From 33b4630f4bef0c44616b062e7013f1da0d4cfc9c Mon Sep 17 00:00:00 2001 From: David Blacka Date: Fri, 29 Mar 2024 22:52:27 -0400 Subject: [PATCH] use SunEC for the algs 15, 16; support alg 16 finally --- lib/eddsa-0.3.0.jar | Bin 59519 -> 0 bytes .../dnssec/security/DnsKeyAlgorithm.java | 186 +++++++++--------- .../dnssec/security/DnsKeyConverter.java | 62 ++---- 3 files changed, 105 insertions(+), 143 deletions(-) delete mode 100644 lib/eddsa-0.3.0.jar diff --git a/lib/eddsa-0.3.0.jar b/lib/eddsa-0.3.0.jar deleted file mode 100644 index 22c098193aea3488201b0bdb460c003e39f766e8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 59519 zcma&NV~{ApmNnY8ZQHhO+qT`OZJxGm+qSz;+qP}@J2Usj#N3&f`@V|Iiu$p$GAgn5 z&Q)tGNCSgF0RTWi01)|I%K-enfd1q5_k#ReWkpp4X(i>v=z#$g{>8At59k{EuL0)Y zit^tLWd-FV#YB}==w!tnWTz%&q-p8qV5MoPrl)2al^7P8caQdufd0qJ{_|!wDts;_qZF$@QsrC@A3sV3dO5;G<%Q1 z_Tp~^Wue5}24k+emN8wkSyEB`ZSJ~ftvHAv2^q~X)WUWvrJMIB3$q7K3=kmp@OFR9 zHgM;;k4U@n_x$&o8n8NSL>{PW(P55y%P?IQGT&0V8Vl#3rMK2Kx*&itEwJD)r+=6k zwov9a5wGLiKa4FyV3yiYB&?4&_Oif>4rI+w71=U)p!8)-D84}WHF>!Q@2C)CEZeCt z=9{cT;Cw|h66uwah^hr;_!3YX`2TgS=3VjwmHwTkoxhdh|7E%u|1n7+(SlF|3<#or zO&MCCUcp2)u+Lxxs5;?MIRqubwv-F=D*cu1w*YujGL8q+{Ga?VpPscZ2ap6KDne2+ zAc0LiEuqh%qCkcTSM#z1p8ZW!PqNTc$ZV>%(9^Mty5}-P2pSBo72(*X>s|{>kquK; zPY+!>&{J?zi+0quw3?&Wo)z<1l?&}83y>l|42B>9fIV0p0i8V2o6ihxXWZa5#P33< ze*a@H;Q&Jnxgr7pXpsT{ko`Y=>_0xWS<}l~WhwjTJ0X2@{E#e8046{r48l_e2oR+T zQ2`GzkVG+%;pTYKNf zeN=vsS~Ta^0DS(T*v0cvUz%2Re#Jp~)UjBYt`a_9wZN6TQ2d`5cGS-q*w3&4eT>&) z{Kne~_+F(4zxUge48JS!kb+y`&ym>HJ8k@L>Am-C_@ArMpWPRzV_be2>^=NXju7`R z5BM8r`93eAP!tR$i||sBE~P{9L=0b+@R>NH+}HMUg{Y+0A(o;=a#LTLLF&+{JQyZr z*dxAjf)gfb*v2Kf;toeRNvUKamQnI0E3X;O z0kn#IJy=*M?Lzqs6n$4;NU27x=CaJF#Wf?=a4fB*IuTfDROZPfB;QI2eS@(O-%Ev# z^W>w@s@ri<-_1ObH-CKg@!`-WOs9yx%ka_a#SRUM?3Ve!gzL5?=D4v(lIl7GHTlud z8dmMv?fD+(KgY0J+FUJmmnbSW+o)Jj%_Bm0-^)2NR9H9UIrFX&9$d(g<}D#cn$ij= z5zpFZ(Rs_Ea@u<~R2i6dS55P03cbyG_zwl8>`4TB4>olc1+G^PBU*`4A)%d(=_YK# zP-+%&{vn;!hM?%JOx1Iywv@Y;N{jYir#-y0bijNi4~W9c0V7 zyDNRW$@wZ4vlAMW#oYIbO-xv^W@?FdBPF&;&e_N2BgYn-=M!+xTIJRG+iAs%=@4N? z8$#t}?`~|o=>Zg))tO@J&mR1W@d|m4TBy|f+eyX6G*{!n1D)K$l3_CG#qln2b2%1% zS<4yW7ZWNj6iM|-R;WaK#SsL$5ji#u;~7a#^w#!jePJ32+nJtcWF7Ba5Qec4*p z$ca&q=~g;crz8p*u;{h66bk#GlD)rkjL=w3+7E72Jg~6owl2r1iZr^Le+MvHcwyr5 z?hPp@PC??(dt&a7e~!B{U`)U?)hH84eYII2z^T5*+)4ImfzS& zkT#4zr?FZLtH#{fo#Cn#Kzk|A4@e|A@UpSqpgG~O9Wou0=tXdsC;w6kS3$a;B}y7I&lD^zCj31H zs*2W7jz*1=FT*A}HT)jfSWD=UeL*x}AzTsCVj2N#nXAqL*2HAjfJBpXy0%cvnms<> z!NJ0kqX&NP*5T!@X-NJ-f(kb+>}FfWfg7#Yx-C^w#h}Zw&(vXvQ}~pKV3PrpY;VeO ze5mIqPm~Fzohq){l9`^$j$Y|Cm2Eyz%OZ(B*@sslbd#}4ZPiy7LE(nkuskHbIBGW} zLlVd0*m$1}YM$sI14Cpt#-+S0-AS05*&xW4K_i+;akWOO3AX0ZS6>wmuFR_FXx%uc zAwub@$AJ<{&J^HFjVz(bZeB=9ja2tw-j_se(wN6Hn<@dC)r4b!s%Ilry5A_xhBa?H zk?fS5my7}ooc}05z%pS%kWe=d7?LfBi3br3j$}!FZNPqa@(SJm2KQwVoGZ-IKG zYz>XkFl@4Fr~0X5JHgf-Drhy)+^`jgTcSh0lIaAD$8;oyLom`f)+v*DX5%em>6J>~ z-u9#g=XRb$g12bs#WRJ)mk|fMW;r2CA{`4+9uPw8@obre<|cvr65mdw-Te`!X!E|4?Y;tgB!;~(;I14oA;mZYb~&(#5_3F*si=l8U^LlM zd>C#OloCM}{J99}&R6(3tpQy=or$JXwq2CZV&D4wLCy6I+haRv<4~9^RG`E9r4*O-i%GM8vDr3DHbb`8 zdMmKCWv?-4Lqk!$r+@4_lUrSF|n z<7woj8YkK05`bLAHc1ArSZI!HJe!q0?Vp^-@-b&ii6Ao`S}r)`{`i=Xvc4SYu$dKX zAj8u{&ae3F0C&qc*GzPI>YChif^J3TPRs!$$Kb)xW3(5`rpT)*y?Au`Ab!&kIU0huS2Ch!+ySu)dkae`KPzTUAi_0!^H8U-vI z@W<LLBH5VX z2;x-HDR_PH1qM|M{$SM=ahk4T`XJ|?4e%xRdqDt-T&{meSfo@O}Q%Oh%30y2(}%<74I+zFYc}O z!#^_mRU_f$lnKILA~PMC54;)@-jQ4WzsF6h^%^HxLOEZh!2|)%8i(CwvVznzUtLFs zU_a`~C9v7E`uoJWe&AuU@R%7S*{?_6jV%b~ORoNiBcep-d4kYpgV!5manq`W@<*zL z%#h9{3?@LrHMk&wQ}*f53?Olh;kMz!JJ@ndp_@5=a=6~9yCliqUf4r;;?MAlo_?f9 zext1*^F;x>q{}}%o40v|bLSpS3ug84?^1fh&FntBVty-X8?jb*EIMWZ385pskhgIO zV1KdRq2H&htQCUlM0Ll=8}%N@ob*Xp-L%j3`II6sIQ)R{-^Vq|uPqMR)lL2oAAaMFvc7g zSF5EisdX#@!&Q>#@@<&fq?=v(53VN4k*%39tIdr6G!5>6v-ruRe;fQU)WNCZjcy4l z%S<>p&REBx!#v;|JA~w`f>ELzTp52*E<1XtfRlf?)XdoB)QLo%ll)nbf)=nZQ~37GKlV z%_d*BKDZ@H&caLYiJM%IQw-=4;6?BBgw*`QYxMyt)Fol5xBvDs8<@IvB$POVSwD*HYbSTO2}0+v(zD^b=}!Jgvvliih* z{Bjc}?b3*16|F#K{OC}Jm7ea-apm*T?6z8!J=%#wyH?w!tpl6f;F*2-^9IL~RXkDM zTu@7b8Fz0D1GOx%8wjp#@lr9=RmnLL+=@!-vBNNNjcI6^-!5v>zUs&*e42%yko0E~ z>mF;BQC+QZpW801O@HQUOfGS-eqGW}Li3CIW2HW`?q}%Ip1Vv(Z|V0=|DZ?e+!J2+ zgHM+PyN4)9tu){^8oiukyvJ}H)SadD3C8Y)#vq@x44x9DS;hG5{np_Xg1TsxPRKN+ z?U_ceid0$*pLpgBY4%K_5n#J-rX{85sqSl_vvHg`TMvr6jW@or;yX|;?0v=v`W=LK z7ye-3CUps#+CF2=;t!l|IK884pmJ47MP1sVADS~b^{54|H+&_`Axty|2UF)Iig(sd zh+x1&&>01udtkY~I=O*bT!h~P6)Gny`~`p$QAxPZWSK5i)08PiLi(*U8)xiMnWmlh z%m5?qj+~554hFJ(bOL=_Vg`XP>#OfA=>O3!Q(xla=}iJI?dxk@pFfu ztk^ml0TnbNQdo=>vCBk)>jbk+TG}>sv;+U9{WzLI^+TboBvcPox&iB~oh0eol&T?o z6I5ZtW|T>(bi!221HLgZnoBT|McD9QYy^BK;C)-JWA!%m0vWDzIGwd?1u8sT5>Oim zc}sA*Azhim=dDi7X4|P3CV$(hFo_#RTrBc>z|r=5#zSn^IFtk0mKAari_3-P-dA0g z**DWSj#0l{dPrsWQ1L}Va>VZA-r5TKyn9?FTxSJCORxEeSXDV6dN?+8HvAdGNn$%{ zjiP{d>N3ft$`mV0Ehue@xg~h{I17C}W$kk$YS)P5h9jxF z5f7vpE)qK;NY(7gB#osUp^d51KH*wwBUgu}(tkX$_p2iy(z%7Eg#e%tog7Q{k zZ0qW}Vih`n%Uk8&g7da?UId5I{9Xc=^m+JA>%C!kjkm4Lv7UiH$jYhHi63>j$+6)( zr?w_({{c*;c|Gg1=Stp00RA>*D%j>LluJd=bmIr^dav6wCM_dKe_-_Hs|V85-q5s{ z``UwD4VcqmWGoZH&64_a>ChgJlH~nu+-B%C{F`{y(K3>Arr&+7d#z2K8!HX#B~$s6!{DHW@qHCC=3Asrz`1|rlX0_2R}A4DsYX#NfibHs zbX9NJG{8e4eVcHk@(*dH`1n_|6pxwW96*} z1Q3RIG+4jIyF5?3yIqDW$rU#u5sN87y!u?Qy>&cbfPd-V9DS{fxR4%Y-2<`2FG={LSl-2 z69<~BSJMg^>pp0QkpH3Y_|$zci$FD9jRZmZL69E{o^(~US{+PPCUdLcthZ(P`+pF3 z8c;%~%74jTn7@1$)xRAQ1t&{4Ll@Kk8kuBuTL%?$RNw8dv8^qeG1fQ%|5bnhvdliA zxLTw*Z<;!UgfTEG14(-~`tboX_f9W%)8=M0W5Ewh?Q#R^4W+2U(>!DUc&VpUEq<|V z$1FuZj`tl$ml6H!^M`G(#xvV_}UyEUHkcgyP zBQ)u7KEX@I33J?()Leq@WRL_ebyKr^Qu?|Pitl6)*<)UO??I0zgnq2KwAe$gADuVt zepi~0C+Go+?)BExTeQCskLP62iRY#t8cHweQkqZZpmLsyvOSeFRsA+HuokjRlNWgf zN&HEMEk_Cu@&z&+7>KpI++=w+VMLKOeqk&8P#o{t$Ee$%y7Gb%a5MtX4(CMvpjJDt znZF#n-@}{>nuGA^=ulZHV-D|u**d6}ru}`MW5?ZlP zHf1(BM@9@N7f~+omYB9e?2pl#^5hc+ZT2R0`k~lv4cpP>S`|V*+1f2O>x8P7fUzo1 zIM{HK?OJ{4*B9`xD6FbLs=9Y3o2#_5p0O}eLSsYZtit?dCx0;3V;Zo!%Q2YCuVTrc z0yc-raxj<0kQW!9N(-tgM%I;DlIe_ja!@tY-|`xm-6pg$n<2N&4S=qyze<}W?dA&G zWj4pOy~5z0#ahA=6hm>SWsUkXHG5~*%5vDkQI7ZU7k*z4X+(-0AOlHjZP18A(sH6j zW2AdHMU&}WuV+pmK(LV8f0(#c+aigmicLtIN(xaiQ|?BOP9yms3P z(Ms6gJ+G9c7?1TmJ7yq)qWidm z?IHvA)a6@Ek$t&F?b!X3Ndrv+*lE@oX#bvnkR&iElp)iP$`9oc#IBkTJ}@pxi7v}^v$eY7wog7Z@$e`b&(yp%ot4kCpNT<&meW^mvj2~+FC2e zBD;~?ar`!MSZt^mk#PPtXmkrFzuTbgF-Ti4S@O|o8-A20YV2WS==9m~l1WHGxr?6L zQy4a_jv#7^_>8rN7nRgkgVNWn2ia2_O;WoFZZ7kFM4l(TjaMsOk84k09)OkjL_Iw2=o zGX+}JZ_LHdzQ>NRnWfv?c38TRU2_;|k7ucztpVmB9!Kn%%i|cZ3!cY3bcS}mV2t0< zR`e?-D!>kzomfEbb*C7y72U8;VXv#Si(3Qx?aV&MHFk>&D_J+81vg;t+u}1Hr*iQ9KAefrwy?F`e1YS39H;0 zcJ+pLzx8P>1FUp#Q&gXu^oP7^_U?pjki_A+A_^^Y-d8?O=CCqq|bqA}NcmfUi)=Rw)GtYh|8Vp`h;!J{h}I-4>F3 z19n~0W;7|QFTmZjH{5*4(|Z$anUm$=4O*)A zu(*5F`V&><6D#TtTj;vg1K{tm@`JbZ1fPTOXH4<|J@ByBX1*60?Ps^fZ(sfu{X5$4 z!2UJXVYhdH9;ZN#V>oDlmJPCYmA+!wuwG&)gsMSjJZjiTiU#pSw7ZP}OJ?>e45&1% zA^#Zdgh6H+FxLY~T&4^*9GC1=hiK-ED&Q0ieV23ypRF-tr1TFY9br3KGk%^TME#=n z2VV}_w!eFOYk=R6v5`k>OGhJKR9NDOjla2Vjbmw6 zZCUi`8{v~zy&|7K^O~<}omxL^D%g}=?P=!~esDv$BVyJt*S`1+h zU`lfE_7^#2K;HM1cy0IWqdIMSslsM*w_ENS&Jil*T1279|yvCM(9l?phuK zncVwoP>gj`j_0U3jD%U@PlMfhdJFb51M)6~zv{gA54WMbk^xx;AOK- z2Vx!d0{JYNOI-nPG!rs-*e|)?j28Lb(|m%mYIBJA&&{+0vk76n%$W0co9K^ zOmwbi`f8)~I-#J-Uq14eSZG1Q3nYk<&z*&z=04J`8|i|ib#C7>w}|qdkReU743C-I z23-?8bH#Razs33fc+;AG8V<9w@ViE2!n+4qzsb1_rKk953t56^!0)IXWuFikP2Y(0 zawlnmMKu0$`McnBio=9um$TEkD{VK?1;}@66|vi0q!}jHIc7*^YebxAL0tCg>qU=H zF62ZY>Wy`2H>F>{c$h4X63!eeUOlb+$i#URvYU((^P8Kc0X(XslbIHRh3%yJl3At^ z9D-7EI9w%WxFjF2%m(BdTCY4}tB)kHS`s$KNMOg!n2bwgF1o<$n+$U>DKvn|e=&tL z#nX4nl?LY%Otnz7n-4|;+8TnqgbTDz1<1VMvY=Z7r?