
echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
- name: readinessCheck
version: ~8.x-0
repository: '@local'
#Start the chef-solo if mso-docker.json contains some data.
if [ -s /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker.json ]
then
- echo "mso-docker.json has some configuration, replay the recipes."
- chef-solo -c /var/berks-cookbooks/${CHEF_REPO_NAME}/solo.rb -o recipe[mso-config::apih],recipe[mso-config::bpmn],recipe[mso-config::jra]
+ echo "mso-docker.json has some configuration, replay the recipes."
+ chef-solo -c /var/berks-cookbooks/${CHEF_REPO_NAME}/solo.rb -o recipe[mso-config::apih],recipe[mso-config::bpmn],recipe[mso-config::jra]
else
- echo "mso-docker.json is empty, do not replay the recipes."
+ echo "mso-docker.json is empty, do not replay the recipes."
fi
JBOSS_PIDFILE=/tmp/jboss-standalone.pid
<!--<jmxConfigurator /> -->
<!-- directory path for all other type logs -->
<property name="logDir" value="/var/log/onap" />
-
+
<!-- directory path for debugging type logs -->
<property name="debugDir" value="/var/log/onap" />
-
- <!-- specify the component name
+
+ <!-- specify the component name
<ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
<property name="componentName" value="MSO"></property>
<property name="subComponentName" value="ApiHandlerInfra"></property>
<!-- EELF Appenders -->
<!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
-
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+ <!-- The EELFAppender is used to record events to the general application log -->
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
-
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
<!--<maxHistory>30</maxHistory>-->
</rollingPolicy>
<encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
<pattern>${metricPattern}</pattern>
</encoder>
</appender>
-
-
+
+
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
-
+
<appender name="EELFError"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
<pattern>${errorPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFError"/>
</appender>
-
+
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
<pattern>${debugPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
-
-
+
+
<!-- ============================================================================ -->
<!-- EELF loggers -->
<!-- ============================================================================ -->
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
-
+
<logger name="com.att.eelf.metrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
- </logger>
+ </logger>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
</root>
<!--<jmxConfigurator /> -->
<!-- directory path for all other type logs -->
<property name="logDir" value="/var/log/onap" />
-
+
<!-- directory path for debugging type logs -->
<property name="debugDir" value="/var/log/onap" />
-
- <!-- specify the component name
+
+ <!-- specify the component name
<ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
<property name="componentName" value="MSO"></property>
<property name="subComponentName" value="AppCAdapter"></property>
<!-- EELF Appenders -->
<!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
-
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+ <!-- The EELFAppender is used to record events to the general application log -->
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
-
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
<!--<maxHistory>30</maxHistory>-->
</rollingPolicy>
<encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
<pattern>${metricPattern}</pattern>
</encoder>
</appender>
-
-
+
+
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
-
+
<appender name="EELFError"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
<pattern>${errorPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFError"/>
</appender>
-
+
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
<pattern>${debugPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
-
-
+
+
<!-- ============================================================================ -->
<!-- EELF loggers -->
<!-- ============================================================================ -->
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
-
+
<logger name="com.att.eelf.metrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
- </logger>
+ </logger>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
</root>
<!--<jmxConfigurator /> -->
<!-- directory path for all other type logs -->
<property name="logDir" value="/var/log/onap" />
-
+
<!-- directory path for debugging type logs -->
<property name="debugDir" value="/var/log/onap" />
-
- <!-- specify the component name
+
+ <!-- specify the component name
<ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
<property name="componentName" value="MSO"></property>
<property name="subComponentName" value="ASDCController"></property>
<!-- EELF Appenders -->
<!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
-
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+ <!-- The EELFAppender is used to record events to the general application log -->
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
-
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
<!--<maxHistory>30</maxHistory>-->
</rollingPolicy>
<encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
<pattern>${metricPattern}</pattern>
</encoder>
</appender>
-
-
+
+
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
-
+
<appender name="EELFError"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
<pattern>${errorPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFError"/>
</appender>
-
+
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
<pattern>${debugPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
-
-
+
+
<!-- ============================================================================ -->
<!-- EELF loggers -->
<!-- ============================================================================ -->
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
-
+
<logger name="com.att.eelf.metrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
- </logger>
+ </logger>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
</root>
<property name="errorPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n" />
<property name="debugPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%msg%n" />
-
+
<property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" />
<property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" />
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
<!--<jmxConfigurator /> -->
<!-- directory path for all other type logs -->
<property name="logDir" value="/var/log/onap" />
-
+
<!-- directory path for debugging type logs -->
<property name="debugDir" value="/var/log/onap" />
-
- <!-- specify the component name
+
+ <!-- specify the component name
<ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
<property name="componentName" value="MSO"></property>
<property name="subComponentName" value="RequestDB"></property>
<!-- EELF Appenders -->
<!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
-
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+ <!-- The EELFAppender is used to record events to the general application log -->
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
-
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
<!--<maxHistory>30</maxHistory>-->
</rollingPolicy>
<encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
<pattern>${metricPattern}</pattern>
</encoder>
</appender>
-
-
+
+
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
-
+
<appender name="EELFError"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
<pattern>${errorPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFError"/>
</appender>
-
+
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
<pattern>${debugPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
-
-
+
+
<!-- ============================================================================ -->
<!-- EELF loggers -->
<!-- ============================================================================ -->
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
-
+
<logger name="com.att.eelf.metrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
- </logger>
+ </logger>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
</root>
<!--<jmxConfigurator /> -->
<!-- directory path for all other type logs -->
<property name="logDir" value="/var/log/onap" />
-
+
<!-- directory path for debugging type logs -->
<property name="debugDir" value="/var/log/onap" />
-
- <!-- specify the component name
+
+ <!-- specify the component name
<ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
<property name="componentName" value="MSO"></property>
<property name="subComponentName" value="NetworkAdapter"></property>
<property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" />
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
<property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
-
+
<!-- ============================================================================ -->
<!-- EELF Appenders -->
<!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
-
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+ <!-- The EELFAppender is used to record events to the general application log -->
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
-
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
<!--<maxHistory>30</maxHistory>-->
</rollingPolicy>
<encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
<pattern>${metricPattern}</pattern>
</encoder>
</appender>
-
-
+
+
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
-
+
<appender name="EELFError"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
<pattern>${errorPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFError"/>
</appender>
-
+
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
<pattern>${debugPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
-
-
+
+
<!-- ============================================================================ -->
<!-- EELF loggers -->
<!-- ============================================================================ -->
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
-
+
<logger name="com.att.eelf.metrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
- </logger>
+ </logger>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
</root>
<!--<jmxConfigurator /> -->
<!-- directory path for all other type logs -->
<property name="logDir" value="/var/log/onap" />
-
+
<!-- directory path for debugging type logs -->
<property name="debugDir" value="/var/log/onap" />
-
- <!-- specify the component name
+
+ <!-- specify the component name
<ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
<property name="componentName" value="MSO"></property>
<property name="subComponentName" value="SDNCAdapter"></property>
<!-- EELF Appenders -->
<!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
+ <!-- The EELFAppender is used to record events to the general application
log -->
-
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
-
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
<!--<maxHistory>30</maxHistory>-->
</rollingPolicy>
<encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
%msg%n"</pattern> -->
<pattern>${metricPattern}</pattern>
</encoder>
</appender>
-
-
+
+
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
-
+
<appender name="EELFError"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
<pattern>${errorPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFError"/>
</appender>
-
+
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
<pattern>${debugPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
-
-
+
+
<!-- ============================================================================ -->
<!-- EELF loggers -->
<!-- ============================================================================ -->
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
-
+
<logger name="com.att.eelf.metrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
- </logger>
+ </logger>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
</root>
<!--<jmxConfigurator /> -->
<!-- directory path for all other type logs -->
<property name="logDir" value="/var/log/onap" />
-
+
<!-- directory path for debugging type logs -->
<property name="debugDir" value="/var/log/onap" />
-
- <!-- specify the component name
+
+ <!-- specify the component name
<ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
<property name="componentName" value="MSO"></property>
<property name="subComponentName" value="TenantAdapter"></property>
<property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" />
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
<property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
-
+
<!-- ============================================================================ -->