>h#>$D~)les3#5RzjH_p67i zTGlS&^+59SD-NVoR`ZVR{wan273s^?q8iM};5IL#;k6#iSP>1f^<&G}yr!H5GxbAo zBbD}%$W#uy)VD_Sq;ff=uG&;6J8bT#G8|-4s86-s2Z%}-tcufL7YWBhGV4g6rgB>n z`86+v6NZwde#hEHTKm!Q=`EFaGz}|=Oj9rG#M_ZRrg965TIeBV@P&jW+0U-(4ZUNQ zk0$twhPSvh!I^@7FgTp9=pn?0EwNFi@F|INiz-&yogQK{mBuppsCww2ja4u#1whd9 z&=z&4UlDXi^^T;cbRRN3OVK;m*uxOgQ@45NXbgmn7S^3DeDz|oN(O#!DSPrvWxK6t zX&>Ra*olQCVo>d6EMRn7y)A(&6#Ug|D-vrl{@$2%*^n26?bf{t3|o;Nd%0xes#)*3 zs=L9sy=KHrWa6YXZbz%%Jz+Oxx052hs4DbgWL7mit}Qx4;T1|J zbq_9NJLCh3Cv`8G=!nVtW|hosL(b!E3yxj)Vc`@iLr1s}+rkCjJ&?5UbU?4Kvpv?F#qB<_BOJQmF5F{9zpq-@1(lB~O>Y?Q4ur3Kd+Xiii`okoSXu8hjuSW?x6fsNhNo-u-N z#0B)pevsIVH5usUcWFn)&I_*7)rAG;3DSBBp_lD5#z|NO318S#ikkV{z_b;Yb&J)8 zZbv`k5mrJ~W#Mp&-rz)x=El*M8z9!}pTd-xIWCmhU`n(*mSrQXOox=!U!kNvDIs1t z0o{EM^hOvbx13$U$R6pdo+0qd>g^9$(+95Hr1?s#a#9&>KV`r9EZN2C7H59}f>S#0 zF>W9$jzT?v7Y9dT1*H?W423Vx9c^IGdv829TZkc6pqPa!me^7nt>&j+6B(gmd*S|)Ma*_K zvPaCs$uN1y;?NP>dGYA*c#h(%L`Y9yP`9C!|_DSevq;@A-Tw+)kkcG^USBJ zXux)UZUVn{P_g#eY26siR>ezQo+zljpBg!Gd!M9Xk9; zJ9>p=`Aj-Z+e^>g^Zm?XwoGaE2}|=x<+`blsBMhIue0erE{Asn?H#7Sd*UxQT+qe6Pgto%K>{6uiII7^rJg>pW`(75Yimp;FW*xho*{0NuBF5;((lNy}!33 zKrOp->_IV=j+0}*PVf})bMKW2`3gd9!8GSTr#_$T1Wg;@JGdJiF2<3&eO_%v7tE$iw!3?h+D6(wSX%0ZP zN~F+2Boo32T>VVS`mE!gepK!hqfxOA4syckQl{L2x<`98ug^mS%wpXz`xXCRqYJ3; zdZvcIJPtn4FaC;2Bmt=+jo*a<;p3F271jVHL zJnU@vbznp@t&C3TY#CFMN6NeDqJ)xR1eO#+JUC3KY!W0GY@hO>k4ra_M^yabV4J7J zxKZI6)9aajAw7a1_xz;U?6lHyf)|U3B5?ciZPjeb(5n%{pHO*E1ZP$_zGyoUi&Jw; zg3-uK8RedBqdpkPlZO7{6lKh)`tbGq_y{g-lO~BpT#|G+QTbzCl^@MDMY*EP(+UPT zrSg%R;C4A8a8`KIMP3e%-96CrN1n;Y$=x4aq`~cV?vR0LpiYwh^UX0Z@Si>MRmry}yUxuvC;v zyjlgr`zYj@Tm*9Bv>Egu_A5qDpx@#gCVpQpUx57{{b*uS^CFsfVtS(UTaWX!+lx)_ z_va&M9}OOLnxf$&txskY9;z7(aa#oeYEa-B#xXWZ;JTmF7Yq&5_q>ZY2b z_^>XjG}U#vL}gp8k*27aUemH9nk1Y&Jh#LCE;LS!wu;C z{b9+Gn&-`3?T%j;$47}oz<`)9bLzNVmySGtiOc#rwe<>?51N`{TXYl^g?=dTFYv! z#Li){l0o{KQb`(}QzsQpyFS8qjq-k=)H9fl8Z}IPfj%mmzTMF8Y@qj4Kfkr;*r&maX%9v-K0c#A71+W03ZYg0N}4w@;^1l z|Dh-Tr%w1E!r#BAHZenE7kj6F67J1vTk6Q-C_l1DYi++l0}Z|`AfZ?QS%jJ?1e0R( z&_vc1tc$936D&0(-C8qYrFu8iciuQd)t{WcYZ#zr-KC;a@xodGT0uJ@?7=U4~2@Gh^|O&izPBnyV4gTUs$wHJY_MR z)SemyX1WNoi};L4ou5OG(j?PoQkxI6Hq(}zVl3^8K)8w(^U~Oh32pzxN450GW%nh& zeiGa2N~f6C7+p+@HQ0>fbefgPlVYJ++cn7$CbP~+?M?|Yg2b5O(6+jXH(J##JtqFu zNo}z}eBOZ>BqtZh5sK@>r(PWOTUCO)9G}0IU8#}NNqsPclt{*?W zew|-k71WgLf>P8w1d*hYj=dz+W}XnGrw(Y-PZD$M##xHitao-&JHgR%r+x;)7N3oE z2c7v2g&u&j(b885!wu7|)gloezQM1sjlL)3VUY$fl_ z9}F*3&l??VS1(hIkx8waA+P^PrPs4H>sM5WFu;u^_5gDF!P=>N-+<^Dd_nx|+ZRXs zdX1oCCofB_Dxi@ZjDK4Vbun^DE_=G%aY`NGMaj`+FfM7Nx=M@U8tKw(X|F;4eYBck z$VXOqEsVz>uppbPu05gQQbz3fGx^>CBz?!td-}oirV?YlRiK%|a<4LR_cl^drXPJQ zwAX6mes(=UobC)V0D9K85|{JaW8frWwKeR-br;WY^ijn{=gv&{duJ~!V;+kytGyfb z>>cJ6X+_7n#?e~XO(a||hbHw+v{2oCnN1p|!=9vOHAiZsunY(ksFYpAYCKn#Ts!+kge`5PYH z8-cB}VKZ}83spgMld<}e;_%&y@UMVpDWrKrAub^a`Y-UJ)H}XmlA`@2Ztxs9(T$eb z_6U$Y>zyIZf#n_tUua$W+4|otG_dlwO_8lRUy+LnEV~)8ah?vyK_+-64~g`%-M;}c za|_%u)-kQ@ACypUE~T3{q@Ofc#DemDAj39;KOB<|F?{GtXCoZ5`dOuJxW4QZ0u$2) zQJ^F`L3D_mxEz5B+l0#h%m&2lQ~joB##PEus!Gz#sKpWEr%(0}TTz z^up-8Ry&8ykeyH2#*|lZIM&$`lV|(Y66rjHeg5{Glc?w}P{xYzbjrI}qC1oB2l%gm zt3)Qk|MNGRK|ufjp#C?2`}ZHWlenp!sgvPf-2G=TqyFapmoxj$q2;+}XfZZKCV+!r z5KBNeY-H(=Gr$IhYsp89gPJcfwu}QmoO9uEa#%01p7+t0d}*TG!cHKVD=U@so8bJ) z_fwRU?|mVmA7g6pOFPx+vQ7VQ>ygj&uf=;@&3WtLImQl z#al`$fu%;?ICHj(om`&veQ3LY9Ch-GjUQu99RG5oRf@N^?dY>DvvsdYvE@UBzhXUA z@|=^oCg07*+AF8C?=ri20~%;1vfBuw&pA??PSlA=dKzoCjQ7A@b@UOe`dh&!{Y`;>1IQj^4UnWyMpjPLpr!QOQ-azhFo~*yvIgcP zTE!JiqU^vADOJUx)`c)jPnV!_kV6-044ji>DN?I{W+>*~hjVks*UM4IW0K4jmso)1 zV~@H)rRPCMh$^L+_PkmWF=Lh&zVeVXUnx1`Of)^LQ6^rKn>zs2EthYxw7*5Dw97qt z<0ri+FQRFq+8aCcz>5rljX7+0EwkotnSuF7>0v&RdXd8I+K5&OSgAd1_n?|ivNPqb zMaie$VLzg3SP5`nn*+?_5ICCFbUWva=c4uCr1b#}m#E%bavHk5`XE0u|zv)1COv;xotpmPTQTfWGE83`M zzYvy9^+|8E@1I%%+)aS+s;`UZy0T@pS+?p`JSv_B;FKMCY2&(qRjlMavt|UKj)%~~C1hu+2iI(*hRDz)Aq__C8CiaPpA6rctMO`VJ zwB`}!#ze_Qxrz+Dy5<~m-UOyA)$UyRTD{#{VN}oXZ!77;^|I&(hTcqW#_|Wyr5K1I zyz?VX`c(JP#^tOdiK4{#-}iRgx&5v#wXJuO>G|(W@Yjt>ry5U)Mw<3d0fwR)kZj2H zbHh%etm!q@oKtdse{9{dk5gDrP9{jq7XLI(<(4TPV^ev<+?)6XyNA=Rh7@v)Fh7cO zSoI-$w+WW{)oh(l9%b(6I=ztWgctnnjqtE!;)R3K(G{+=M+0%c#)xy!J&`EXF~z=c z%HKK7pQpu{wiY6FR)UM3#Xf(p{=U1CX0HBuP_ryLQNHTYImrF2)89H2|TQrWiLtH)_lfu~_L@gePa!DD&JUV65 z-ou?HAdzoL2&}To%sidEkf@@TygOkR%hyv**cm(30Fp5hV9y|$u7q8cn_k0BG3%-q zAB>k-Cve`Prfo5EnFK9p3+i1&)_#a5ld|scS+DvYuT?bYP2n&Q2Um{4*;9$|^wn{l zM<#gj^nin*A4{{{sz8l3UATP|x;exA?+HO2m0k8wHc1iReBA5|S=7vD~wJhkrT1tq`2aA$-J1d=lPIJs_JZ~g2-1WfjG{FiWcZ7Xm7i)=H zA)YaYlngTwRo=SRU_dS;KWx}bfPrZ|ihNc~EE=OS|G}9pRajzNE7j0Kl|^atcZu$r z4B7|3fAyo@--qf%f3qaJ{`yja|I3f6x>(vc|HFB@s>~>BtD=0{ZF_kVk|YQTQ;tg$ zTfqh(y%8qg7bY0cV)?rCalvujC-96{GWOq=C4n9==(f3DB*?PsF2Y`w4XTY6bN@hy zr^Ya&^?D^Ham`L0Zad%bo^bEHO-uUvybmJ!BW^+w1=ka--D5;yKIZJm#p^adkoH`FNGi&Sx_4y4-5 zu*DPT2ohB<+i`It#n?x3!Pe9K1M%5?sS_-cgC8)nNQbsc&c6+cnlB4G}v zvD>KSQ}e`ByZ`lkT%t_t7^Bp_FwnwcT&8Z#$d$`g2<(x5fFJmohM*)`gUe&u27N8| z&N%eK;vMerR5?j8?Fh??GaEs7ZL9QUcI!Ut0pC?1`!e!u-sH$zAr1r{K2%-S^YQfP zqsznb&0KSH;RSzILV2ne2#khIYN5NYi-g{$eX4vm0zsMR@}QQwdzuews#`RyY0lc+ zd*2cIqlQ91sA4J27s#8&-BBmNMuW8c!+r4MV1T=F-`Pq?-G zE;r#?^*NSFBsGLlxQ2R~lLn#;b(5W_LSh+7ngU4Tf83B|0~6E`di?UG)f5{#L~6k* z4SS?b|7=SbwC2w~?CX2Uc{i2|VpHE(ht4py$9i$#KHS8N5FKx05;#K@b?!+3V)G0} zb`oq>dQ?Nc#33pbMm!QWm8U7bQPv668-Yu}YKf8B;tIuzx|H%bp=;yc#;{VSxXN={_3h3v4No!t;ue9L9Qe; z(s*X0ktr%S=1+&ORj0WVsz>OlG$e>a9MI?1P1E!L-S-u zN)k1>=*QHpEo_14#5|o;Vwn3Zy&wCKTKX*DnEyB!i)Lh~jwYh|UAsHB?ECjO_`l-I zUr70{WNfVe3tyc7W-|Y;v}o5(Q|CN#TeAn(V@r3m)+jIKo+ssTaP+Ff9&R|-sF<_LV z&cG1|-ymx96n5KskhPSn1Bw-Y3B1LLDQzgxRVuA=+?_eFXq~F zsz8;-gL+Y4j;DI4rdL4*?R#uxerobx=Fv2@x-KDGjf@=h7nPbqy3<6CfYEnAvymz8 zB(3>FzI~@@jytGmz!xsgQB;cYTWSU1?_tgW74VIR9`(v&oOYV6xZ|x-n-#bj2=6V( zMT2*;R$0e&n)Js60he{^dMn_E7HV|sNzgO>W~dmIkh@cd@qJQ zmSp^{YxmWrm{R;RwEOS(`KsP+2CA&wk&^<${c?c+SUaWi-r`ONrT6;A&97CAnLyZmAf}vxRSrvzgfqNnVn8}3d zh+lf37*04EY&eyD+e;*BcWV3Us4V6yLzcACnu3ZhLdGKo@&j=z5Lg3%GnFIzrmgK1 zD%E)TlZuO|Bhgu{x{a$SDbUnt_QIc3+es1vmYFN`}{bhAXTd|4IO2}W~iL7O8$WG2cOVtC~ z$>q{4K<~<3y0cBhi7VH=hH}=*16_e_ZhMxrz5ILq)MRv?<*Uq$>h^74o_MOuWzw*? zm|pK*yFdczGtbqK+>LPLj`uRO@8fgX)iBr`1@Q#3nD|SY@=U)Xq8H3|Vax#sG&lgF z*SBwY3Oc+#ca{|syP8-@e9_F=;rMrP!ZsU{_Tj`h)OWZA$B zt~#Hd8An(62mTSqbPAekK|&I=O-Ku`Oq=Av5+Icm?P*wO16o z7}Z7;Z-dkC$ZNF2o{vX%$6BP~V(hnBk1$OK*E=}U4iTCr?iX$ZD5^tMOtq_xSELUW zow~4V*9VF)6_@(P#p)f3*du2FqG(ZmC9n#HL-yHbo|0Vwek()x2F5;rBg(as>Py-- zt}NXeL0wHI&a|?=4WpG+jF+w!F`4Pk13Ot+d}Boly6b%I|HRh9Oyc_gAe~d80RWi) zEw=sxA^%I&{4WrxtgMdm|1t8;L6(Hey7x?L+O}=mwr$%sr)}G|rfp-jZQHh{`|G>+ zx!;Ms@4e@oh^nZyR>bLMBeX_`??om(Dq@- zIjI#gsqm-{<+})o^vRU!!GOaq`@N+gnW1okELd|lFz1~kP{suU|4 zak+Mih%l(E2B_v`x|wAbrdAgFXXZ^p8Yf)`jQ6lKg=Vwp*hF5z zA?>Jg&*YKa`5+d@X|eO-OGmrP<_krua(30(AW(#hi(Pk+X4q_u_}(qs&uwjqeC4`5 z(}S>T#=pA2C9&nw8SKBgh?fU-Hkf*SFfo8NkPw}Kez`Q`RK`g~amGw&$j(iwDF1$x zhPsfyM07DGI6f?N<#=n;qCQA6fPF_`se|f}IWWLVV{^cZ2?s@%zEH5B$sphL5ATu$ z3}FD9AmLJya@NW1j2w;0=s!OSwkcAg=)~5QwZ~|FSuqIGs3Ya`U#Czi<@qE>k3Mux zxI4dldShxW$J&vY0Cm%Z}s>~E*^x@WM7DqHqEWeEM1fZ z$ezb}FgP#Rf=)`0Ib90MvWaw@{bbDbCP8}WkyX>5*0RO-w`pY3B==G!7?{s8Kd=d; zqK>OhhrA)3`KvK$GSrYQJm*qP!n)clUDwFW;TG+RVzGdYQ~k_XN|b4(m2G6`31%f;9){MG4O25hsgJuDO2hbd@vZ?f`ZZ{1% zVG?B2LvWFKxgO)!{pKra!URYe%xD~s8QozFJBG|Yrgb^;7m6ER(VgG%u zk$M7~bf<2-Kodh_vz_4h?Lz^R31vKYV_uVLJS+W;-{bi#D4i-+DD4uOryXhC8KTIn~N9J)+l2AM{9Wk^8X$7_%Up^rQRQ#UGe(xqJB~;@iw2 z_JMPmoqz56`k=c9t4L{7dBn0)#4@1s)hZA(!*J(>-BEha$}Mdt6RcQ7&vicrUq7a?z<)Rh*{^Hf420~=SG_;(jA-60!