<!-- EELF Appenders -->
<!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
-
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+ <!-- The EELFAppender is used to record events to the general application log -->
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
-
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
<!--<maxHistory>30</maxHistory>-->
</rollingPolicy>
<encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
<pattern>${metricPattern}</pattern>
</encoder>
</appender>
-
-
+
+
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
-
+
<appender name="EELFError"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
<pattern>${errorPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFError"/>
</appender>
-
+
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
<pattern>${debugPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
-
-
+
+
<!-- ============================================================================ -->
<!-- EELF loggers -->
<!-- ============================================================================ -->
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
-
+
<logger name="com.att.eelf.metrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
- </logger>
+ </logger>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
</root>
<!--<jmxConfigurator /> -->
<!-- directory path for all other type logs -->
<property name="logDir" value="/var/log/onap" />
-
+
<!-- directory path for debugging type logs -->
<property name="debugDir" value="/var/log/onap" />
-
- <!-- specify the component name
+
+ <!-- specify the component name
<ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
<property name="componentName" value="MSO"></property>
<property name="subComponentName" value="vfcadapter"></property>
<!-- EELF Appenders -->
<!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
-
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+ <!-- The EELFAppender is used to record events to the general application log -->
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
-
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
<!--<maxHistory>30</maxHistory>-->
</rollingPolicy>
<encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
<pattern>${metricPattern}</pattern>
</encoder>
</appender>
-
-
+
+
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
-
+
<appender name="EELFError"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
<pattern>${errorPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFError"/>
</appender>
-
+
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
<pattern>${debugPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
-
-
+
+
<!-- ============================================================================ -->
<!-- EELF loggers -->
<!-- ============================================================================ -->
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
-
+
<logger name="com.att.eelf.metrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
- </logger>
+ </logger>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
</root>
<!--<jmxConfigurator /> -->
<!-- directory path for all other type logs -->
<property name="logDir" value="/var/log/onap" />
-
+
<!-- directory path for debugging type logs -->
<property name="debugDir" value="/var/log/onap" />
-
- <!-- specify the component name
+
+ <!-- specify the component name
<ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
<property name="componentName" value="MSO"></property>
<property name="subComponentName" value="VnfAdapter"></property>
<!-- EELF Appenders -->
<!-- ============================================================================ -->
- <!-- The EELFAppender is used to record events to the general application
- log -->
-
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+ <!-- The EELFAppender is used to record events to the general application log -->
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
-
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file>
<appender-ref ref="EELFAudit" />
</appender>
-<appender name="EELFMetrics"
+ <appender name="EELFMetrics"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${metricsLogName}${jboss.server.name}.log</file>
<rollingPolicy
<!--<maxHistory>30</maxHistory>-->
</rollingPolicy>
<encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
- %msg%n"</pattern> -->
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
<pattern>${metricPattern}</pattern>
</encoder>
</appender>
-
-
+
+
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
-
+
<appender name="EELFError"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file>
<pattern>${errorPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFError"/>
</appender>
-
+
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file>
<pattern>${debugPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
-
-
+
+
<!-- ============================================================================ -->
<!-- EELF loggers -->
<!-- ============================================================================ -->
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
-
+
<logger name="com.att.eelf.metrics" level="info" additivity="false">
<appender-ref ref="asyncEELFMetrics" />
</logger>
<logger name="com.att.eelf.error" level="debug" additivity="false">
<appender-ref ref="asyncEELFError" />
- </logger>
+ </logger>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
</root>
-- bpmn-infra
-- openstack-adapter
-- sdnc-adapter
--- vfc-adapter
+-- vfc-adapter
2. dependencies included in charts sub directory
-- db-secrets
-- ssl-secrets
-- catalog-db-adapter
-- request-db-adapter
4. Run the following helm command to deploy chart(s), remove --dry-run option
- helm upgrade -f ./helm/values.yaml --install --debug --dry-run so ./so
+ helm upgrade -f ./helm/values.yaml --install --debug --dry-run so ./so
aaf:
trustore: org.onap.so.trust.jks
+#################################################################
+# AAF part for Ingress
+#################################################################
+certInitializer:
+ nameOverride: so-tls-cert
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: so
+ fqi: so@so.onap.org
+ public_fqdn: so.onap.org
+ fqi_namespace: org.onap.so
+ cadi_longitude: '0.0'
+ cadi_latitude: '0.0'
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ ingressTlsSecret: '{{ include "common.release" . }}-so-ingress-certs'
+
#################################################################
# Application configuration defaults.
#################################################################
name: 'so'
port: 8080
config:
- ssl: 'none'
+ tls:
+ secret: '{{ include "common.release" . }}-so-ingress-certs'
mso:
adapters:
# Declare variables to be passed into your templates.
global:
uuiPortPrefix: 303
-
+
subChartsOnly:
enabled: true
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui-server:4.0.1
+image: onap/usecase-ui-server:4.0.3
pullPolicy: Always
# application configuration
flavor: small
# application image
-image: onap/usecase-ui:4.0.2
+image: onap/usecase-ui:4.0.3
pullPolicy: Always
# application configuration
# application image
flavor: small
-image: onap/vfc/gvnfmdriver:1.4.1
+image: onap/vfc/gvnfmdriver:1.4.3
pullPolicy: Always
#Istio sidecar injection policy
- /app/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbService }}
+ - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}'
env:
- name: NAMESPACE
valueFrom:
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- name: MYSQL_ADDR
- value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}'
- name: MYSQL_ROOT_USER
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
nodePortPrefix: 302
config:
ssl_enabled: false
+ mariadbGalera:
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: "db-root-pass"
- externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ - uid: db-root-pass
+ externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}'
type: password
- password: '{{ .Values.config.mariadbRootPassword }}'
+ password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}'
policy: required
#################################################################
# application image
flavor: small
-image: onap/vfc/nslcm:1.4.3
+image: onap/vfc/nslcm:1.4.4
pullPolicy: Always
#Istio sidecar injection policy
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- mariadbService: vfc-mariadb
- mariadbPort: 3306
- mariadbRootPassword: secretpassword
- # mariadbRootPasswordExternalSecret: some secret
-
+# Local mariadb galera instance default name
+mariadb-galera:
+ rootUser:
+ externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass'
+ nameOverride: vfc-mariadb
# default number of instances
replicaCount: 1
# application image
flavor: small
-image: onap/vfc/db:1.3.4
+image: onap/vfc/db:1.3.5
pullPolicy: Always
# flag to enable debugging - application support required
- /app/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbService }}
+ - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}'
env:
- name: NAMESPACE
valueFrom:
- sh
args:
- -c
- - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
+ - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- name: MYSQL_ADDR
- value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}'
- name: MYSQL_ROOT_USER
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
nodePortPrefix: 302
config:
ssl_enabled: false
+ mariadbGalera:
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: "db-root-pass"
- externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ - uid: db-root-pass
+ externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}'
type: password
- password: '{{ .Values.config.mariadbRootPassword }}'
+ password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}'
policy: required
#################################################################
# application image
flavor: small
-image: onap/vfc/vnflcm:1.4.1
+image: onap/vfc/vnflcm:1.4.2
pullPolicy: Always
#Istio sidecar injection policy
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- mariadbService: vfc-mariadb
- mariadbPort: 3306
- mariadbRootPassword: secretpassword
- # mariadbRootPasswordExternalSecret: some secret
-
+# Local mariadb galera instance default name
+mariadb-galera:
+ rootUser:
+ externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass'
+ nameOverride: vfc-mariadb
# default number of instances
replicaCount: 1
- /app/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbService }}
+ - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}'
env:
- name: NAMESPACE
valueFrom:
- sh
args:
- -c
- - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
+ - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- name: MYSQL_ADDR
- value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}'
- name: REDIS_HOST
value: "{{ .Values.global.config.redisServiceName }}"
- name: REDIS_PORT
nodePortPrefix: 302
config:
ssl_enabled: false
+ mariadbGalera:
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: "db-root-pass"
- externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ - uid: db-root-pass
+ externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}'
type: password
- password: '{{ .Values.config.mariadbRootPassword }}'
+ password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}'
policy: required
#################################################################
# application image
flavor: small
-image: onap/vfc/vnfmgr:1.4.0
+image: onap/vfc/vnfmgr:1.4.1
pullPolicy: Always
#Istio sidecar injection policy
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- mariadbService: vfc-mariadb
- mariadbPort: 3306
- mariadbRootPassword: secretpassword
- # mariadbRootPasswordExternalSecret: some secret
+# Local mariadb galera instance default name
+mariadb-galera:
+ rootUser:
+ externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass'
+ nameOverride: vfc-mariadb
# default number of instances
replicaCount: 1
- /app/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbService }}
+ - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}'
env:
- name: NAMESPACE
valueFrom:
- sh
args:
- -c
- - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
+ - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- name: MYSQL_ADDR
- value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}'
- name: REDIS_HOST
value: "{{ .Values.global.config.redisServiceName }}"
- name: REDIS_PORT
nodePortPrefix: 302
config:
ssl_enabled: false
+ mariadbGalera:
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: "db-root-pass"
- externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ - uid: db-root-pass
+ externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}'
type: password
- password: '{{ .Values.config.mariadbRootPassword }}'
+ password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}'
policy: required
#################################################################
# application image
flavor: small
-image: onap/vfc/vnfres:1.3.9
+image: onap/vfc/vnfres:1.4.0
pullPolicy: Always
#Istio sidecar injection policy
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- mariadbService: vfc-mariadb
- mariadbPort: 3306
- mariadbRootPassword: secretpassword
- # mariadbRootPasswordExternalSecret: some secret
-
+# Local mariadb galera instance default name
+mariadb-galera:
+ rootUser:
+ externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass'
+ nameOverride: vfc-mariadb
# default number of instances
replicaCount: 1
# application image
flavor: small
-image: onap/vfc/ztevnfmdriver:1.4.0
+image: onap/vfc/ztevnfmdriver:1.4.1
pullPolicy: Always
#Istio sidecar injection policy
- name: mariadb-galera
version: ~8.x-0
repository: '@local'
+ condition: global.mariadbGalera.localCluster
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
# we use this flag to determine who is responbile for serice registeration
# and it can reduce duplicate registration.
reg_to_msb_when_start: False
- mariadb_admin: root
+ mariadb_admin: &mariadbAdmin root
persistence:
mountPath: /dockerdata-nfs
+ mariadbGalera: &mariadbGalera
+ #This flag allows VFC to instantiate its own mariadb-galera cluster
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: "db-root-pass"
+ - uid: db-root-pass
name: &dbRootPassSecret '{{ include "common.release" . }}-vfc-db-root-pass'
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "db-root-pass" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "rootUser" "user" }}'
+ password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}'
type: password
- password: '{{ .Values.config.mariadbRootPassword }}'
# application configuration
config:
logstashServiceName: log-ls
logstashPort: 5044
-mariadb-galera:
+mariadb-galera: &localMariadb
rootUser:
+ user: *mariadbAdmin
+ # password:
externalSecret: *dbRootPassSecret
- nameOverride: &vfc-mariadb vfc-mariadb
+ nameOverride: &dbServer vfc-mariadb
nfsprovisionerPrefix: vfc
persistence:
mountSubPath: vfc/data
enabled: true
disableNfsProvisioner: true
serviceAccount:
- nameOverride: *vfc-mariadb
+ nameOverride: *dbServer
replicaCount: 1
-db: &dbConfig
- mariadbService: vfc-mariadb
- mariadbPort: 3306
- mariadbRootPasswordExternalSecret: *dbRootPassSecret
-
vfc-generic-vnfm-driver:
enabled: true
vfc-nslcm:
enabled: true
- config:
- << : *dbConfig
+ mariadb-galera: *localMariadb
vfc-redis:
enabled: true
vfc-vnflcm:
enabled: true
- config:
- << : *dbConfig
+ mariadb-galera: *localMariadb
vfc-vnfmgr:
enabled: true
- config:
- << : *dbConfig
+ mariadb-galera: *localMariadb
vfc-vnfres:
enabled: true
- config:
- << : *dbConfig
+ mariadb-galera: *localMariadb
# sub-chart configuration
vfc-workflow:
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
-
+
http://www.apache.org/licenses/LICENSE-2.0