}OW0QlIzrHSO481@O&k{{8y57Ic;qwKMCt zsE+#Ue^#LWZ*ucLvu}3Nx*U=K@^Ftu{(6eYA3*_Sa(wmXUP3m68^szzP#H^caJlu% zB5LY&(+-hWEAJ;5B!6KluKCZG$48J}dewgOUViWv zdi0Q(e0p3X_9%oXN^~eg?x-I*5vomhcc1n8A_r?94lWwj1G7JmEI5~y+>N}(ZJFmfpO1aZh#ff$>%PYIM zZu5=8hyE7hb)Co1M7PoDnJCZIvvm!x)Mn=58nAjam&UE{QzI*lh!Te~1G-GwQWI2> zEL$Ziov_9fMp{RV+m-xpkn6~-rs!w$IR>`1=%D4~I#y~o2?l@HQvL!+oHhze%x}BT zTSSU8RC1WOtx}b$6X@Cs6c&6#;4ep&Mk4bgh3RZH*kue!_5K7E(|lpFwwhdEQWl6; zv<8B&78-&zKprVi7zy+hM5w77o*;&|+pu%^j5b3o$+ov8wDx}dN<`zPx~6YLDSGN< z-Hu${81=|xs6_X=KFZEw-)9lJew0R79jCM=PO zK=>wVL~|)ND_EConrnVl>LAGlG{5rGJ3R4I=mk!}DQs;x?=Qk50K7^pi3p^}0svke zc{zyC|Ep~N4KB~O#F6hx(K=L+Ap|o47GZ+NIsX?NgQx>ymw95x9s61b+(_*&Wxzq| zkB5Ar{`zg@12uT1nesSTVplg%E+G%W((;IElBv5FV!0&RUxQTKKE^Skro>bB%qkoi zMLN>H$sFkM&&pHt7RX*rYiJ9XYH;8qLjn|KDM*w73!Rp?s3z~`*2RW;l(#t1f`{;r z6hAMeF4SPCfn(*dNp=_nF-w~u%JFEdlpm~431f->{GkGWLQ)8>89T{X!&f&Dqb!Dak3*|00kid=z(6 z`FVYr>lx6D@Ynh(zxSGRzs@rij_Df_;vQRPX=Fj-Ay z`$-Jb_L{DmROZ^_R{g-{fuqGiLDreTNqLb!&$3BQ7B-7=Ck?ts&HWg=#vMOnd9w;| zA_ol?DC;Uur=LyscqYFp0wIF~*V`h=;0FY~c{L$*#xUA=IYB*EE4ZmW&3D5tcqo(W zVdPuYf>-noh=P(tA-VD~qxMf>eMpsa^po@CeR<1l`mLcaxIgOnLUs}an~TC4!6A9e z)|-TEtqxDwE>@@b24b$m*AbWKco8@#H7VR$^yF!r1py8g%vEkNKTQ&IUiuC#%_Op0B^E&mZ{iPKZ`jA7S$rcJ~$ zPZkzt?|OhxS*xy2LWx){ZgkhM5GukpTqLfq^XIBH}vVYPMQyJHMqoL)Q~gt9-CGRbR7#Yc%UB~RrL5Rnm5 zZH22SlTYU|&t`+)*ZcbQkN%h0K;9yqG>aju)?EQ$+lXZvxHbC@6pW4A9a>YKMlU(* z&h!2(sArzI;H6HiYmXaVUVDQ+V7fV6?EcVxWG902kfRXVl-6H>IHdDPTIx1~*1C&+ zU^rQ#OHtj68t~W>cnWYni`}}Delf(2^6+4LYE((_lPq0RI1T#gi6Q-AN{pkuKS58% zebibLjiwsi{UjsWEkjOV)8~kur82gl(e~fYAF7e61S2k869H5cnvl9kgaa%n)ry`Y z&uS8o2#Or_(Ut@r&rjBt1WruJN$^#*8nliyX>(+ZMoiYh=gra3)$!S=>t^ZDs%dfgX6bMzTU5G?pz>fSNYM>zq1I$&Gh?qW~8W1w00kT(|B`}H8 z%BuC9&Y>pv+Ce>ebsyAJ7<)YpE5uqntPBf=Sb%(&b_b*f#i4SMt}tiVJHj|yFX*|U_c5Q zwh$LWONoNQ>9`Z`GpOpks1K99C=b(%8heLKlR#sGR|YY$v@5-G>lu4M#tkXOvgkHO z1xO&$QCLG1YEO3!7anQ92o9&dNcJbAaXDrDn*9T?7^uJFHaP=hQYulMp->@|)f)%j zx$FLuEyO-XXvv)dF2anu=%E^2SA`oJa#Bhqt%6K~aO}X6UtvjDVQ#6dM8v_H1ZBp7 zH6sKijQJSai}P&xoYj zHRnd08hZiThFp;|elX(i-|0Kk3K$RnHOZK01Y8H-2ifC@%%oghdp2L;M#V0zm7CXjAAWP=KkFu=lRetr&g>QXL4 zwzBv2JhZX}v<&+z=Oj=13UQ|sG zjQ8!mrD2|^&UZkPIsNQCgkj!3*ApwGUpCJ?7e?wTd{{*4}(#-=jR$gJUET1|oDKl>=qYLGf4q&eb3B-DBzdErh|kMAC)U~P2)$(e{f z*$26!RqnXfyE9p-Z^{5A?5%)Qau?gZ5zZLfU38Kgb2BuXuv_+MEcUwaE0+iBe4Cp4 z158g&Ih$Q(ifn}Y2I9F!|1Fs;Er5pu5UYcKeRs&coP&a}SUmx(;?-{^ko?rC1JJAi z5l&$rkcm*{%dLWW&s@i9q<0fTIs_a6ySIOvz5mYn|Gf-gW8iH5f5-s18z7oP-+O%d z_x8c{|JpkK@lP>FI~RKqYZDt2TW4ZL6MIJ!r|(Y&&K7pI|J*^cm2Kqa<&k}9&zEeI zp3zo+CWCSBNchIbhs~P5T*NZwcv(OT8&0$z zaQk>}|4vjuV%r zHro%nSb|;DW7nNV?&;LH7=RE{tSSGJ_nbp)V?`Ub3%Yicfh{KP$Y+QQi5LZ@w(D9^ zX0s(nYQJoQ7fc+ja-Oj#IGQyf`2MH}f~c}Er^Fr8q)Z0eVFp3K z`&Q;j`d|GAz?YCz z3k_6Kfa7gQeaaFPl?c6p5x&Xnur6!T4ltdp8=131$Go*0gD+vu;vl-w%MV}Bp2%Bi zhH^waaEW8TscYw>iP7{1K3^X$Q2Aj|RH)XJKJ*&1k&gVEl8|qDKY2sdQEW5;QD{I1 zW*jiT|0>4S`YE28y2 zCIX!vWh%~Ql-+qSrt~xSts@|r$ajLG35C7;!mH0f=liAHlH8K~v^Dk@=P*P5K7p!p zn)~3NyqGjzIM~S$>mgY)08+PAa6Yt4RfUZSiIpTSl?DJ(D4x?$QEZ|iCM_@~t%B%? z4@bjfrcwaEKVtgbXVz>4=Gv+`HVBCUnKmWL;BP=nj$df_z5fEkvysZ=yy0n{YkAf5 ziN_`5K%x}hvhj)M&*xuG3M!{dW%XmKhsjNo^ftAt`S!*wXkz`FDYyEV2~QO=Jc}1P zm2*|=Z6X;~*+*H2M+*a#a2C>pVy+Pb=~dLal*3 zDCvqLjLFhS{eqUDt3^)in6(A|^3BN$n$^NSP0!izBi$PA4>cjajf301a=or5vZYB!i3xi7fe?U#(*5~?6b2Ib z!6OsCYsW+h#)Lj&QfX53nF5unYE8}e#t55aLr^s3M)*cUO)H(X zwFvUR-A;D4qyv9m-`>vOd3@8IdYrCar|!O%oM@-LUryM5CPhwT2u|~hvv0unj|TUt zpebQUx3!HN^zRR2#wQEV)whl8_K%CuqIqZ^V1?Z~{b)d=XNfBpuw_tx*)R-4KSK>J z2#Yk>V9hEwq@CI|1VJNeBi}VlA`tBuL}!~qDBkd*W_$BU`>h2s#9k9Koo9(5$4CH- z78!1P%I%1vq|}-=HpDC>?N&H;AwMYsgT~}O zlD^TCQrXa2<`lVV2s_QW41bTF-?qV>+M(N9*%=r4x}iEP0*nULsy;F#qD{S55Fa@d zqP{0uIN}&y{GmNOSXXZ^C1qAt#gk-CQ+Y_M1oFTxLu!9T(LNOp zXy-gz>%VL)NcglW{5k08Kc{3r9TT*!No{-89pFoK+M?boA;i++2L7T}%{lOD5fqhD z(j1JsztXTX&p8H~!@Z~|BR%Cz_jTcGH0@30X;T$^kjcb{2*c*w#1_0CDI{aFkif>b zBprcB=#t;QSmvS(-uZdmar*`O`}4)muZ3#bumgA{&hQdPC;X;L9Sy=qpwWh@Tmmo{ z6Al#esLF49b#hdnE!pMev+?^M>tA|0eXTbDKNN{d#hrbIL=ZrI-Y{zb$rcgXv> z8BFg=@iW;x+Bs(pP#m_u@};fy0>@Oe6_wyJO+qB^!5R@x0s@MG zmh9Amiv2G^=MZ$o#Ev28X>fA_WEanZAU+MJk(d*zd06yAW$`w3PH97BxN5QKylR4> z_~K4f$Z{wmb={J@S!KGx$Xs2}Z>G*Vss+&!HF-`yA#oar;@G@Jemsvbeeun5@|>dZI2p zJXH+lYMMZ2$_2#J9Ce9vY7)A>wF!;JLJs8Eh5)t}z(@twH2RWN^5{7M|NuBQ` z7nbfS0+BdV2J!`hE48OmS$GCW^r3X4Sb>i6=v7e=EpqL(rIauyd)Y6KM6O90uh|)0{=kECMTnDbmQ1FlX8@&2JqrTDkn-Att-S zVvMK7*{$K26m32&EHOC|i4d?@N^eRvd0`vnGL$*cKy>lTF)@`T$4d!>vq8pP7>f3B zhtqp5kfybtsNeJvEVea>ye=nFb&-@1w=p0BM%zZH#A1BWg%h|Rr`VdbxBr~Bm2 zyT9x^2x{T6UW1G7vqUxdXsvM1Uf&k?4?76ni$u-0H64G#9ojdDY7S|a;e)HSwILWs z8GNjC5HByzPQr$ec2hucc3bbBo&tE>(?Wevw;y*13I@sC36^K6-DB3Db_Imu_;ulP z?{-MMzdg@Kb>e^3Mx68PfjJb4d23piQtICCw73riF5im5^L#G?HdQTlmrGSCmsOH&leEgJlG>|#Dgrrn{$wOEadcIzik!D)q97;T z%Rd?nFkhL-Heal9U5CqMl+C?uV{vhX9JAzA6T7ItyBj?W%CB@I7}H@LET9^=RhOi0 z#?I!fnUSQRZ7;Xd)6Zv(P!^i2F_IwcuhU@_K{N%=1~BN+nwKG!QCM_RCz#t7Pjm&P zNrkly8q+FFkaUJ8D4iuYM~E^R-lm8%3tPl7A#Nha%uBzHjuvFcbD0+(f;h)egcNCS z?hvb9ZZK!kYPzN;FwkuE3Ff$EkZ;4CD~X;Vm$xPeI+qIq@)-$p+;S?ogm7?n$t|{9 zofSFqM;&pL6yKgrmB}t+o$&vJ_*%vL6PSxa%^Li`r1ei7fSJ{eVLy`)5aTIaVlw67 zsv-l$e=NEYnyzCe<*>%QWvrkHh2re-fi?{OLNNE=VRwLc%+09Ilq7ouIjc*T>{(sb z6u92#&(Uc(PGyD?0kKM9VU7sQN%zIvDjgS^Q6f_>B~3GSZ6F(I{O3WcAJI})Szhy} zBtl_QV%pnE2$sdje;+@qT*qC zOca7`I9&R>@6%K*a`f=jTybfmvc6u?+@fM*SGl&O+SEi-Vq2sNoJ-mcyXK(WXQJQX z|IPVV`Db46Notn;Wq09P^^$4wlQnq6OBtcf3->^vMZ_4bz!y<9WQSI$VpXwzYG6C8 zXFKelYz_9jZ_Q-`EH2Hq;_l(~GlD

;L%`Sb@ze1_!3b;WLH%QURTtxCMRMH-n3; z+U8B`2^gBGfYuYGyJTt=cs}JJFAxi%mY>J{`a4yTL)XVntqu(TLs6 zLh&GiH9Xko%|4>33q@}N4v`g170@+@6FsL1r9YBweKoO2wyl7FB~~R|%B3#mTlKx_ z#xv4L{&+8U;j6chpDQoGK|d+Ye%Gi~FBZ>!A}-hTdt3`J2vPjt)Fg1)R6ADa=T-*a{jDV_Bm;jh6#D4dkwdqjzOdSxekRxwh>OkZo4&61Y@~pi` ze2GK+i{~Zr(fc_psSC&7-#8ge(kUR z@OfiNR@G`&(mA zpb7!bAlrQf)LLHM$)0TD1%Xk+D)Q5!qiQ1&urOxcQ zs?>nZbBJ2!$A~SCBq&wz8HM$Lc5M&Qr$0$0ID>=Ajd)Um>n4SN_7VRc44`&)2i)j4wtsd0%o@^H$m`xE(YM#`27PWJUs`186tsO%{^)L-xL5)WB^A z{zJb;4gd;`xPhX&CN~P0YWwTjQjDODki4GOckSIj4Z?$GH1HZh@_%W-QcgO9Xh26e zgGD4kXJr9UGh+?BCpZMaeEskyB;1+ixDw)2$)Ic?v(}Vb8!c`u=Xd8T6bcseq%-{w zHEHs>VIZofc-RnH462qSx zSmUUv%Mg0Y^gWCWvmoQcj4pbfPv2OFCAS20soUE09#^^B7`2POHcUoIveW6Mf(uToVZNCd^$ON1VRv z1t~Es7n+hPwK4s1KRez$JN_1S0@J`R9k}HN(KQgXH6OI~4BkZ)wB;1Ebsw|^6|@x@ zv?cZZ;}_@&#OIb_K3nLUeNx+_@rjAI^XC1N5S>0L401a3z4fIeaN)SJ;BvU6`qZ)X zB~8GsO~5Tq!0j~1eh0|@Hu!K4Qq(mQ??bmkoT>J&hmJu6o#-(D9_2a;TDK z7NjjtZrE0Lo+)I5M5Je1y`HZv%#8US`=#Z7jySDzZ9I|Ox?S%S*dCLbP& z9AsQ2*E}$+Q=moAI#hHB)F!n}93R?r41UScE?%(XvUmnjY{c6MZ7j$x>x)gA<@pWy zp^mXxh#sAqJd0D3bilWIA`I340)dsi5_b4P@qLjTotl0rk=fukI5_s6C$%l4ztj7^ zUXkv9*cH6gTx-04pC3Ry#L|$$aK0vFA#4S`_BdqvMeXM=EZdggz&*31F_j4Hvf+sa zJtuyAYK1l82`f8>DHIVj!w~I%fyCYV-1dGLXY>qFrARmtPP?%p*iA0$+#fay@=8ZT zutRDca{3trvzeXCM7EVUO|BH2tuv3c`w^BpU7zWoxfZVxSRgJ&WtmD1We{(nzW3|7 zKO$155kfXB78$p{^E6l_yuaGhO{&=T%?|DT`tJyqCha(s^Iv${lfGcnKv|fW1F&B# z?1@-e3;M)t=nFfNw)P5vEqJl1>79RDJ135sUMeP-8Up3)VR>gcl3K_~m`|!?05ODT z3!zdZ9bT^_h_~4z@g3xGTfw7uRLH{D!;EcM)sAq@BVIQa9(1dpKCPi2qltHYMRpou z*4VK-FoJUAV}tRR&vKHT9L`goiR3uXaVp&+*sz?=#yd6z>a5p0)2LhfWpJTU@7R5T<~vS3Mwtsw*k2@GAE0NLEX75*cN1XZ zlPo#Em3%Y%ZxYc7dje#@V8b>=|9H<+(XoM(r4 z6o+2GsbhQu1lxnGuc*9a+r!y+I2S2?!+-DS+~vC?YZcd*!;T&H{3LN(_^LbPjX8?7 z7zA}DPQI;y6*H(QJlY04rEWA~CnYHMIwXUri{kD5dhrO|A_~d5!3bgqw4}L05Da$| zT1O)rh|s?0qirS5!`_5pJF&Tgf|KZ-PU#nQj9lD~_S}mV^u2!u^LF*(4}!g5KWzLw z#x=HPin-?agzV``X37Lrp|@hJj*x=oPpsV)2w zL+tzIYt?M*D~8y!nID^*F%0p8wTo$p!sNUG84Mb=>x)B7(2-03GsAVXs=E;bieQ%>e(xMbiBi9qUwF&y~e1+RJ2KW$IWU2J4}A-UPQO{neHJx zB&|Rp``S{jb(G>_V}&y~dmHTxR@BQ`<$!IX)vC5@J36fJ=nxAp9E$>8%8+@DHf32X zEfB61m9Hgeo8)ieMRM_^IXZ9nqgg9d%FA{NX&KXAGf$sRea@P^u40t%{e=PwCl*e{ zmMynx>?5KbGmu<^kuIm^4~a+cqe}BNWQG5PRYO6X!