-
+
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
</appender>
<!-- EELF Security Appender. This appender is used to record security events
- to the security log file. Security events are separate from other loggers
- in EELF so that security log records can be captured and managed in a secure
- way separate from the other logs. This appender is set to never discard any
+ to the security log file. Security events are separate from other loggers
+ in EELF so that security log records can be captured and managed in a secure
+ way separate from the other logs. This appender is set to never discard any
events. -->
- <!--
+ <!--
<appender name="EELFSecurity"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${securityLogName}.log</file>
<pattern>${defaultPattern}</pattern>
</encoder>
</appender>
-
+
<appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender">
<queueSize>256</queueSize>
<discardingThreshold>0</discardingThreshold>
<appender-ref ref="EELFSecurity" />
</appender>
-->
- <!-- EELF Performance Appender. This appender is used to record performance
+ <!-- EELF Performance Appender. This appender is used to record performance
records. -->
<!--
<appender name="EELFPerformance"
<appender-ref ref="EELFPerformance" />
</appender>
-->
- <!-- EELF Server Appender. This appender is used to record Server related
- logging events. The Server logger and appender are specializations of the
- EELF application root logger and appender. This can be used to segregate Server
- events from other components, or it can be eliminated to record these events
+ <!-- EELF Server Appender. This appender is used to record Server related
+ logging events. The Server logger and appender are specializations of the
+ EELF application root logger and appender. This can be used to segregate Server
+ events from other components, or it can be eliminated to record these events
as part of the application root log. -->
<!--
<appender name="EELFServer"
<appender-ref ref="EELFServer" />
</appender>
-->
- <!-- EELF Policy Appender. This appender is used to record Policy engine
- related logging events. The Policy logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+ <!-- EELF Policy Appender. This appender is used to record Policy engine
+ related logging events. The Policy logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
<!--
<appender name="EELFPolicy"
<appender-ref ref="EELFPolicy" />
</appender>
-->
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
these events as part of the application root log. -->
<appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
docs,
docs-linkcheck,
gitlint,
+ checkbashisms,
+ pre-commit,
skipsdist=true
[doc8]
[testenv:doc8]
deps = -rdocs/requirements-docs.txt
+ doc8
commands =
- doc8 docs/
+ - doc8 docs/
[testenv:docs]
deps = -rdocs/requirements-docs.txt
sh -c 'which checkbashisms>/dev/null || sudo yum install devscripts-minimal || sudo apt-get install devscripts \
|| (echo "checkbashisms command not found - please install it (e.g. sudo apt-get install devscripts | \
yum install devscripts-minimal )" >&2 && exit 1)'
- find . -not -path '*/\.*' -name *.sh -exec checkbashisms -f \{\} +
+ find . -not -path '*/\.*' -name *.sh -exec checkbashisms \{\} +
[testenv:autopep8]
deps = autopep8
commands =
find kubernetes/ TOSCA/ docs/ -name *.py -exec pylint --max-line-length=120 --disable=missing-docstring --method-rgx="(([a-z_][a-zA-Z0-9_]{2,})|(_[a-z0-9_]*)|(__[a-zA-Z][a-zA-Z0-9_]+__))$" --variable-rgx="[a-zA-Z_][a-zA-Z0-9_]{1,30}$" --reports=y --score=y --output-format=colorized \{\} +
+[testenv:pre-commit-install]
+basepython = python3
+deps = pre-commit
+commands =
+ pre-commit install
+ pre-commit install --hook-type commit-msg
+
+[testenv:pre-commit-uninstall]
+basepython = python3
+deps = pre-commit
+commands =
+ pre-commit uninstall
+ pre-commit uninstall --hook-type commit-msg
+
+[testenv:pre-commit]
+basepython = python3
+deps = pre-commit
+passenv = HOME
+commands =
+ pre-commit run --all-files --show-diff-on-failure
+ pre-commit run gitlint --hook-stage commit-msg --commit-msg-filename .git/COMMIT_EDITMSG
+ # Gitlint only proposes a pre-commit configuration for the commit-msg stage but none for the commit stage.
+ # Its default arguments --passed and --msg-filename are different from CI recommandations.
+ # As a result, the line above is always skipped in jenkins CI since there cannot be a .git/COMMIT_EDITMSG file.
+ # A dedicated gitlint profile for CI is proposed above. Also to behave fine locally, this profile must have access
+ # to the HOME variable so that Gitlint can retrieve Git user settings.