{l#9)ftW?FLy@VxNg*ou_(K(;afR9e zam{`gu?@^SbA28aM%eRi^a%WVSmCn4Flt;6MtyM{77WK&oNcJi69}PpZ4Tp+g(52S z5-nZ)r+ovxvg6L{`6+2B&JDhUvH6$dBV)R~DJjbDb|kG(KAF*BSV-wKRFisk#3YjM z7=;;+y*I~Qzzikk zyCVkZ-|AhW1EYDNmwc_unoh{vR~?Gl2_@QzWy4+oZcTIC0C9=99Fk`svj+b@(#mRT z|F5F0bH2X_>C(qEjMIo|BO z!<3qU3IB#FvSI!U%c_5X75`Xe{}kvZ)wGn5#gIQUvQ6|c;_|@Jqgzl?H4H$7q6)%# zE#-wlM1qBJT*c6JOqW(QV2&z|J~PPfffFi_;Ydl$NmR;B(KC^Aw2Ar#6%fSk2vX+4=?VDkS8W*X(il|Xen^u_{Vg{ ztOE`IK40_I8y-8n$l|w|dcvV%GJWR&IMG2rK!qs*E&AkSLQ%7!H!yl|MXh~$MPps@ z>>RoHX9w2c5NE|$6CO^R0@E3k&T~*P7=g}*BgJG(xGB)mz-!6Srq`KSv*o#Kv0VY zAE_%TRTn&nJ9Q_5f=m7l)D@t)6o(l7qhwiI$DN_kz>xC|O5IfKm{}Ifc>|#gqpqPl zyD$&sk1I%3(-HNXobj?G7|m$Y5fY{S4Jb=py%;c+%Y9Tb%~2lZ;kv3moL3AMc;hgs zCt%qi1|2obSn5%9nB9qmWS+_9umoxmKB8%4tl93c8hTy_53AE)vl$U%JX?z;2>DTbM=0J2a<63ZO04wg};2B`Aya0l>1({OIF+~97p z=@$&~Ys2D=>ftDC~ zQjuKaM~gv6ALalSo3+XN)fw9))rGcFq#l!st`a@grX{{Ur7{)U4CUM{A6@1hU40^O zyQZS|+?Bqy+RJuc)s)eRZC@+tR+V`*D$?h$1^+2B^#Gvni`3SOTw-BTMUJp za(5QxntwIO`Z*`pRhx?FkK3dC*f2*(_Q%Ewn7^8QIF0rtVOJ)ekV#m9>=XH%OFd8d zD)rRu-b6^zQS)9F`PBQO_GrV}s|Jbv?@GSB!mN9mdx#*6T(NYF?Uvs&+|2Xd6aLdc z{rBW-TF3bSyu!Ud!*zG|E6kaVCH6`$6omI>p3RnXf^r5Eg`V;G6rwN~maoWIM+)!R zj>jsG!DjXwpwYCdl)s*54oyD+Cz4RlGEYtHQw}T=X!XujiD6d(yY4W*eu|9tf{P5@ zaLT17K}&{>5W~jLxvw!`lcJOmXPPlULrfuJl=PUyN|q#3nRY0eA%jGm1zog^|86SY znKJ1Eq=2Tp}9iQ@^mkMefj1&=@WJ<#10Sd_WUj)!sDp{rCy$(j@*(q`*LD^&sIm(8OW zIiut7~D5u-`^-uqxEaZD#OFHyi4aUT=^TclwR`wY!z-Q zQLO|~pMRd}Q#dpRiswShS(?*F0fir@{1Q=9s}D~GYj%15f$d*&c_8!MQucSH(Di-( zKmFtXk;|2g46F?tj#(`m}towDX35qt ze(*o|;1E&dXKXMA*xE>6%p08!!D>=!= zNlD}zbXqTxNZisSM}eYj3}b;4x1@aG7kH1eWN4Jki+Qnhx<*8`yNYJ>DtrWf9Yf;` zG!Qj==*sPb>wgjado2S`s$`MI<@9vHVdi&yvAX#V*zWlN%Zpg|nAq#0-pcJy<|h4< zG62<@0buct1B9x#7!m<&ss4P{jwQdzq@yzNHhg|%PbWki#uPe(c2X>yOQhw)o zm@+}Pi-MWzz13w1w?Dq>E#v)_IM(qm_RNzOQR6~k<2*_GQ@~wIMP*}grPADV*F^=C z&Vpm^B(vkaJ94tu&F{(dkko6f^UIRWmQBT3iq%K+=q!Kyjkxl_+gv)+tDVZ8xc#WI z84~(D-2(m8*G0$`QE=|J97u^wtAqZ6C-Nw;BGeEa8;E0j2Nsx{GBRWl3vkmc{5y(uA5_U))Lv5~P)a>b=vP=1ZB!qG`~} z6}I+$r}6Zw<+>>A{a<6AJ2t@%bNf-So|J^n6-d5H)w&fm^+L8>7ZA+DTOU(S7ew3O z`y(prYo>gkjrV&#tBJ6v@@VX4j}df%swUqov49_sC~9m|rdS!+luf?BrT?5eb1P$RH_zbzr^u z#J#7C=VYFQ*TJFzNg@yPw~js-UM~>FHcxLfI@B|{G#I4QyyVW*(-g+0UKk!s^&O_` z@qPBEmyKBkZVwX`R1bp>DO)^Qj}Lp^iiIs(ny$g^S?U$`&jHze_M@`g9Xwm0`ww^J zh1l8V-%3fP9FcJaXzVJU-~?maMn`JW-VCXpVGq~EchhMf;Zw-ECEVc>W1vNC?0_M% z8%VQSMNK`R-3#bAb5@M$U{0vF&^{y$YSTJl;P;T_kXJgV{GF2|T>bi3>GIf%ScxH4 z6VlskIYsusR)GlSuON3G0~)6fy`=>>qN=%k>aDpTl_I|+69c%ob0R*?<+1##yEvC! zjjB_Hr9&YNy95Ibv{CFoHIB(PE;Y(m1E)r&$c;}69tWRXvDlOgAn{bq+%a|<%z!g{ zZJZc8IDi!OXo)Y`ZqGa2zXs>eOLs^5Zw3(p;=d~<{}G)35tYhX|L_uWl@%9fFNXhF zT$bbrMFvrBE`{>#8YqF4cbK3#(@ZuB1}ih=e-MO_>#gYL&-6ITruUYYjcDd=|FF2d z)9}@Y0dT0!2A&VEn;FgO>h^hEI$XCpe)jYI1notK?LX-=1m9HOGvJ8gYQ-XL?4MtR zU-~meK5&9t7>luK*4SsBI7=4AYx3}WR!B6qpFZ9s$tcN;c=a!8=mxA|Xf?{9EqpBK z+E~4DdTD7Bx8db)PjKgkJ(6v%8-(Ilrl-ZDBH) z1v0IePGp-mdz~(3cFOlw@)L8iC>sggUE&W1*YN?3S0)fBDb2cLEfo6f!qI~UI}yg1 z$?&L@|GmX{id3?pYRb}twZAH%1({fX8Zq2tmq<^CQ8MV8ELHB@t&MDAj21~LyU)oO zR&jy{Iee_GY;2Ye*DXfyMhY!Nk%*XL)2L3(4N4YB+CT*>RbG${fjf0z?~K%D7rw)N zjK)?u1ZvznN&~;9v*>)sk$*aM+LNmzM+cSD)!+yi$%V0-#?Y6wqJ~z{M1|E6E?tI~ zq=u!G|4oGw#oiU z!XdHRqEG{GEeoO!8OwI@yb9Uu_?(Ks2}#!5m9pIP*H`|&n+zJ8b2IE72&G1gu_FtW zneR*OT%N~yuOd%!s&b<+-e0pv{vDZ<*555Rth>5z+Yh^hYp*d7E%z`~Tqmmp)39Ew z71lxTqN{0av0kjZ8kQ9G1Q8Ax*E8&3;4qjUjc>`fNI|nsAi44E0jAugwU9jqgO%o- zg1z)P1ZDb6191TcAvBO@(9;wvV>g`vHqh%RQRoLu{JFYAR$?dYInA?4(nS$dM9zQ9 zBK%T^;btU_q7ovN#vn4H3nCG(i*fa1Jx#|AviV}zMr{Dfl zqmrzag?Ks(ob@O^v+am-t8Dq=6YAp#iT5vo$4BjHqbMuFJIv;GfrJ<4JIZDxwO>~E z^~`9@{@80U8TeaIsNOz)1|*^a&HWDn?xJ^ZVH&fF-)L5{a#x)G9vek*)eBKjjYmQe zs#y*zAJ^z|=9tvU%2EGRX8NX`+^8d0+B4TS~XKZ0>_Rp*ntvD@* zqyYa}qSId72qZ!o04V}%LtxvFvj0;FF(D!}gLG_Yd9#k&d();Fj?gb9JVY3&)#E0X zaY{?FRe_f2-t_tX_Goh3uczk6g<&NK-n6MguM-|!ggPBTEDW9tUM9$!V40g?v;P(j zsDUR#y+p49vudCGYT^!mL--ST@G|Gp6AZz&`4jloIh%nN#u7x<@?bUgy=#*dFfSH1<9nCIU^)FR&lb_@-CCiMaYfHfQgg8tR*$b3Jj1 z_9Lg#MO^~g#SD#ER?8!%zuXfE4~JAoqSm(Klm0MaSz0b#mBI{N-*)@~?~dHa<*gkW z)?@1Wy$nxh(7DKE^r4PGi=BwUkAgV)>oC*T)k~ae%T0r|&gNhJ@W)c;mR7ze0^9fc z^Y1smq7L>hu15B*|FQWkNz(tv{5^Ds`V(sfJrx~hgb{5HBgKvu2_>AFTwDq#Q>Y?h zIO@_}B#o}ilo#t&dlWVX^DmHp^6k_GghMyey1aWXtHn(BvE0m5-HxCih^6u5uaGjl zNeGR4o(L;1=Zc6ZZaadH^Q5bx z?oS0PqvYRoqZU+{)0b)5u_%XH)5GvR#|xgcT0CwaWv*0vsxe+T-&NQJ+fiv(d>`W- zO%~NQ;d9I@%GF^I8aRh@>^_tqS!?~J5!h=obqVsb!#!eU8R`}s^Xuc4tZ65<=F8NS zJe%5Xe^O@d{PiFpWZgEPw{Esh5g39gu`#|nZq?p^M{r4RJ1|@9i}R&BHeS0v#YX)+ zdsTUD3KXvU3q91t#2>S(BhNDa*iLjLA0^*sa=)Ff1XL1D60;Z^UE;1`_V^l1(v*cj zvSmsG5$q!;9Nb?1iSq`xT|^8qzM`i0^-OqR1x?fXrp1O>Fm(bXmgF>o<_D#l+SOgFqobNUh>W zrC3F9GS=clF5aDwawkGWMaTNR|`TdrNH7%;jN?VF1~Ke;rEYEqF+A1zEt%c<>;>Lyk+Q- zomP6`F|gr_AT=hX%FSv+nW|0X({c2xxqts2jz#~XEP%ZTXDpAhW-HUlI4RGK#ZFCK zfe8YU7ws(2r38sYu z_I8?J`_mFgy?c3?RmL@~V}17ro1GEhxvVB*SX%o`+xm{PEj1Tqt&wkJDg)t^!4a<3 z?g45ZIHEF0Q!Xu=ZzkTXoC!x?qeEBxAfAKDw$&wpz-dUYIice%&?QzsqD$V=?^Opy zDq+1vx32t%<}lxBPiGBYcr=}XW|BaPE^RTr2{H*EcH}P=z1w}9ArU_s5FiQ)SwWM; z?V@bhYGm9Hqa`=TC_yhr!D`K{dWu;&jx{1ybYfOP+&Xz-s!ocZqd;dVeHSUSVncz^ zo}xjolI?&bH^*X86KG!y-m1LEx2Z9|&^lMGO+(fqo#WC}<*s>o>;gmbA|*^X2<%(E ziyDls2jupW@U>P2vt0#=jyF&Sw@uh@0V6OLAE?SzxeGfgIABBR$rFuCV9BF{EyX#S z6<7a2ey(tfG^ELwt#QL%H|phvaSZOR@h+gV&_rF+-`aIsq%L&d4?hEzp+8gUW5G_Kv%E^UiCUXz|@!Q}g7kFeL)F zdZTXv-R4S?v!~RD=mv$)QWEh8g%>0LH9>dawB8z-10_B>Y0SH&d+bX0gB`RafpGA< zf6y`Jd%qt}UQ-%PJ~2qlLUmOmKI9FJp{&{g*eD9_P5cKAg7gdL1$RCB2Q44s9{rF9 zA@GjkjTd43hE0}LW7|c`Udn_!w12vvpJywas=70w)KXM+vBRv%3nQ{KYLVpM;5-2{ zFaqN736{)BsLu;eRc6%I>5KAgkM5HJW;{q;?BV!k=gjJx2!^(lFv|)H;xp%BSskRU z1Na8bl@S50uulNQTAjn5rTkMJZ+n=T1UfV_Ls1Kk$#_Ts7uJvhSg2Lo*r?-{UoDQw z@KMFSXC+tef*bX`xhWs-7y2vxTfr)}1;&?kp z2z8-urPEA1$;P3W>lQaZ1?h%J*ycX+o!>cYczlm*>{hzdytb8*Ah3cIPtti>+=I)= zqurr5`+OApnOLHAA_n(R~Ru0zA*>;=vNE_5ua}QiW*CWvn>BTI}NPdu%$jnVfzVeLLPa`NOx*TEQp|!uTKPTyk zzB&uvap_pxYj+v>?e_RDXd^_nBgE_9`;5wOJy-m{w;IS|_DWTDPE4DBy4q&EOT5efG|XduKv1D@(5Lp8%Tl=z*Sw(O zJ*=57%*8ZsZnm~Q!}vtDx?{&;CL<>Him{^~A_u88paLfPh`)kmW=^J5tD~)O0^4eH znMiAZnmcy`gY}x~Xu@gMoz7v4Hq~y7HbJtPW;vKtUw2n(AKbHdI=qwy103Pn8UR-k zE7E$Z?=+_0LC4R&;Lj@i(FMYIN$f~;>lLqp!mm+R9x2_`Z|qB=fU~MYab_V zNH<#4s5X`0|F~9-# zf-b9fG8x(DEShODwA_AeRGMgv2qgwfMEpOrAL}34CKDsb>y>(DUt-l|s(4m7o}aLJ zbof2!RvUawb#?C1 zvK}N`rA^#NrWMn?)PZic6?7ibRd(x{p1V^x^FC=dcj_piS4lMuQ1Z=noEmjKHgd#SBeUPjO2QoqpUg zv~j>`@O$T?pE=fi z8VLHqMWFgxV%HZRc>@$OslqKdafc*ZN0iLCt|0cDeaRov1hxsE{|lZ4Zhh9wHdx{?-9tA3g|P4 z?aUPhjMZQ40F;fPnWM(!nzVF|uf`)o#%1XzRt_|xBoE1H3?mZZZual+HGJgvm#s16 z+atlgV$O$CAjK?CoZ8F39Qhd`Kh1;I4$f`k#bLdM0R@O-8GmrOhFh>fiYKIpAS zmGexTXJ}a9ewtcpT`=WLDp$r7FnUs%^s9ZP0>2O-PgLMZ*zm;4L5OoNp>p|tBb;Ik z-{}fHi1xk;8O|uSaK84;7RDXB`Vu$E_v9iV24D*#V}_q7B45VOSTjw6T3b?{Na`&v z`}m9a3138EoLyGLg?YoP2%8g!%|@Z?_ob=WQrtuD;KG{Nv7UJR^S$9;Lv}DGm+#nq zn>7f1@1}YFd(X~)`D#(3>i>_W!%v@2X?`$RjB+XsrA-kZ9pn^^diHoM+*eRhEOLdwLV1wIp7aRq2YL0Bu;=|l0Agjv_}MP?JEMHHEgdVs7gM%LhV z8)mh0hO|(s7Whd)E7{rI)@|%yPBGQ?J3S43snZ+$RgBWE1D#y@Eed9F+Cg;ZC?nQ) z$X5LU{4T!E%q?KimktY;(27pS*DCv}fzMU*A!5bGEA3Jj!#9yj$eDUR6#USbK5G9w zOF93#?Sjm8-O#C!<%PD_tt%ZetZ9N3=P>pOGHv;Q$(mYH@lEcEPWR~8-#vlkzJ)i#?UtBh%&4j5zPj?+=k`z#EeK6*!m08mx#6@E0*{2|JO5nTsdM5(&P*8%!Sq z!w9E{5!WL{bZk--ql6Xuwct7kQYjS#~QCC&u;cpq9eX1$yg z>>Ld7^3o>oSkAw!|KHR0|KM1V{M$KfX3E0O&dmK^^vQ%4S}+bGAfN<+{}-Oc|E3`R zzbO4zZSvB`%TrDK>4{t2?cH4jYI*_OC}unpiAdK2ge0nwk-mzA1dWV%AYKRxD!lxn zF(N#is*#$CD2k*oJiLpkeJ`}1C@B0SKaeXBcc-EYZAMYh&2RR3_L&d#F!xz)ng3D4 zZM*WBjnl{9>&XjfyubHW33JibmS7m;w!hvCZ`jD2PoITtB6^H&s+IZMVwGX0;Y7gj z;Q;6X__Lz&+{LY5FGj~|iH1P;0G*>XBJ9l53~AGPQ$f;>a2R2uV`8)lxgIY7{w$KH z_Ii!7)Cn@UA6=YW{7938&3d7Ttgl;KdGrKhXp$n9fzd7@FO5^91*>ENR@aqgf^o)% zzuaaK*!5Yx#OoC*#TzZ<@EM2GTFXycki9xxrt*Obzcv!GypiP6C#0~u-jYt_0Wt9S z*v!FwjR{U?L`m$m3wLAak~>8q!D^i7&iewM_XBC&|$ zMZ3|FnKjo>(}2Ve>p2#)rLZ%pHiV58MOd+`6c#_S}X2C@|gTA*hT#Vb<<9YN%r;Hh<1vzOuW_hoKq=a zmLGMeJh4x#KLsZrn|=!JzbWsOS#o4-5oaiD!Qm@qxvrYFQ!KJ;|3hw=T^XNvC<`*? zBV*hZVD@&%qVJp`&>@$mSE|UMD%lJW!)L*H6=sDWpi47Mm1UYFPd`GLa)vgy3gpNL z_wY!4HnK`KiC1LZEXlZBoN~7^e`jlQQ_GTTm89JSo8eGvlHauzW#3ncX;&j zP6FI*NOq@`C=chC3v)xf1{X2xl`C>pl5U!^@UtkR@>xqs%HNa|d^1N$f?USURsSYy{oZ&z97KLjI@@#m<*&kfwAv*|u zYOJXkEIg8n8n8T)%NjI3k{2>6|8&Ax>}ms|N9qsRnT%r3v@$Z9_(X z$upe8P$pnbHES;=P=xy^a9NC36voaC&vkNNrpyr zcJ+-$UTT!6zS}(G{9d9TXz#LViY^8}!A!O4{{cJo$M9;LgWoKRx3MSp#EF3ku`2?P z`I3afd1*=F+w)xvK+QCp-a)!5nz9AH)=PGMw%`;y1BI3nJMoVaPA?Sd`zU9 zbsbi8bUmHM#$LzvX2ln%bmbG->GP%Y_*7K*3;n=4HP0_Y_}lE&FkxSeQU`A7CDWWqPvwjLNdo8kBT2eUW;L$k- zD~AL?uYq?_^qVQ|jM_u5;rkGoe$|;8ffNhTfQLdr-{9zF0NDkAxz2*gjsAdI{%1AB z(p1Y%Gbqg{CL)7>%LxatMRGu64cVa7b3PT!Iy!=Ij8YUweQij_DP1e#kg&bDMAQhD z`0FD54y%}?O-^%9*UH`Lt(HruM3v99{`_(8LHfkVxF9>}yn@BgB@f|-wIp2E8IS6P zr{3nceADsiuMs zc>3(%D)M3zBRojHMZ_rAY>_Alcx5i9zYpE)=kr-D z>rY&z?fe5PIZRuN%pkPmFWtmRT|yUW9>K#mAv9){K3r~lJjH^=sr=Z z>0I;7Gj-;noFkOuvD%zVD@eANH!^0-XU0bS0+8gzB{f5}Gmj_pQ_=givG9eBv`u1(L(A^y=tvMcsnbLYHUwv_jnvRA%c{wjjJqdggd6!g-; zg2qUiL5u))zYfuTWc})Q1B*zvueej=?MDdJ>MlP$%<~_dyd&m++P=xZN$1_RrYz!uIoJF?u}#{`_6KyB`4aJaroqLWXOIj&#JgOB zdA$MV`OFT>NawwWYs1y^FY1-g-nuBaG{T7qmP*ra&q8W$8Ng<8w=RHPMxf--hQ?b- zBLzO?qV~{`TsEa!6yTHWD+VY_@f8(E1k~GBo7N_ZCgT+yvXNh_JLe?MQgtYb$Bmyg zRwUM>TvQxtky}uCy;cP$@CT$8cYN&6A6b{|3=}bM+7W-Qy@$%7G$E{TTR5iy6pfC?s%sk z(m!S@cqtIogT&BfI?3N!_(=LzR9&U~@MQ`+Meo|bEjRgy`&LD{82UWUVkf`hoLKM5 z`HGIO!ubw{`A8IB+%ONNy@cZ~gS&T^a^fXF(|1rJ93G1aQg(Ql<0g{)w&U)SKa>&Q zia+KncwfUzxQH3ld&)2!WLD|m~0F0mMm{uYT8byl+jD?Ix;*?i}Gg+zhjBO&m z+|UV=K}{w&P+sHUseJo^zxd8TbO~I9l?Xh9sfZLk$5Sc!(UQyf&?x(|@$Vnw7;eds z7E!|CfB8TQ3U8cCFKBN{f$)o4`|wKVmr3hh6PZ21HHTRg;9ihXzu}#p>obAmhB4RU zQVhW|!9FPkV;aGCgX!*>(fkB|8me*(N9keQb!!K5FhqJXc3TUB-*Z?4c{0KEMCBdQ zT_gNGN_>Nm+TX>6jIe9#iFh6Q>;&%nD{d&P9aUhEbC<{uitqrMEBJVq>A*2KWcRun z0ne=B26{5oo#-X`Xb4&ZA+JGqk1Pu`ugPZ@O&8pte)@)d6a35ceV2_F z%Ag_XhMgC3$1#|d4|(QJ=Z4+^=Gc?McWiU0&(q^27cuzW7fWxqu;ySd!N!ImC|Iv>X@O`W!w5wg0_(|-hi2~@o=8za zT?T#TqZV+TU|b;NK#z#-7($+il!L$_{1MU=fo39E%hqs62K$?C2zsJGg-ijNln+@T z!$g}7#Sa~_`#WEu-&hHIWzB;6F;ZB4&DvikLMyuX)BYXwM6{geqRpU;k{CkTaoi8% z4Y?BBU=254uz<&Lzz+!msWMF1M?g>Zgr(YEG2k3ZKNkLSo+(~Q)Yb^I|1lWH1oxc> zORSvQz13#`K3L`S-cnLg2X4VJ96taTx}_hbiy4kMITrPDgDF{wVy2ZgkR&$c?>mxUPK<^&MOZ0*7PAHOGWBRPm8DrVFC?r+6G}Q#9bh4tB?;8P0E(OjcUl0 zJBQRd!2`*Os$$#ph%HCNmVMbM5Ev1Bw=Q7AC`ZB;h~JzWqzi@KkhDUvk!0+M%KQB- zP8T|6-;zF*I#|Z5kR8^Zlr40%kz(L7c=WDRgLzBX5^uISbU;mn^ZrRgFkQluqU~0t3i;BHxjjg+-gN;h$jUbqJ&+fAdKZ>1OT!<| z{Pt*{Z;ITNa)(M`fKSBbRpFL-ijpnw8vWf6xS;Dr(in3~{KWom#u^+f^!Ctfgt{YV zfe$$9b3cj5b3}YP@H0}U!4f*>kg*72IGeImmm^$iRCzmcDv}N{545$sWlDI2LVfZa z4zt!_|7S1(GI$|49ci;da@6E5ut;2lt~k7B{2T!79WI^?q#T)?YGv;_#(0<^zBJmhbA2_+vjO_kA|52;hf#qvyXEJtD9W@|) z4&;-d(2a%HIMc}PdNr~umCur;P-XxZ3!$^1eaBW{5`c9sMri~W3n`;z!h>kyNWzo{ zeySEdAiW{4IKPe+q}p6|Rf5U_VE`e}zwN3py4#!+-gMF&J+SIdS*(o8W1?8Fcmpo7 z12MCY!y{;Nlamw3IZurfbbV=*E^T2I?Vf0MLz+|0{4(#CCi8>%q3IKSdc7)`0Rnf? zWfdn;*`N9`^UF=@Lt=xT6Eu8w+w~oW6Z(l|op#%miDZk8ZvUqR60|3`^zhSNh}4|w zNdlLmkmP=i&RbU4#+z&y&)a)w{oD?FF#RXHD3=lzw6;+flgc^_BrK`ANQ|rUvXZ*K zMhqVfToR@xR>I*3rbOjxrgBuWC;Y-e3t)w;O5NYCF?P4EDgfgHfMZ!>U;tY4h-;Z| z=0^(OJmpXrpz%VTe01(OJ$~jm?Y5F9m0tqEqZj(^m8Okz;)o1ii8MYh6lPN*>;|H_ z@2} z0q10NBeA`hd{E-z#?lV2AFoG0Uz9!jC-(A!L!%lxP_%}pGUNv$}+)7IqB zY!m{ZkWZ?+=E|kgr*x|T=4E0vof9J&;vdaI6EBmq^AAnY^{H^j>BxDh)@1?IGQVpJ zqfAM$mG7*{>y(`bTU8pP5mBrI0GI~`EC@dz; zGPmVArj*ZEk3jnDTlAopHCc!trjzsLJinI^4bQ#=jl^C3Cv-P~G z)1)^Z&gCEs$fkik1=rf)P;P;t4uX^*(~?%a!(EqP!gpm<_^a|^YeRoGUnBH~86gRP zh&s`u?eb8KN*2Ho20^zIlL2jChJ91%b7QfP%{8KK(;NIKEl4p16G3PAff;vTUp zD*tZ8M^II91M%qBe1Y?gn;jJ2ir^3kBi;&;e&Jgg+fI*UG{m?X;CLZ%A55#K?2QJ! zLB|WMGbZj0HMw!i4tCgO+lq2=B4ilt+jHKEv$>VuigwsT@XfmN3$xxC0eyI8>J6j3 z`S}4O*nfR13h{y*H5610<2Pl!N4x@r*u=&+Nb=&bf)Urq@B)1vGq(2lg2;gv*JS*W z95aM!3*$Fxz9+cO!Z*EgplOTgH~n#?z3eGc|G|Oxh>b(B~Vp4v(Re<^xzq zT4>YXl2p+@HS+B1YiRmTot;((_zP#I%rG+A)Q>PvkQBLgk|&yb552Mo&>{5yptLC$ zJ+sP7VrN5R9N5XOCYHY_hEubEN4^E?J~f568!@>_O=5RNrroonv^k-_3i8OVHu|Ln zcFm(bM8v!^i4z*R?${5&ff-h#^p^@YX2$;Q(iqCZ{2M?f!Xz9W`V6feN^M-6q^cHx zZOr8>R8BL6%Gn6omME~1|I+r*Vtm-Sn#Gc8+q3NyN z4S4~ct!U;|Ua*c4WiO5bYA1-#9po;ph~_>}FH|qZ5<=Jw?;frQetrB7f(4X*jLFNi zW2zEm_OR@(u86)P&TN=VaOa+$09G&Q5-8@q-wmTkk7LKo5VU@fjTa=BVmYGypAN?W zCBdx$-9f})h+Tr;>CGx|wL?AK3?E`A-hBN-H>?G?H%yAZ44}5dDY?R;fYq}ruG?bDx+S0EwdO5<7xFzpTdCIQ zVb0zA{8p}oJ*5`dqgoYzpzFJ)S{->1>pP)ZCFc|I$<(No_43((ZgJKhr8KT6(jz?7 zWj>=?4YLH-cTGN*5x_d;nQ&w8!+htNcr@xIwBep`tEsnqv^sh#w-nvbr(JzCCNksH z>99wGrN&+P3TcH#s(P7d5s}yI(3$?K()*9Y<%q_@I7FeD+&SRN zvp}!>U6%~=Q~+aggy#XJLo7^}Chf20*Wa&d|Gr<+U`+$&$Wo@oY+49QMjdnUErDz+ zI3yP^mXqI3ggm_7O|4A7T7rbD`Qgm)Plmf9XIiRGAI_vK)F^o(c!uCsLS_f_N)u~Ng5v;-7Pz`4?5`bVmf(wa#0 zWGVN|-BGWIMmob{279W(5bIS`+KQxmVhfVGqi1d!T)op4JNRQ2E^b{lcI3()zWwUEmuAK^HE^ZJx<*cW4IpSp}womX~ zNiG~=nr1Fuq#SV%*DAk5w`c3jCp|r$fUNc)Uxiw;5zP>9k!`_G_fvfFbVn$g*nO#e z(j81}UN>#=zbJj=z}CIzf7zj3t{v<{v}(&4>JA$}1+R^^MzpQF-vayS;2H4_mtA1r zlKW_6oAHi-KV^g4rlFh8>JqnZRu25APh8KH@k*Wtcu7zqvhZ}o%>(p*=1gtA@?=PUr&;ej8JrJpEOnRXrYh;V3V&{U z75-Sd-gy-z^>OgLvVQZy%K6Bh2fRls_|2ajT72^{cD>^%O2Wj=;rkvfvjin=QIgL$ zxhFA2%B0+XdTsSTGj4ZYij=b~JYH?{fSqqP8u4}ibk28t6;SxyK zrx>+eo*XsneVXUbfBe+_M=P#NV0EC|gj<%8WKa|W77x$K68^Nk24VGGksi#xjlbUu z_%Vj^f}5wu9wRhiPm8}S(E87wb4sjl8a99;%?kXIxgg3(4lBUmg#la;&V}dvQhVYy zZBUJuZKdah$6x21i}?xrxyFqpGrLc zG}?HQ@QuNB;v6;m-6W_`;$aIJ*??iB2&f&y$8ku>h|J zT;mX1E5yQtUdIDqihHXuQx&mj)n=!_Yc;$+=Ch!1R*148sPEcFy=gtyRrORoc&c6GxoMblD4Az?XpcayhpJXv{5Xac%z%>e%MTaRrv2-IwhNQ! zfi+7e)K)cFVdXx|13q`IzT7^d1tapFDR2F+{XB|i$U|zE8EQ^0 z<0a~8kEZyEa>w#fF87Uo6I$P%6J~hiys( zk7lv#6^_Gg-pOBtm}g-==QLe$0C)I|4Tk^ywp`UpN_M7hlcD~eMXo!q-8Ql8+2oe%96; zA6`0+i+e3+^bF?L(}FV$HS=!Q>AfFtpf4iX9cBT9KQzuw8gW)1NR70lYjNY%hnq!g z7gB>Ql#!j}xq7I^UsOcUY1}o?9!^#$BYa6-onqWG6?#hkRs6^I=lzAQwUnH;>qp*M zS5%4vv)^>4Ks>_P*M{!DwoWK1mzY!TKM@MR+G19@7bsjhJigGb)1Vm?w?UmIErW3% zU7yh2^!>bvKzNDT?>Ou3H0SdK{4s6)fc9T}*a)w`&YqzeI8D0oa1BLk;)tVT%BMbm z2Ez0o_ywM^5q-M%{Y6KKlhw4&_gdM6UWOEaXRjo)3(KTNh|meHTq>P(FK;^Xhr2y6 zfN#iM^+3upj>P0xuPA6#x^o$z9Qb|q@i(v|Pl0k+4Iee@^Ir@a!0D{rQlY+M$RYp% ziT-~XH2jA-!oM+R)U&)TkFoZVwAWwbB&~G=-`(;4aMfH@GK(g(y7+a>y-8JDC8id z3LIbkP7xI6nV!nM-+KNz%RTEg>y_tozu)J7L-*^n{kH_j8IdfnwHT465T1|0 ztu@d>@2XlIddLMEXL`)yQ(q$Y1Uwvjcva?R%}naQRc`cl?-8ZmHP!UqnlcB|)z*DS z#oj*urOWj*3`nT5*-Umjh1q?TzCtBBgg=;wkCz~@+Ux{OF#q_v)zDpVSNek~J9g-{b`9yUM#S8|Zq`R#@pBTd^R}T$S z)s6;I{VC*(j5F-XbreOLwnR>U_TN?rkpBAl@h%*AOw0i-_mSVtylF?6zV$msmUqR3 z1eSd-r2$ZA9=f)2UlG=$d6=Up%y+u%A<7K}XJd*>UnPV(>J`~9mJAX0XW`psRP>B3 zIti-!0>*Xr8pgdWNWb99wS4kIAxnSn%C&v+OhH#aaW;WLI%u2Rs^Tm$;mTEQg?m20 zlZg^{Y+;#R!A*e!nM*jP833(rYd(TeyH*`ZuhOuNuB$$R@n}b{SMN>4*(bhfqDPr3 z3#pr(Zo9EAxC4Ebj#I0hBpY^8oe;zOz9>vtTttpNuD4OFd*&#S&eNOfYyFMdwB7Qf z`!v|iH~V70qgmWzD+-Y}HMWj)wNsBr#3KjOfg2e=kLX^E!EQ0lrPB$`Mk4hs?LSI_a2}T+`lWwAOM6}5)iwdCm zQ(g&H6zpa)6(fj_$fD*vV%Z{FAIkJ2aG{~QH`R-_4v?K%agRqYFMvWfn`($LM4l$9 zr5YGn?>E)($$tKAv8E2%q+7ZpCH1Dh=d6Tk1YnJ=h)p$QH8PH-ek!weDl~gLu%chg z6VfX5AFQK97ESeJr_-DC)(O(l8$;2XjMNDu6E}xhAq{~~4?Ry9fKLwtrV|Z7)^%jH zA2Em9=dc~Ihcglkb%NS-3{I6~3Z$$D-5F8n4%hd@H+jKykKz&_=DC$_fbtoRS)-M3 z?BWXN9S&Nfj5Y4_M9V{=bWD2@KnTZlZ1cp19KrV0>5iEV_i#isxXWWFL%^1Q$z}!* zi(wORpzH4$b>6b59>a`|+mDg}HeiWt-&qSI9VO;7C3E6-k_Fnk!6!1Q+{&-Mj-`J>4Q( z7*iQ-GTLBYrqG(tZY$cp5bFm=Z2?njA%p`qf4U4=2-BGtPfa;`%sxn8u?{lk;xP9V zQRTt;7x@&K43s8ch_+bl8aaVTrc}hxK0~fG?b(R(t<%&f-fw8xK7$Doy+Z`h3trx_ zOH^YCdWMUP)enKxYU)ot@A$VpPw|R_Dd-!l=LfF)7x}Bd?P=SlRuXz6%ew_$rbJkr z!1obwEW0+fQ@i#vg$F*2)A@IFlhLL@5bvl^mp=UFX5n%iVs;%LdI6DQ~tseX5}gDW{7l@>}Q`gT}#k(S9( zeJ}5z-ZtTk%7N*0nsOXI110U=I_>q!_35<)O<|&Pi#U3?CPn>`(Zh*T-jLHzMWs6@DY`YUjSW zB#$qCEWHrJzI&x^#%VDKj-q@7@4u>U1!Gc0_l*L7K#bk!O8iBr+ehz?5)9YLM%LU{ zZ$R@$^U6l|*j1$KTOH>2)ZYpdR0Y{VLOfvHXZ}b*@l?nj%-U!BjUqU-GhBDm>LI(c z)TWsISP~(%qv?klrAZ~F-B^R(mrrD-%`v_21*4LhU1xaOhOC{=5S!$Yn#ih&XCiG* z%_ckiiB?Q^WCq{iiXy#5c6InU(-__sP6AFX3(VY}WKR;}GvYjb*pcBww@*#>w?Gq7P;7gW!L59)8((?A^xz0)qGsn#A?r+4lU4CGuqk zysO%B%h)qFtIP3B4qz&W32zW-2x}BcR7wO28!TD~8F>-QBpQm%lp-m97|9rl8A+@d z2CYIoQU*PNL%b)A+~BC^OC=`5(;zuWGj+3kF6FuVm%GR=)zV4>Rw(b@Ob%(FJyH;0k z@kU?m#y(K9qh#tN1u8*p|J;ap)1A{E+R}rX_l*TwU1Sq9#>}4|h3g<-gJjShg&?zk zlG4S(WO(FCMbYs~=L#|rpn2pk3Nv*x4f&bM%IeHS z^<}+bblR?WaImyJNehSPN^SmA?bBu;*eaQ?^9hPu1DLNCih5}p+eDbG z;{PkVPu5W{ZCxm*>>i13Rz}4uzD_-%@cpMzH94p70?nd~t1G2ZS6kVg)~rqCKVO{P z&oL*G#w#ndQ|K+tTJuxZ;m#D!r;cdfbvFOFFGTU)_4UP?=>q~xf$j{OF*(2tNo`^J zR}GtfO?0H zZ@KkFLe&OR#<^!x0&5mda+P^gT2=DFwD^Xeb*hTXx+=|?=l!kKvFduEwSbSZ`mU$j z8m`+?4R~d24~Y7SCp=9pPGSU?yBDZW$b@@$##(sBgJo+bAh(7jmJ?+<#8!qgw}zUq@ddLy}i@N*OjM9_ydHD>bn%XfcP31l4x!LbpAA5^@d}O(gXPs3AvIo)@8LP zIdsQv?6q)gwfA3{13z}JneqPobfWv{^V#>m0Dopuw1Zn@{lk<}A9`BT&$JAUuo(2j zgg%L1s!2MerVPKh==D{5Az0ezegW*Fb8sS|X}fszvKPDl2Z>g3sx>TmQ_l@K&zKs{ z&a*+xk6u2RG&Fe+0Ja`lxI?DnqYN2VFYsfGJ>_&JU7-7F(y}@epFl-}V)Dq+!JHkExrKlW-x+${pJk%bua|+?1L4M5 znc&i+nl#GEhQI_Q8TC|$!8;?{CSTS|=Rz7J*%&r$L8VRD-N1X%+oo_19^EOdQ4j_@ zOb`yadqLGEgc+6503V*1MQ3X&YqU^ zPLl_N>b_9a$Qs7ll}sh@gw6MK}g82y{#c}$H<$;>c$zR%6` z*ozM|lznZm%)Pd^CuKAtgO?a~S8}@KOmgXrcJb7Hdlve9vTH!9cZbeUx!TQnIiWD$ zwy;58MA(7eMeA#mdO8lfvC5b3@fX#GBD2-?jm2<0*^2t6mizBMh3debGV0}MD3`dG zo-sBG&&12STyxKhwUgs|Vx|?!g11KR{Yuxl1l9Rp~wwyA6H+!s7 zLX{1MOY4gEI%pfPwS21Ur(0!J|BvX zbKf#e_PT1fc$iO`@8L_0A7q7*T@cDD%?-xDrFM77cG^x_#RfZ65@3_EQVa%932u{| zv5{G=vju2+sFK0tNv4s}k_^_VmUpC#W-!^vMFS45!;v?PJO4bTO;Pr|JW zx4_ntYQK!vDO#xlTi@#208A5V0-%c@?%ciHiwS)<*J5NK ze(PoL`I0PF14a8gA4E|W=}!hcZ?=JK@X!%62x4O&CgUY}4C)-Dn$3rr1{E(=K= zgqYXA7KwP0c)ryn~UO7igj@r8Hly^gWjTW}JhNU9^kc5&LLoI}v+E z7rR6;DrvFWxO;h0FHBl$mMB|=2bXkPh5MJRTZIRfq(+#Kem7@A@6_F6lz8BGKrHRr z5!ksSFm(#OusB`pJt;lPxC1tn1&^B5Ia3Si_A}h%w^2UAtKvTSCsODl?}r->wVc=R7bG8{Du1N`owHX(&yE^xNVZJQE>lL&|&X zE|^BWafCJv7n7$Sfi?{m^QZBa9cQF-gw_uSlJoIH>jwk*d3nl2D3x5L#j8`olxC#F z)l)(_zKHNwD~4VFEXA*`7;546%FuD7fSp(7b#UjadK+$a)kg>0rgZNK@sdpy6^e;u zI3zWUu^Ob~Uq$5@Ttc1J&K_e&BspjkE>3l1yN`EdtJakpOJs(_r6jV#-(AwDf*|gi zW}J9^%J|`l0`w_C4~$@z$>kIy_k#D;J=PrqC^G}~%V{xBR4&8vRMOZHfFuTnhnJ5$Qo5$R((GMNv%9r(PvvpT0evgJz>!tmK1MV;9T?1(&8 zZSTwr%MQZc%MP!mo%AIS8)hrIbF*E~Y8Am-r{UWrO_EHTERr0YF|)>*vtQ&o9^#8S zAI3uvq=pWpzFp#()Z-GFK@n({VZhg4)g7Be31yxtR8P1Cux>gJkx@R+jr3ZafcRC&H``RFV`r~EBJ z$2S7K=U7Rw1zNr&xI$i{54D(Yym-erb4N*J#SX^~hl;BE)gHO{yYu4D>`Rg{Xd5ac zLWB37XSU$ridB~(IFOWIczC$@kRyoBPJrl)4Mb9-q(rBKM?t z3WpUtFrWbj!N5R?jvSvtK{cI_Yfd+|51&i1>k_C(38=?=fS!oYCt00(ERn)!1qTME zbmY+>QcnYC;F=c~V!qkTX)Ro_?$RM0n0&=viC$}xonYh$Kp{p;t@pT@tD}L;>F9P$L>=URb*UOGUmz~jL&+RB;t$ej(N>EHWlU2 zT>DMO9zzl>8ueN_gIg)9VFJ6mAo)iCNClV5eaeUuwPVgRV@V1>dF6~?bL}l{DzP?4 zwfsJ57CBu({AsI_q^mj^1xH(;2II0F;~)mi@%s@2KH)Ws6?wZGdO_Yn;M~|uH6&FR zYDGC!rWad~G21@7GTvT7;QdN|N<6?ak=oOG2ZXOR;Ap`$=ABVnDg1AGH4DxI%J2-11U>cPBNS@_ULrkTj3stJy^a0J9xO6 zZRT?Wd}!Cu)#v7)7_QVaVXv5%4nU2rKW{2g`e(vR@1H>q;ZN@AIK_F10r~m61Ag;$ z1K!C#(^u`wzE-B|$c~yE<@o$1{2=NEHZ?gLYm+R48%$2e(IwAgBlqTgEf9e&VWrM4 z{l}OmS-h1=L9FsfvZxbX8?(ZJHdaK~2<8xt=L}95qlfcHvEgQVET*qr2}iy5PDM2= zW}x0JmZ5NqM$=gz8S>&v2i#|vr;imGW2~TzFHT&-B3krtU3RIcy7OE;66IL$59-r0 zu1Qjk7DrbuS{zxi^)vIi&?6u(KFP2Om*-lsUODGuU3o}e!e4O3VMTGNWhwk?^GI|% z(;Xp8{W9OWvypkHSt~!b6B3RsSBlwIp^ZO$jc$CHr**@J=}Z^;tg4Uq@R?rP$Db>> z)V{3<%;bbXE*sQ~7(Q)ApBxgw;|iiKyWsZ})-Rlk z{_2aorog4KY%{FvA1W}Tb$fUv4q3P=ZZeFxqqlU{WMVR!V)Yv`3#`l4zgi~y`h^ny zYhDcBH^hCh<@pAa6}91pmGt5Bs~Vr_SIv;gtNF4WtC@)hkK39b640U@YFem5d8$6t zJ+TXV&z|fjBAOJBZYD@8r8G_H`>KH}Vm;(Gm7*0|Qv z)6Yi6qcvP<>LU`pZS7lY3XhGP^>k{TL3*|>7D|rZAK6{kSb5=eE_t%h;&qMT#=aor zA=G_Y1yllLuRN#GZp*t$FKLH&zvM<^zKtvS!#$*&a$e$lUtH3)+{(|QP z+sZA>-RMzs-~6kL9!b1j`m-2it+BoOcMM36GJUPdtB%7MKVVvs7XNI$?9#8+FJO_A zN7+lQi7{4?Sz?z;U?LD|z~gd3yf6jghAXPT&jdv+FoXloXe^Ae;j?TtM~s`pXN>~c z`j26ZU�z6`!$Q4sfOx=*KNw??3yhI(#-VXfO&`DD~ft8o(_`R$E+5!+A+LuI_Fx zHl|e@zmjr`iQqbJ^e~Bupw`t^rE8IM5TUS>9e9ANq&f*NuxKtuToW?QVM>2j-gh4C zsm7a95*P_83BDo%sW`9Kh`c}!@HJr~EkBWwfHPc#i~N5nVXT`~Kfs%Y%dzBYBod2@N@bg^#ReSzdHC^1-Yp<_R0O9vVoUa_pV@pA;416=NoPh%nn&Zdd<`m-Y<$EPe{62PcK zwR|-jNWAe*H=rI#eGki-7Y0C^n6k|SJ()PU9lID_j z_rTYd~9XshsDM?7k$w|2UKb-^rEdP}O0VF~CS@w}kD6W0f zRMA%yJPTC?>47(z75eY|#0D;40UQ0=l|RelfVGs3zsxihp=VW9^z?-^Rf!2}1|WOL z_X097{Ve-PmK8m~XD683zckk_S+@YMIQ%SY7V+Tongv|cd0Q)x^Y4GGs{hBz2I=YS zhS=7aVcnKwO>+9*#xPr3SF3*^X7xTkw*=`d(r0Tlnp7ulQ&AtlGU z?;(%(9pY>1F&6)oFVH)j#K@IB7y@BZs+IDNE2F!DFpfTm?Q9Upc z_5w$bZU9DrXF*#7wUKZSD>vAd+pp{h zaX=`j#ozNcZ|pFxJ`o|1>L+OLkCfo+0>uGiAbtO)bkGv2RyJ-3dstav6*x=3 z4=e+)&in4L8EBuaklI#oq#Dc#hO`3Y&3*M*88YGmlL`jF4{ZRaN^b!+aDzMk%p*(O zu4{nxd585EZEX@D1xa5vb<-8xuK$_|+{Uea z^-PeOz+JG`Lork&Bx1k(TJrS1Iu!T)tnY%P%JD&Tek3@}EpWW&Y^^ql##!1~Rx zHUE*YH(5HkK|TPDjTNv3zf)T`^!ExtLG##tU)pGE0qg`O-xLU_gYJ~r&_d^-e-r>? z?k_sQl~X1$4|KveaGQv4kf6~1qr~qz=v!Gk!Zsh=YtYSyBcf>WiUVfN{+7MD*Tk!~t)q(rB;B_oe;yJbPzAk@*At^w;lH1X|0IK#A{3ZCXWUDk-T{u z5a*8njWoZp9dcvdPGU!i6OsR>+J$UKB}z+9j9tU5-@lye%*{uz!QwF1!-8?oQSY2nt9#R2qjf5Y1{NgS~d@eAL-g;GoZ523&B5#m>^ehbD|{~vW|$ZR$B`Lk9~i4z5U(V(SHG!QTJ{D diff --git a/src/main/java/com/verisignlabs/dnssec/security/DnsKeyAlgorithm.java b/src/main/java/com/verisignlabs/dnssec/security/DnsKeyAlgorithm.java index debe68a..3169f99 100644 --- a/src/main/java/com/verisignlabs/dnssec/security/DnsKeyAlgorithm.java +++ b/src/main/java/com/verisignlabs/dnssec/security/DnsKeyAlgorithm.java @@ -34,7 +34,6 @@ import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.Provider; -import java.security.SecureRandom; import java.security.Security; import java.security.Signature; import java.security.spec.ECFieldFp; @@ -43,6 +42,7 @@ import java.security.spec.ECParameterSpec; import java.security.spec.ECPoint; import java.security.spec.EllipticCurve; import java.security.spec.InvalidParameterSpecException; +import java.security.spec.NamedParameterSpec; import java.security.spec.RSAKeyGenParameterSpec; import java.util.Arrays; import java.util.HashMap; @@ -51,12 +51,6 @@ import java.util.logging.Logger; import org.xbill.DNS.DNSSEC; -import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable; -// for now, we need to import the EdDSA parameter spec classes -// because they have no generic form in java.security.spec.* -// sadly, this will currently fail if you don't have the lib. -import net.i2p.crypto.eddsa.spec.EdDSAParameterSpec; - /** * This class handles translating DNS signing algorithm identifiers into various * usable java implementations. @@ -106,11 +100,13 @@ public class DnsKeyAlgorithm { } private static class EdAlgEntry extends AlgEntry { - public EdDSAParameterSpec edSpec; + public String curveName; + public NamedParameterSpec paramSpec; - public EdAlgEntry(int algorithm, String sigName, BaseAlgorithm baseType, EdDSAParameterSpec spec) { + public EdAlgEntry(int algorithm, String sigName, BaseAlgorithm baseType, String curveName) { super(algorithm, sigName, baseType); - this.edSpec = spec; + this.curveName = curveName; + this.paramSpec = new NamedParameterSpec(curveName); } } @@ -146,24 +142,15 @@ public class DnsKeyAlgorithm { private static DnsKeyAlgorithm mInstance = null; public DnsKeyAlgorithm() { - // Attempt to add the bouncycastle provider. - // This is so we can use this provider if it is available, but not require - // the user to add it as one of the java.security providers. + // Attempt to add the bouncycastle provider. This is so we can use this + // provider if it is available, but not require the user to add it as one of + // the java.security providers. try { Class bcProviderClass = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider"); Provider bcProvider = (Provider) bcProviderClass.getDeclaredConstructor().newInstance(); Security.addProvider(bcProvider); } catch (ReflectiveOperationException e) { - log.info("Unable to load BC provider"); - } - - // Attempt to add the EdDSA-Java provider. - try { - Class eddsaProviderClass = Class.forName("net.i2p.crypto.eddsa.EdDSASecurityProvider"); - Provider eddsaProvider = (Provider) eddsaProviderClass.getDeclaredConstructor().newInstance(); - Security.addProvider(eddsaProvider); - } catch (ReflectiveOperationException e) { - log.warning("Unable to load EdDSA provider"); + log.fine("Unable to load BC provider"); } initialize(); @@ -218,57 +205,92 @@ public class DnsKeyAlgorithm { addMnemonic("ECDSAP384SHA384", DNSSEC.Algorithm.ECDSAP384SHA384); addMnemonic("ECDSA-P384", DNSSEC.Algorithm.ECDSAP384SHA384); - // EdDSA is not supported by either the Java 1.8 Sun crypto - // provider or bouncycastle. It is added by the Ed25519-Java - // library. We don't have a corresponding constant in - // org.xbill.DNS.DNSSEC yet, though. - addAlgorithm(15, "NONEwithEdDSA", BaseAlgorithm.EDDSA, "Ed25519"); + // For the Edwards Curve implementations, we just initialize Signature and + // KeyPairGenerator with the curve name. + addAlgorithm(15, "Ed25519", BaseAlgorithm.EDDSA, "Ed25519"); addMnemonic("ED25519", 15); + addAlgorithm(16, "Ed448", BaseAlgorithm.EDDSA, "Ed448"); + addMnemonic(("ED448"), 16); } private void addAlgorithm(int algorithm, String sigName, BaseAlgorithm baseType) { mAlgorithmMap.put(algorithm, new AlgEntry(algorithm, sigName, baseType)); } - private void addAlgorithm(int algorithm, String sigName, BaseAlgorithm baseType, String curveName) { - if (baseType == BaseAlgorithm.ECDSA) { - ECParameterSpec ecSpec = ECSpecFromAlgorithm(algorithm); - if (ecSpec == null) - ecSpec = ECSpecFromName(curveName); - if (ecSpec == null) - return; + /** + * Add a ECDSA (algorithms 13/14) to the set, looking up the curve names. + * + * @param algorithm the DNSSEC algorithm number. + * @param sigName the name of the signature scheme. + * @param curveName the official name of the elliptic curve in our crypto + * library (SunEC). + */ + private void addECDSAAlgorithm(int algorithm, String sigName, String curveName) { + ECParameterSpec ecSpec = ECSpecFromAlgorithm(algorithm); + if (ecSpec == null) + ecSpec = ECSpecFromName(curveName); + if (ecSpec == null) + return; - // Check to see if we can get a Signature object for this algorithm. - try { - Signature.getInstance(sigName); - } catch (NoSuchAlgorithmException e) { - // for now, let's find out - log.severe("could not get signature for " + sigName + ": " + e.getMessage()); - // If not, do not add the algorithm. - return; - } - ECAlgEntry entry = new ECAlgEntry(algorithm, sigName, baseType, ecSpec); - mAlgorithmMap.put(algorithm, entry); - } else if (baseType == BaseAlgorithm.EDDSA) { - EdDSAParameterSpec edSpec = EdDSASpecFromName(curveName); - if (edSpec == null) - return; - - // Check to see if we can get a Signature object for this algorithm. - try { - Signature.getInstance(sigName); - } catch (NoSuchAlgorithmException e) { - // for now, let's find out - log.severe("could not get signature for " + sigName + ": " + e.getMessage()); - // If not, do not add the algorithm. - return; - } - EdAlgEntry entry = new EdAlgEntry(algorithm, sigName, baseType, edSpec); - mAlgorithmMap.put(algorithm, entry); + // Check to see if we can get a Signature object for this algorithm. + try { + Signature.getInstance(sigName); + } catch (NoSuchAlgorithmException e) { + // for now, let's find out + log.severe("could not get signature for " + sigName + ": " + e.getMessage()); + // If not, do not add the algorithm. + return; } - + ECAlgEntry entry = new ECAlgEntry(algorithm, sigName, BaseAlgorithm.ECDSA, ecSpec); + mAlgorithmMap.put(algorithm, entry); } + /** + * Add an EdDSA (Edwards curve algorithms, DNSSEC algorithms 15/16), looking up + * the curve. + * + * @param algorithm the DNSSEC algorithm numer. + * @param sigName the name of the signing scheme. For EdDSA, this is the same + * as the curve. + * @param curveName the name of the curve. + */ + private void addEdDSAAlgorithm(int algorithm, String sigName, String curveName) { + // Check to see if we can get a Signature object for this algorithm. + try { + Signature.getInstance(sigName); + } catch (NoSuchAlgorithmException e) { + // for now, let's find out + log.severe("could not get signature for EdDSA curve" + curveName + ": " + e.getMessage()); + // If not, do not add the algorithm. + return; + } + EdAlgEntry entry = new EdAlgEntry(algorithm, sigName, BaseAlgorithm.EDDSA, curveName); + mAlgorithmMap.put(algorithm, entry); + } + + /** + * Add an Elliptic Curve algorithm given a signing scheme and curve name. + * + * @param algorithm the DNSSEC algorithm number + * @param sigName the signature scheme (e.g., which crypto hash function are + * we using?) + * @param baseType the base type (either ECDSA or EDDSA). + * @param curveName the name of the curve. + */ + private void addAlgorithm(int algorithm, String sigName, BaseAlgorithm baseType, String curveName) { + if (baseType == BaseAlgorithm.ECDSA) { + addECDSAAlgorithm(algorithm, sigName, curveName); + } else if (baseType == BaseAlgorithm.EDDSA) { + addEdDSAAlgorithm(algorithm, sigName, curveName); + } + } + + /** + * Add an alternate mnemonic for an algorithm. + * + * @param m the new mnemonic. + * @param alg the DNSSEC algorithm number. + */ private void addMnemonic(String m, int alg) { // Do not add mnemonics for algorithms that ended up not actually being // supported. @@ -336,19 +358,6 @@ public class DnsKeyAlgorithm { return null; } - // Fetch the curve parameters from a named EdDSA curve. - private EdDSAParameterSpec EdDSASpecFromName(String stdName) { - try { - EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName(stdName); - if (spec != null) - return spec; - throw new InvalidParameterSpecException("Edwards Curve " + stdName + " not found."); - } catch (InvalidParameterSpecException e) { - log.info("Edwards Curve " + stdName + " not supported"); - } - return null; - } - public String[] supportedAlgMnemonics() { Set keyset = mAlgorithmMap.keySet(); Integer[] algs = keyset.toArray(new Integer[keyset.size()]); @@ -405,14 +414,14 @@ public class DnsKeyAlgorithm { } /** - * Given one of the EdDSA algorithms (Ed25519, Ed448) return the elliptic - * curve parameters. + * Given one of the EdDSA algorithms (ED25519 or ED448), return the named + * parameter spec. * * @param algorithm The DNSSEC algorithm number. - * @return The stored EdDSAParameterSpec for that algorithm, or null if not a - * recognized/supported EdDSA algorithm. + * @return The NamedParameterSpec for that DNSSEC algorithm, nor null if the + * algorithm wasn't a supported EdDSA algorithm. */ - public EdDSAParameterSpec getEdwardsCurveParams(int algorithm) { + public NamedParameterSpec getEdwardsCurveSpec(int algorithm) { AlgEntry entry = getEntry(algorithm); if (entry == null) return null; @@ -420,7 +429,7 @@ public class DnsKeyAlgorithm { return null; EdAlgEntry edEntry = (EdAlgEntry) entry; - return edEntry.edSpec; + return edEntry.paramSpec; } /** @@ -553,18 +562,9 @@ public class DnsKeyAlgorithm { break; } case EDDSA: { - if (mEdKeyGenerator == null) { - mEdKeyGenerator = KeyPairGenerator.getInstance("EdDSA"); - } + EdAlgEntry entry = (EdAlgEntry) getEntry(algorithm); + mEdKeyGenerator = KeyPairGenerator.getInstance(entry.curveName); - EdDSAParameterSpec edSpec = getEdwardsCurveParams(algorithm); - try { - mEdKeyGenerator.initialize(edSpec, new SecureRandom()); - } catch (InvalidAlgorithmParameterException e) { - // Fold the InvalidAlgorithmParameterException into our existing - // thrown exception. Ugly, but requires less code change. - throw new NoSuchAlgorithmException("invalid key parameter spec"); - } pair = mEdKeyGenerator.generateKeyPair(); break; } diff --git a/src/main/java/com/verisignlabs/dnssec/security/DnsKeyConverter.java b/src/main/java/com/verisignlabs/dnssec/security/DnsKeyConverter.java index 7ceb4f2..e4eccd1 100644 --- a/src/main/java/com/verisignlabs/dnssec/security/DnsKeyConverter.java +++ b/src/main/java/com/verisignlabs/dnssec/security/DnsKeyConverter.java @@ -30,12 +30,16 @@ import java.security.interfaces.DSAPrivateKey; import java.security.interfaces.DSAPublicKey; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; +import java.security.interfaces.EdECPrivateKey; +import java.security.interfaces.EdECPublicKey; import java.security.interfaces.RSAPrivateCrtKey; import java.security.spec.DSAPrivateKeySpec; import java.security.spec.ECParameterSpec; import java.security.spec.ECPrivateKeySpec; +import java.security.spec.EdECPrivateKeySpec; import java.security.spec.InvalidKeySpecException; import java.security.spec.KeySpec; +import java.security.spec.NamedParameterSpec; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.RSAPrivateCrtKeySpec; import java.util.StringTokenizer; @@ -50,13 +54,6 @@ import org.xbill.DNS.DNSSEC.DNSSECException; import org.xbill.DNS.Name; import org.xbill.DNS.utils.base64; -import net.i2p.crypto.eddsa.EdDSAPrivateKey; -// For now, just import the native EdDSA classes -import net.i2p.crypto.eddsa.EdDSAPublicKey; -import net.i2p.crypto.eddsa.spec.EdDSAParameterSpec; -import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec; -import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec; - /** * This class handles conversions between JCA key formats and DNSSEC and BIND9 * key formats. @@ -87,7 +84,6 @@ public class DnsKeyConverter { // Because we have arbitrarily aliased algorithms, we need to possibly // translate the aliased algorithm back to the actual algorithm. - int originalAlgorithm = mAlgorithms.originalAlgorithm(pKeyRecord.getAlgorithm()); if (originalAlgorithm <= 0) @@ -101,16 +97,6 @@ public class DnsKeyConverter { pKeyRecord.getKey()); } - // do not rely on DNSJava's method for EdDSA for now. - if (mAlgorithms.baseType(originalAlgorithm) == DnsKeyAlgorithm.BaseAlgorithm.EDDSA) { - try { - return parseEdDSADNSKEYRecord(pKeyRecord); - } catch (InvalidKeySpecException e) { - // just to be expedient, recast this as a NoSuchAlgorithmException. - throw new NoSuchAlgorithmException(e.getMessage()); - } - } - try { // This uses DNSJava's DNSSEC.toPublicKey() method. return pKeyRecord.getPublicKey(); @@ -119,30 +105,12 @@ public class DnsKeyConverter { } } - /** - * Since we don't (yet) have support in DNSJava for parsing the - * newer EdDSA algorithms, here is a local version. - */ - private PublicKey parseEdDSADNSKEYRecord(DNSKEYRecord pKeyRecord) - throws IllegalArgumentException, NoSuchAlgorithmException, InvalidKeySpecException { - byte[] seed = pKeyRecord.getKey(); - - EdDSAPublicKeySpec spec = new EdDSAPublicKeySpec(seed, - mAlgorithms.getEdwardsCurveParams(pKeyRecord.getAlgorithm())); - - KeyFactory factory = KeyFactory.getInstance("EdDSA"); - return factory.generatePublic(spec); - } - /** * Given a JCA public key and the ancillary data, generate a DNSKEY record. */ public DNSKEYRecord generateDNSKEYRecord(Name name, int dclass, long ttl, int flags, int alg, PublicKey key) { try { - if (mAlgorithms.baseType(alg) == DnsKeyAlgorithm.BaseAlgorithm.EDDSA) { - return generateEdDSADNSKEYRecord(name, dclass, ttl, flags, alg, key); - } return new DNSKEYRecord(name, dclass, ttl, flags, DNSKEYRecord.Protocol.DNSSEC, alg, key); } catch (DNSSECException e) { @@ -152,13 +120,6 @@ public class DnsKeyConverter { } } - private DNSKEYRecord generateEdDSADNSKEYRecord(Name name, int dclass, long ttl, - int flags, int alg, PublicKey key) { - EdDSAPublicKey edKey = (EdDSAPublicKey) key; - byte[] keyData = edKey.getAbyte(); - return new DNSKEYRecord(name, dclass, ttl, flags, DNSKEYRecord.Protocol.DNSSEC, alg, - keyData); - } // Private Key Specific Parsing routines /** @@ -511,13 +472,13 @@ public class DnsKeyConverter { if (mEdKeyFactory == null) { mEdKeyFactory = KeyFactory.getInstance("EdDSA"); } - EdDSAParameterSpec edSpec = mAlgorithms.getEdwardsCurveParams(algorithm); - if (edSpec == null) { + NamedParameterSpec namedSpec = mAlgorithms.getEdwardsCurveSpec(algorithm); + if (namedSpec == null) { throw new NoSuchAlgorithmException("DNSSEC algorithm " + algorithm + " is not a recognized Edwards Curve algorithm"); } - KeySpec spec = new EdDSAPrivateKeySpec(seed, edSpec); + EdECPrivateKeySpec spec = new EdECPrivateKeySpec(namedSpec, seed); try { return mEdKeyFactory.generatePrivate(spec); @@ -540,8 +501,8 @@ public class DnsKeyConverter { return generatePrivateDH((DHPrivateKey) priv, (DHPublicKey) pub, alg); } else if (priv instanceof ECPrivateKey && pub instanceof ECPublicKey) { return generatePrivateEC((ECPrivateKey) priv, (ECPublicKey) pub, alg); - } else if (priv instanceof EdDSAPrivateKey && pub instanceof EdDSAPublicKey) { - return generatePrivateED((EdDSAPrivateKey) priv, (EdDSAPublicKey) pub, alg); + } else if (priv instanceof EdECPrivateKey && pub instanceof EdECPublicKey) { + return generatePrivateED((EdECPrivateKey) priv, (EdECPublicKey) pub, alg); } return null; @@ -663,7 +624,7 @@ public class DnsKeyConverter { * Given an edwards curve key pair, and the actual algorithm (which will * describe the curve used), return the BIND9-style text encoding. */ - private String generatePrivateED(EdDSAPrivateKey priv, EdDSAPublicKey pub, int alg) { + private String generatePrivateED(EdECPrivateKey priv, EdECPublicKey pub, int alg) { StringWriter sw = new StringWriter(); PrintWriter out = new PrintWriter(sw); @@ -671,7 +632,8 @@ public class DnsKeyConverter { out.println("Algorithm: " + alg + " (" + mAlgorithms.algToString(alg) + ")"); out.print("PrivateKey: "); - out.println(base64.toString(priv.getSeed())); + byte[] keyBytes = priv.getBytes().orElse("null".getBytes()); + out.println(base64.toString(keyBytes)); return sw.toString(); }